Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-62939

User profile description improperly treated as PARAM_CLEANHTML

    XMLWordPrintable

    Details

      Description

      The field description in user profiles has the type set to PARAM_CLEANHTML. That is wrong as that type should be used (if ever) for places that support plain or hyper text, nothing more. As description is a general rich text in any format (Markdown included), it must be treated as PARAM_RAW.

      Steps to reproduce

      1. Select plain text area as your preferred editor
      2. Edit your profile
      3. Choose Markdown as the format of the description field as type a text using markdown blackquote syntax as your description:

        My favourite quote reads:
         
        > Don't Believe Everything You Read On The Internet -- Thomas Jefferson
        

      • Expected behaviour: As this is Markdown text, the blockquote character > is stored as such in the database and the text is displayed as blockquote.
      • Actual behaviour: The character is escaped before writing to the database so that it is stored as HTML entity > and the Markdown syntax is lost.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  10/Sep/18

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 30 minutes
                  30m