Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-62939

User profile description improperly treated as PARAM_CLEANHTML

    XMLWordPrintable

    Details

      Description

      The field description in user profiles has the type set to PARAM_CLEANHTML. That is wrong as that type should be used (if ever) for places that support plain or hyper text, nothing more. As description is a general rich text in any format (Markdown included), it must be treated as PARAM_RAW.

      Steps to reproduce

      1. Select plain text area as your preferred editor
      2. Edit your profile
      3. Choose Markdown as the format of the description field as type a text using markdown blackquote syntax as your description:

        My favourite quote reads:
         
        > Don't Believe Everything You Read On The Internet -- Thomas Jefferson
        

      • Expected behaviour: As this is Markdown text, the blockquote character > is stored as such in the database and the text is displayed as blockquote.
      • Actual behaviour: The character is escaped before writing to the database so that it is stored as HTML entity > and the Markdown syntax is lost.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mudrd8mz David Mudrák (@mudrd8mz)
              Reporter:
              mudrd8mz David Mudrák (@mudrd8mz)
              Peer reviewer:
              Amaia Anabitarte
              Integrator:
              Jun Pataleta
              Tester:
              Anna Carissa Sadia
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                10/Sep/18

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 30 minutes
                  30m