-
Bug
-
Resolution: Fixed
-
Minor
-
3.9.3, 3.10
-
MOODLE_310_STABLE, MOODLE_39_STABLE
-
MOODLE_310_STABLE, MOODLE_39_STABLE
-
This is similar to MDL-70320. Our sharp eyed testers spotted that it did not just happen in the visible text, but also in some of the tool tips.
To reproduce:
- Go to https://qa.moodledemo.net/course/edit.php?id=2 and use Role renaming to change some role names to contain HTML special chars like & < and >.
- Go to https://qa.moodledemo.net/admin/roles/permissions.php?contextid=25.
- Hover your mouse over the Delete icons.
Expected result: tool tip says "Delete Reader & Learner role"
Actual result: tool tip says "Delete Reader & amp;amp; Learner role"
HTML source of the icon is:
<i class="icon fa fa-trash fa-fw " title="Delete Reader & amp;amp;amp; Learner role" aria-label="Delete Reader &amp; Learner role"></i>
So, this is being excaped twice more than required!
(Grrr! extra spaced added to stop Jira messing with the entities.)
- Discovered while testing
-
MDL-70320 Incorrect HTML escaping on the override permissions screen
- Closed