Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-70476

Incorrect role name HTML escaping in permissions screen tool tips

XMLWordPrintable

    • MOODLE_310_STABLE, MOODLE_39_STABLE
    • MOODLE_310_STABLE, MOODLE_39_STABLE
    • Hide
      1. Go to a course, and rename some roles to include HTML special characters like & - for example
        • Studyer & learner
        • Teacher < editor
        • Teacher >= editor
      2. Go to Course settings -> Users -> Permissions.
      3. Mouse-over the delete icon next to the renamed role name.
      4. Verify that the role name is shown correctly in the tool-tip (no spurious escaping.)
      Show
      Go to a course, and rename some roles to include HTML special characters like & - for example Studyer & learner Teacher < editor Teacher >= editor Go to Course settings -> Users -> Permissions. Mouse-over the delete icon next to the renamed role name. Verify that the role name is shown correctly in the tool-tip (no spurious escaping.)

      This is similar to MDL-70320. Our sharp eyed testers spotted that it did not just happen in the visible text, but also in some of the tool tips.

      To reproduce:

      1. Go to https://qa.moodledemo.net/course/edit.php?id=2 and use Role renaming to change some role names to contain HTML special chars like & < and >.
      2. Go to https://qa.moodledemo.net/admin/roles/permissions.php?contextid=25.
      3. Hover your mouse over the Delete icons.

      Expected result: tool tip says "Delete Reader & Learner role"

      Actual result: tool tip says "Delete Reader & amp;amp; Learner role"

      HTML source of the icon is:
      <i class="icon fa fa-trash fa-fw " title="Delete Reader & amp;amp;amp; Learner role" aria-label="Delete Reader &amp;amp; Learner role"></i>

      So, this is being excaped twice more than required!

      (Grrr! extra spaced added to stop Jira messing with the entities.)

            timhunt Tim Hunt
            timhunt Tim Hunt
            David Mudrák (@mudrd8mz) David Mudrák (@mudrd8mz)
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Gladys Basiana Gladys Basiana
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 12 minutes
                1h 12m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.