Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-74766

Atto cleanup not applied if the form is submitted in HTML source mode

XMLWordPrintable

    • MOODLE_311_STABLE, MOODLE_400_STABLE
    • MOODLE_311_STABLE, MOODLE_400_STABLE
    • MDL-74766-master
    • Hide
      1. Login as admin.
      2. Open the User profile menu.
      3. Click on Preferences.
      4. Click the Edit profile link.
      5. Click on the "Show more buttons" button in the Atto editor toolbar of the Description.
      6. Click on the "HTML" button.
      7. Delete all the content inside the editor.
      8. Press update profile.
      9. Open the User profile menu > Profile.
      10. Verify that you will not see an element with a class name called "description".
      11. Click the Edit profile link.
      12. Verify that the content of the Description is empty.
      Show
      Login as admin. Open the User profile menu. Click on Preferences. Click the Edit profile link. Click on the "Show more buttons" button in the Atto editor toolbar of the Description. Click on the "HTML" button. Delete all the content inside the editor. Press update profile. Open the User profile menu > Profile. Verify that you will not see an element with a class name called "description". Click the Edit profile link. Verify that the content of the Description is empty.

      Steps to reproduce:

      1. Go to any form using Atto, where that editor is not a required field (e.g. description field at https://qa.moodledemo.net/course/modedit.php?add=page&type=&course=2&section=0)
      2. (Fill in any other required fields in the forum.)
      3. Open browser developer tools, and swtich to the network tab.
      4. Switch the Description Atto editor to 'HTML source' view.
      5. (You should see that the editor contains the standard blank content <p dir="ltr" style="text-align: left;"><br></p>.)
      6. Submit the form, and look at the POST request that was sent to the server.

      Expected result:

      If you miss out step 4, and submit the form with the editor in WYSIWYG mode, then the behaviour is correct. The content of the editor is submitted as an empty string:

      This is because of the clean-up code which uses these values https://github.com/moodle/moodle/blob/1a744030d639f93f2a147d40f0a38572fa0f846d/lib/editor/atto/yui/src/editor/js/clean.js#L57.

      Actual result:

      In HTML source mode, the clean-up is not applied and junk HTML is submitted in the POST request.

      Related to this, if you try similar experimentation with required Atto form fields (e.g. Page content in the form linked to above) then you will find that the client-side vaidation of required fields is never triggered with the editor in HTML source view. This should also be fixed but this issue will be enhanced in another ticket.

        1. 10_MDL-74766_master.png
          10_MDL-74766_master.png
          223 kB
        2. 10_MDL-74766_v311.png
          10_MDL-74766_v311.png
          226 kB
        3. 10_MDL-74766_v400.png
          10_MDL-74766_v400.png
          216 kB
        4. 12_MDL-74766_master.png
          12_MDL-74766_master.png
          11 kB
        5. 12_MDL-74766_v311.png
          12_MDL-74766_v311.png
          10 kB
        6. 12_MDL-74766_v400.png
          12_MDL-74766_v400.png
          11 kB
        7. issue 2 client validation in htlm mode.mp4
          706 kB

            jbthong Thong Bui
            timhunt Tim Hunt
            Huong Nguyen Huong Nguyen
            Jake Dallimore Jake Dallimore
            John Edward Pedregosa John Edward Pedregosa
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 3 hours, 51 minutes
                1d 3h 51m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.