Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-79256

Do not autoclean content for textarea custom field

XMLWordPrintable

    • MOODLE_402_STABLE
    • MOODLE_404_STABLE
    • Hide
      1. Log in as admin
      2. Navigate to Security > Site security settings in site administration
      3. Turn on Enable trusted content and save
      4. Create a new user (manager)
      5. Navigate to Users > Permissions > Assign system roles in site administration
      6. Add new user to the Manager role
      7. Navigate to Users > Permissions > Define roles in site administration
      8. Edit the Manager role
      9. Remove the moodle/site:trustcontent capability and save
      10. Navigate to Users > Accounts > Cohort custom fields in site administration
      11. Add a new category (if none exists)
      12. Add a new Text area custom field
        • Name: Test
        • Shortname: test
      13. Navigate to Users > Accounts > Cohorts in site administration
      14. Add a new cohort:
        • Name: First
        • Test (insert via source code view):

          <p>
          Text with iframe tag
          <iframe src="https://moodle.org/"></iframe>
          </p>
          

      15. Log out
      16. Log in as test user (manager)
      17. Navigate to Users > Accounts > Cohorts in site administration
      18. Add a new cohort:
        • Name: Second
        • Test (insert via source code view):

          <p>
          Text with iframe tag
          <iframe src="https://moodle.org/"></iframe>
          </p>
          

      19. Log out
      20. Log in as admin
      21. Navigate to Reports from user menu
      22. Create a new report from Cohorts report source
        • Include default setup: Yes
      23. In report editor add hte Cohort > Test column
      24. Confirm that cohort First shows the original Test content (including iframe)
      25. Confirm that cohort Second shows the cleaned Test content (excluding iframe)
      26. Navigate to Security > Site security settings in site administration
      27. Turn off Enable trusted content and save
      28. Re-visit your cohorts custom report
      29. Confirm that both cohorts now show the cleaned Test content
      Show
      Log in as admin Navigate to Security > Site security settings in site administration Turn on Enable trusted content and save Create a new user ( manager ) Navigate to Users > Permissions > Assign system roles in site administration Add new user to the Manager role Navigate to Users > Permissions > Define roles in site administration Edit the Manager role Remove the moodle/site:trustcontent capability and save Navigate to Users > Accounts > Cohort custom fields in site administration Add a new category (if none exists) Add a new Text area custom field Name: Test Shortname: test Navigate to Users > Accounts > Cohorts in site administration Add a new cohort: Name: First Test ( insert via source code view ): <p> Text with iframe tag <iframe src="https://moodle.org/"></iframe> </p> Log out Log in as test user ( manager ) Navigate to Users > Accounts > Cohorts in site administration Add a new cohort: Name: Second Test ( insert via source code view ): <p> Text with iframe tag <iframe src="https://moodle.org/"></iframe> </p> Log out Log in as admin Navigate to Reports from user menu Create a new report from Cohorts report source Include default setup: Yes In report editor add hte Cohort > Test column Confirm that cohort First shows the original Test content (including iframe) Confirm that cohort Second shows the cleaned Test content (excluding iframe) Navigate to Security > Site security settings in site administration Turn off Enable trusted content and save Re-visit your cohorts custom report Confirm that both cohorts now show the cleaned Test content

      Currently, we can't use some tags in the text area for custom field, like iframe.

      The text area custom field is part of core custom field API.

      It's just an additional functionality for the field, and the custom field should be managed by admins/teachers, so it's good to add 'noclean' option for the textarea.

            pholden Paul Holden
            tomotsuyuki Tomo Tsuyuki
            Tomo Tsuyuki Tomo Tsuyuki
            Ilya Tregubov Ilya Tregubov
            Kim Jared Lucas Kim Jared Lucas
            Votes:
            0 Vote for this issue
            Watchers:
            15 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 4 hours, 36 minutes
                4h 36m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.