Uploaded image for project: 'Moodle app'
  1. Moodle app
  2. MOBILE-1176

Remove SCRIPT tags in content passed to mmFormatText

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Cannot Reproduce
    • Affects Version/s: 2.3
    • Fix Version/s: 2.3
    • Component/s: Libraries, Security
    • Labels:
    • Affected Branches:
      MOODLE_23_STABLE
    • Fixed Branches:
      MOODLE_23_STABLE

      Description

      As we are compiling mmFormatText content we are also executing the Javascript that was added there. As this can have very random results on the user experience, or even security concerns, my guess is that we should remove, at the very least, the SCRIPT tags.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              fred Frédéric Massart
              Participants:
              Component watchers:
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                8/Oct/15