-
New Feature
-
Resolution: Duplicate
-
Minor
-
None
-
4.1.10
-
None
-
MOODLE_401_STABLE
Hi all,
a recent update to the MathJax filter code linked to this security issue fix on stored XSS leads to disfunctioning JavaScript code placed in Moodle. JS is handy to enrich the possibilities in STACK quiz questions.
For example if you have this JS code and a MathJax formula on one page:
<script type="text/javascript"> |
function updateDynamicInputfields(ursprung, ziel) {
|
document.querySelector("#" + ziel + ">input").value = "[" + Array.from(document.querySelectorAll("input[id^=" + ursprung + "]")).map(elem => elem.value || '').filter(Boolean).toString() + "]"; |
};
|
|
|
</script>
|
|
|
\(G_{2}\) |
it will alter the JS code into:
function updateDynamicInputfields(ursprung, ziel) {
|
document.querySelector("#" + ziel + ">input").value = "[" + Array.from(document.querySelectorAll("input[id^=" + ursprung + "]")).map(elem => elem.value || '').filter(Boolean).toString() + "]"; |
};
|
by replacing all > sign with > This raises the error of an unexpected & sign in the developer console.
Loading the code via <script src="xy.js"></script> still works fine.
It would be great if one can use small JS code snippets without trying to avoid > or < signs in {} curly brackets in future again and use the MathJax filter at the same time without opening the tackeld security issue again.
- duplicates
-
MDL-81925 MathJax filter update effects java script code
-
- Waiting for integration review
-