Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-32316

In Feedback. Item type 'label' does not honor 'trusted text' ($CFG->enabletrusttext)

XMLWordPrintable

    • MOODLE_22_STABLE
    • MOODLE_21_STABLE, MOODLE_22_STABLE
    • MDL-32316_master_wip
    • Hide
      1. enable trusted text
      2. create a feedback instance
      3. create a new label item and use text what is cleaned by default such like javascript or so.

      The javascript should be executed while printing the label.
      If the trusted text is not enabled so the script should be filtered.

      Show
      enable trusted text create a feedback instance create a new label item and use text what is cleaned by default such like javascript or so. The javascript should be executed while printing the label. If the trusted text is not enabled so the script should be filtered.

      In the edit form for the label feedback item (mod/feedback/item/label/label_form.php). The type for the html editor form element is set to PARAM_CLEANHTML. This is wrong. It should be PARAM_RAW. The cleaning of the html editor text is all done in the html editor libraries.

      As it stands, it breaks the $CFG->enabletrusttext setting - setting that doesn't do anything in this case.

      Additionally, at the end of the print_item() function in mod/feedback/item/label/lib.php the echo format_text(..) line is now wrong. I think it should read

      echo format_text($output, FORMAT_HTML, array('overflowdiv'=>true, 'trusted'=>$CFG->enabletrusttext ));

            grabs Andreas Grabs
            howardsmiller Howard Miller
            Sam Hemelryk Sam Hemelryk
            Rossiani Wijaya Rossiani Wijaya
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.