Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58923

Autocomplete form element does not escape string when adding to the list of tags for the editing user

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Minor Minor
    • None
    • 3.2.3
    • Forms Library, Tags
    • MOODLE_32_STABLE

      On Interests - "List of interests", if you enter a tag, for exxample "<script>alert(1);</script>", the script will run for the current user.

      edited: text is cleaned by the backend and scripts are never displayed for other users or during editing.

            Unassigned Unassigned
            shirai Tatsuya Shirai
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.