Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-67336

Forum inline reply option is applying filters before saving content in the DB

XMLWordPrintable

    • MOODLE_38_STABLE
    • MOODLE_37_STABLE, MOODLE_38_STABLE
    • MDL-67336-master
    • Hide
      1. As admin go to "Site administration > Plugins > Manage filters"
      2. Set "Convert URLs into links and images" to "On"
        Set "Multimedia plugins" to "On"
      3. Move "Convert URLs into links and images" above "Multimedia plugins"
      4. Change "Convert URLs into links and images" filter settings adding marking "HTML format" and "Moodle auto-format" in "Apply to formats" options.
      5. Go to a forum post
      6. Click on "Reply"
      7. Add 'Youtube video: https://www.youtube.com/watch?v=3ORsUGVNxGs' content to the reply field
      8. Check youtube video is showing in the new post
      9. Check content stored in the DB is: '<div class="text_to_html">Youtube video: https://www.youtube.com/watch?v=3ORsUGVNxGs</div>'
      Show
      As admin go to "Site administration > Plugins > Manage filters" Set "Convert URLs into links and images" to "On" Set "Multimedia plugins" to "On" Move "Convert URLs into links and images" above "Multimedia plugins" Change "Convert URLs into links and images" filter settings adding marking "HTML format" and "Moodle auto-format" in "Apply to formats" options. Go to a forum post Click on "Reply" Add 'Youtube video: https://www.youtube.com/watch?v=3ORsUGVNxGs ' content to the reply field Check youtube video is showing in the new post Check content stored in the DB is: '<div class="text_to_html">Youtube video: https://www.youtube.com/watch?v=3ORsUGVNxGs </div>'

      Forum inline reply is not saving content in the DB as it is in the editor, is applying filters before saving it in the DB.

      So, for example, if 'Display H5P' filter is enabled in the site and somebody adds H5P content (URL) in an inline reply, the filter is applied and an <iframe src='...'></iframe> is saved in the DB. When the reply is display, an if trustedcontent is not activated, that 'iframe' tag is removed, so H5P content is not rendered.

      Steps to reproduce:

      <div class="text_to_html">H5P: <iframe src="https://h5p.org/h5p/embed/576651" class="h5p-iframe" name="h5pcontent" style="height:230px; width: 100%; border: 0;" allowfullscreen="allowfullscreen"></iframe><script src="http://localhost/moodle/master/lib/h5p/js/h5p-resizer.js"></script></div>

        1. MDL-67336.jpg
          MDL-67336.jpg
          33 kB

            mikelmartíncorrales Mikel Martín Corrales
            amaia Amaia Anabitarte
            Amaia Anabitarte Amaia Anabitarte
            Jake Dallimore Jake Dallimore
            Anna Carissa Sadia Anna Carissa Sadia
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 1 hour, 21 minutes
                1d 1h 21m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.