Hello,

Some characters are "cleaned up" when submitted as answers in the Feedback activity.
I see there are some issues related to this, like MDL-62307 (for &, < and >) or MDL-77834.
Some teachers use Feedback to evaluate students about code skills. We can discuss this usage but why not, after all : Feedback is simplier to use and to prepare than Quiz.
My questions are : 

• For security reasons or others criteria, is this yet necessary to apply theses filters ?
• Is there another way to prevent code interpretation which don't alter the answers ?
  (even if Feedback can be used in front page for guests)

Our real life case is for evaluate students about R software (statistics). "<-" and all strings after it are deleted and lost for the teacher.

Testing instructions :

CASE 1 : "<-" large filtering

1. Log as a teacher.
2. Create a course and enroll a student, said Bob.
3. In the course, create a feedback activity with a "long text answer" question type.
4. Log as the student Bob.
5. Enter the feedback activity and submit an answer containing "some text <- some other text". e.g : 
   "My cat is grey.
   Yesterday i met im in <- the street.
   It was raining."
   Note there is no warning for the student at this point. No reason for him to worry about some protections.
6. As the teacher, enter the feedback activity and go to "Responses" tab to view the Bob's answer.
   Expected result : the answer is fully stored and available to the teacher.
   Actual result : "<-" and all characters following the combination, even in other lines, is lost. 
   With the example text, you should see : "My cat is grey. Yesterday i met im in" (only).
7. At top of the page, click "Download" to obtain a csv containing all answers.
8. Check the Bob's answer in the table.
   Expected result : the answer is fully stored and available to the teacher.
   Actual result : "<-" and all characters following the combination, even in other lines, is lost. 
   With the example text, you should see : "My cat is grey. Yesterday i met im in" (only).

NB. In fact, in debug mode, we saw that the filter is on arrival at the server, when responses are recorded. So in the database, the full answers are not recorded. 
It seems the problem come from the "PARAM_NOTAGS" type of the forms.

case PARAM_NOTAGS:
            // Strip all tags.
            $param = fix_utf8($param);
            return strip_tags((string)$param);

Warning

Because strip_tags() does not actually validate the HTML, partial or broken tags can result in the removal of more text/data than expected.

CASE 2 : "<" and "-" allowed

1. Repeat steps 1. to 4. of CASE 1.
2. Enter the feedback activity and submit an answer containing "some text < some other text - yet some other text".
   e.g.
   "This horse is wild but < than George's.
   wild but - than G's
   yes"
3. As the teacher, enter the feedback activity and go to "Responses" tab to view the Bob's answer.
4. At top of the page, click "Download" to obtain a csv containing all answers.
5. Check the Bob's answer in the table.
   Expected result = Actual result : in the two situations (view or download), the full answer of Bob is stored (OK).

CASE 3 : "<-" in quiz activity

1. Log as a teacher.
2. Create a course and enroll a student, said Bob.
3. In the course, create a quiz activity with a "Short answer", a "Numerical" and a "Essay" questions types.
4. Log as the student Bob.
5. Enter the quiz activity and, for the 3 questions, submit an answer containing "some text <- some other text".
6. As the teacher, enter the quiz activity and go to "Results" tab to view the Bob's answer.
   Expected result = Actual result : for the 3 types of questions, the full answer of Bob is stored. (OK)

NB. For the Essay question, there is no difference whether the answers are entered in "wisiwyg" mode nor in plain text.

What's your thoughts ?
Regards