Syllabus does not remove bad tags after first post
GENERAL
TESTING
GENERAL
TESTING
Description
1) Login as instructor go to course go to Syllabus
2) Post evil HTML: <p evil="true">test</p>
3) Click Post
Here is error:
Error: The p tag contained an attribute that we could not process. The evil attribute has been filtered out, but the tag is still in place. The value of the attribute was "true".
But this is not true.... the evil attribute has not been filtered out. The syllabus tool is not replacing the user-entered HTML with the cleaned HTML. It is forcing the user to manually clean the HTML before proceeding. Every other tool in Sakai replaces the user-entered HTML with cleaned HTML.
1) Login as instructor go to course go to Syllabus
2) Post evil HTML: <p evil="true">test</p>
3) Click Post
Here is error:
Error: The p tag contained an attribute that we could not process. The evil attribute has been filtered out, but the tag is still in place. The value of the attribute was "true".
But this is not true.... the evil attribute has not been filtered out. The syllabus tool is not replacing the user-entered HTML with the cleaned HTML. It is forcing the user to manually clean the HTML before proceeding. Every other tool in Sakai replaces the user-entered HTML with cleaned HTML.