Permalink
Browse files

MDL-37015 Resource: link in onclick should not contain html special char

  • Loading branch information...
1 parent 4c7e6ea commit a1ccc146ac16cbf87cd82b9f0a41e4196d425652 Rajesh Taneja committed Dec 11, 2012
Showing with 4 additions and 3 deletions.
  1. +3 −2 course/lib.php
  2. +1 −1 lib/navigationlib.php
View
@@ -1516,8 +1516,9 @@ function print_section($course, $section, $mods, $modnamesused, $absolute=false,
$textcss = '';
}
- // Get on-click attribute value if specified
- $onclick = $mod->get_on_click();
+ // Get on-click attribute value if specified and decode the onclick - it
+ // has already been encoded for display (puke).
+ $onclick = htmlspecialchars_decode($mod->get_on_click(), ENT_QUOTES);
$groupinglabel = '';
if (!empty($mod->groupingid) && has_capability('moodle/course:managegroups', context_course::instance($course->id))) {
View
@@ -1922,7 +1922,7 @@ protected function load_section_activities(navigation_node $sectionnode, $sectio
$propogrationhandler = 'e.halt();';
}
// Decode the onclick - it has already been encoded for display (puke)
- $onclick = htmlspecialchars_decode($activity->onclick);
+ $onclick = htmlspecialchars_decode($activity->onclick, ENT_QUOTES);
// Build the JS function the click event will call
$jscode = "function {$functionname}(e) { $propogrationhandler $onclick }";
$this->page->requires->js_init_code($jscode);

0 comments on commit a1ccc14

Please sign in to comment.