Allow <IMG> tags in Moodle format text. Not having it can really mess
up smileys etc if the text has been edited at any stage using the
richtext editor.
I realise it's possible for students to really mess up forums display
etc if they wanted to include a huge picture ... I'm not sure if there
are any cross-site scripting attacks possible with images in there.
But there is also now the HTML format for most things, which is editable
using an ordinary form, so this problem is currently already exposed.
I think it's OK as long as can find a filter to strip all javascript
out of ANY format text in Moodle.
projects / moodle.git / commit