Can now export HTML - dangerous characters are converted to entities.

author thepurpleblob <thepurpleblob>

Mon, 13 Dec 2004 11:37:45 +0000 (11:37 +0000)

committer thepurpleblob <thepurpleblob>

Mon, 13 Dec 2004 11:37:45 +0000 (11:37 +0000)
author thepurpleblob <thepurpleblob>
Mon, 13 Dec 2004 11:37:45 +0000 (11:37 +0000)
committer thepurpleblob <thepurpleblob>
Mon, 13 Dec 2004 11:37:45 +0000 (11:37 +0000)
diff --git a/mod/quiz/format/xml/format.php b/mod/quiz/format/xml/format.php

index 012b2dc4571254db8ff54e39507164bac6ecdb54..ec57e6f942c78f78fb190b8a760d61eb21b4af4c 100755 (executable)
--- a/mod/quiz/format/xml/format.php
+++ b/mod/quiz/format/xml/format.php
@@ -134,9 +134,8 @@ function get_qtype( $type_id ) {
  function writetext( $raw ) {
      // generates <text></text> tags, processing raw text therein 
  
-    // for now, don't allow any additional tags in text 
-    // otherwise xml rules would probably get broken
-    $raw = strip_tags( $raw );
+    // encode the text to 'disguise' HTML content 
+    $raw = htmlspecialchars( $raw );
  
      return "<text>$raw</text>\n";
  }
author	thepurpleblob <thepurpleblob>
	Mon, 13 Dec 2004 11:37:45 +0000 (11:37 +0000)
committer	thepurpleblob <thepurpleblob>
	Mon, 13 Dec 2004 11:37:45 +0000 (11:37 +0000)