From: thepurpleblob <thepurpleblob>
Date: Mon, 13 Dec 2004 11:37:45 +0000 (+0000)
Subject: Can now export HTML - dangerous characters are converted to entities.
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=ca6477c5acdbda860b86fdec596cab1fb425fd30;p=moodle.git

Can now export HTML - dangerous characters are converted to entities.
---

diff --git a/mod/quiz/format/xml/format.php b/mod/quiz/format/xml/format.php
index 012b2dc457..ec57e6f942 100755
--- a/mod/quiz/format/xml/format.php
+++ b/mod/quiz/format/xml/format.php
@@ -134,9 +134,8 @@ function get_qtype( $type_id ) {
 function writetext( $raw ) {
     // generates <text></text> tags, processing raw text therein 
 
-    // for now, don't allow any additional tags in text 
-    // otherwise xml rules would probably get broken
-    $raw = strip_tags( $raw );
+    // encode the text to 'disguise' HTML content 
+    $raw = htmlspecialchars( $raw );
 
     return "<text>$raw</text>\n";
 }