From ca6477c5acdbda860b86fdec596cab1fb425fd30 Mon Sep 17 00:00:00 2001
From: thepurpleblob <thepurpleblob>
Date: Mon, 13 Dec 2004 11:37:45 +0000
Subject: [PATCH] Can now export HTML - dangerous characters are converted to
 entities.

---
 mod/quiz/format/xml/format.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/mod/quiz/format/xml/format.php b/mod/quiz/format/xml/format.php
index 012b2dc457..ec57e6f942 100755
--- a/mod/quiz/format/xml/format.php
+++ b/mod/quiz/format/xml/format.php
@@ -134,9 +134,8 @@ function get_qtype( $type_id ) {
 function writetext( $raw ) {
     // generates <text></text> tags, processing raw text therein 
 
-    // for now, don't allow any additional tags in text 
-    // otherwise xml rules would probably get broken
-    $raw = strip_tags( $raw );
+    // encode the text to 'disguise' HTML content 
+    $raw = htmlspecialchars( $raw );
 
     return "<text>$raw</text>\n";
 }
-- 
2.39.5