← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #02254

[Bug 687597] [NEW] Make sure that Mahara does not trust the portfolio content exported from Moodle

  Thread PreviousDate PreviousThread Next 
Public bug reported:

As tracked in http://tracker.moodle.org/browse/MDL-25619, Moodle 2.0
does not clean output HTML when exporting content to a remote portfolio.
>From Moodle point of view, the portfolio system is responsible for the
input sanitization regardless the source. Please make sure that you
handle the data exported from Moodle correctly - it may contain
malicious content, nasty Javascript etc.

** Affects: mahara
     Importance: Undecided
         Status: New


** Tags: moodle

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/687597

Title:
  Make sure that Mahara does not trust the portfolio content exported from Moodle

Status in Mahara ePortfolio:
  New

Bug description:
  As tracked in http://tracker.moodle.org/browse/MDL-25619, Moodle 2.0 does not clean output HTML when exporting content to a remote portfolio. From Moodle point of view, the portfolio system is responsible for the input sanitization regardless the source. Please make sure that you handle the data exported from Moodle correctly - it may contain malicious content, nasty Javascript etc.

Follow ups

References

  Thread PreviousDate PreviousThread Next