mahara-contributors team mailing list archive

Thread
Date

[Bug 687597] Re: Make sure that Mahara does not trust the portfolio content exported from Moodle

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: François Marier <francois@xxxxxxxxxx>
Date: Tue, 14 Jun 2011 03:58:37 -0000
Reply-to: Bug 687597 <687597@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: mahara
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/687597

Title:
  Make sure that Mahara does not trust the portfolio content exported
  from Moodle

Status in Mahara ePortfolio:
  Fix Released

Bug description:
  As tracked in http://tracker.moodle.org/browse/MDL-25619, Moodle 2.0
  does not clean output HTML when exporting content to a remote
  portfolio. From Moodle point of view, the portfolio system is
  responsible for the input sanitization regardless the source. Please
  make sure that you handle the data exported from Moodle correctly - it
  may contain malicious content, nasty Javascript etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/687597/+subscriptions

References

[Bug 687597] [NEW] Make sure that Mahara does not trust the portfolio content exported from Moodle
From: David Mudrák, 2010-12-08