Apply suggestion from @PhMemmel

Barbuia · PhMemmel · web-flow · commit cf750c43e4cc · 2026-03-27T07:26:01.000+01:00
Co-authored-by: PhMemmel &lt;65113153+PhMemmel@users.noreply.github.com&gt;
diff --git a/classes/base_purpose.php b/classes/base_purpose.php
@@ -180,8 +180,9 @@ public function format_output(string $output): string {
         // It uses MarkdownExtra which already escapes HTML inside code blocks by default.
         $html = markdown_to_html($output);
 
-        // Final security layer: sanitize HTML while preserving markdown-generated structure.
-        // This prevents XSS from raw HTML that the LLM might return outside of code blocks.
+        // Finally apply moodle output function for both sanitizing and other moodle specific formatting.
+        // Previously converted markdown-generated structure is being preserved.
+        // This prevents XSS from raw HTML that the LLM might return.
         return format_text($html, FORMAT_MOODLE, ['filter' => false, 'newlines' => false]);
     }
 
