MBS-10672: Fix AI chat HTML code output with XSS protection#124
Open
MBS-10672: Fix AI chat HTML code output with XSS protection#124
Conversation
Barbuia
force-pushed
the
MBS-10672-Fix_AI_chat_HTML_code_output
branch
4 times, most recently
from
ed1120d to
c2f9fa5
Compare
PhMemmel
requested changes
Mar 26, 2026
Barbuia
force-pushed
the
MBS-10672-Fix_AI_chat_HTML_code_output
branch
from
50467cc to
5ed8faf
Compare
PhMemmel
requested changes
Mar 27, 2026
Barbuia
force-pushed
the
MBS-10672-Fix_AI_chat_HTML_code_output
branch
3 times, most recently
from
e0c9f2f to
bea93d3
Compare
PhMemmel
requested changes
Mar 27, 2026
- Replace purify_html() with format_text(FORMAT_MOODLE) for proper sanitization - Refactor tests to use data providers instead of individual test methods - Remove unnecessary resetAfterTest() calls (no DB/cache changes) - Use single quotes and PHP_EOL for string concatenation - Add assertions for <pre> and <code> tags in code block tests - Include <script> tags in JavaScript test input for proper XSS testing
Co-authored-by: PhMemmel <65113153+PhMemmel@users.noreply.github.com>
- Add format_text() for label and explanation fields in format_output() - Preserve newValue unchanged for form field injection - Refactor test structure with setUp() method - Add comprehensive unit tests with data providers: - Label/explanation Markdown formatting - newValue preservation (HTML, scripts, code) - chatoutput intro/outro formatting - Invalid input handling - Missing fields handling - Security: script tag sanitization in chatoutput
PhMemmel
force-pushed
the
MBS-10672-Fix_AI_chat_HTML_code_output
branch
from
2aff8a3 to
e5586bf
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.