You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Started to utilise this plugin on a Totara 15 instance and noticed the time based factor's form didn't display a few elements as expected. After a quick look I'm fairly certain that changes in Totara's codebase namely the following from lib/upgrade.txt (introduced under 13):
* Static fields in legacy forms are now automatically sanitised to prevent XSS,
if necessary plugins that require unsafe or malformed HTML markup in static fields
need to be updated to use $field->set_allow_xss(true).
Hacking on the form to use set_allow_xss works (didn't care for input sanity) but I'm not sure what the advantage of using static over html is. Is it mostly to allow the field to render like a quickform element with a label?
Is this something that you'd accept a PR for? If so how do you guys usually handle breaking changes to Totara APIs do you use conditionals based on something like isset($CFG->totara_build), file_exists('/server') or git branching etc?
Thanks for the amazing work on this plugin :)
The text was updated successfully, but these errors were encountered:
Sort of a duplicate of #339.
Started to utilise this plugin on a Totara 15 instance and noticed the time based factor's form didn't display a few elements as expected. After a quick look I'm fairly certain that changes in Totara's codebase namely the following from
lib/upgrade.txt(introduced under 13):* Static fields in legacy forms are now automatically sanitised to prevent XSS, if necessary plugins that require unsafe or malformed HTML markup in static fields need to be updated to use $field->set_allow_xss(true).Hacking on the form to use
set_allow_xssworks (didn't care for input sanity) but I'm not sure what the advantage of usingstaticoverhtmlis. Is it mostly to allow the field to render like a quickform element with a label?Is this something that you'd accept a PR for? If so how do you guys usually handle breaking changes to Totara APIs do you use conditionals based on something like
isset($CFG->totara_build),file_exists('/server')or git branching etc?Thanks for the amazing work on this plugin :)
The text was updated successfully, but these errors were encountered: