mirror of
https://github.com/moodle/moodle.git
synced 2025-08-08 02:16:41 +02:00
7ba7920aa8
The format_string() function does half html escaping. It escapes < and >
characters, but does not escape ". Therefore, it put us in a situation
where neither {{}}, nor {{{}}} are suitable in templates. If we use {{}}
for an attribute (like title or aria-label), then < and > characters
will be double escaped. On the other hand, if we use {{{}}} there, a
double quote character will break HTML when it is used in an attribute.
Therefore, neither {{}}, nore {{{}}} are usable in html attributes.
Moreover, The title attribute here was redundant because it had the same
value as the link's text.
|
||
|---|---|---|
| .. | ||
| analytics | ||
| cache | ||
| customfield | ||
| external | ||
| local | ||
| management | ||
| output | ||
| privacy | ||
| reportbuilder/datasource | ||
| search | ||
| task | ||
| category.php | ||
| deletecategory_form.php | ||
| editcategory_form.php | ||
| list_element.php | ||
| management_renderer.php | ||