Merge branch 'MDL-83697_main' of https://github.com/PhilippImhof/moodle

2025-04-20 16:04:25 +02:00 · 2025-03-21 08:36:22 +07:00 · 2025-03-21 08:36:22 +07:00 · b497ad9682
commit b497ad9682
parent 777463c8d7 988640a2c7
2 changed files with 6 additions and 0 deletions
--- a/lib/tests/weblib_format_text_test.php
+++ b/lib/tests/weblib_format_text_test.php
@ -262,6 +262,11 @@ final class weblib_format_text_test extends \advanced_testcase {
                '<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000083&#0000083&#0000039&#0000041">',
                '<img src="x" alt="x" />',
            ],
+            'IMG border-radius' => [
+                '<img src=x style="border-radius: 10px;">',
+                '<img src=x style="border-radius: 10px;">',
+                '<img src="x" style="border-radius:10px;" alt="x" />',
+            ],
            'DIV background-image' => [
                '<DIV STYLE="background-image: url(javascript:alert(\'XSS\'))">',
                '<DIV STYLE="background-image: url(javascript:alert(\'XSS\'))">',
--- a/lib/weblib.php
+++ b/lib/weblib.php
@ -1079,6 +1079,7 @@ function purify_html($text, $options = array()) {

        $config->set('HTML.DefinitionID', 'moodlehtml');
        $config->set('HTML.DefinitionRev', 7);
+        $config->set('CSS.Proprietary', true);
        $config->set('Cache.SerializerPath', $cachedir);
        $config->set('Cache.SerializerPermissions', $CFG->directorypermissions);
        $config->set('Core.NormalizeNewlines', false);