diff --git a/lib/classes/output/mustache_pix_helper.php b/lib/classes/output/mustache_pix_helper.php index a6a330c9ba5..112d4da84e3 100644 --- a/lib/classes/output/mustache_pix_helper.php +++ b/lib/classes/output/mustache_pix_helper.php @@ -72,6 +72,11 @@ class mustache_pix_helper { $text = strtok(""); // Allow mustache tags in the last argument. $text = trim($helper->render($text)); + // The $text has come from a template, so HTML special + // chars have been escaped. However, render_pix_icon + // assumes the alt arrives with no escaping. So we need + // ot un-escape here. + $text = htmlspecialchars_decode($text); return trim($this->renderer->pix_icon($key, $text, $component)); } diff --git a/lib/templates/permissionmanager_role.mustache b/lib/templates/permissionmanager_role.mustache index b30865371b8..d7ea395bfef 100644 --- a/lib/templates/permissionmanager_role.mustache +++ b/lib/templates/permissionmanager_role.mustache @@ -30,24 +30,29 @@ * rolename Name of the role rendered - must have been prepared for output with format_string, or more likely one of the role API functions like role_fix_names. * roleid Id of the role - * action WEhich action is done on click + * action Which action is done on click * spanclass class attribute of span * linkclass class attribute of link * adminurl moodle admin url - * imageurl moodle url for delete(x) image + * icon moodle icon for delete(x) + * iconalt alt text for the icon. Must have been HTML escaped. Example context (json): - {"rolename" : "Manager", - "roleid" : 1, - "action": "prevent", - "spanclass": "allowed", - "linkclass": "preventlink", - "adminurl" : "http://localhost/moodle/admin/"} + { + "rolename": "Manager", + "roleid": 1, + "action": "prevent", + "spanclass": "allowed", + "linkclass": "preventlink", + "adminurl": "http://localhost/moodle/admin/", + "icon": "t/delete", + "iconalt": "Delete Student role" + } }}  {{{rolename}}}  {{#icon}} - {{#pix}}{{icon}}, core, {{iconalt}}{{/pix}} + {{#pix}}{{icon}}, core, {{{iconalt}}}{{/pix}} {{/icon}}