From bbbf8a57341dd91fd867bc62281da1d697b77395 Mon Sep 17 00:00:00 2001
From: gnaegi <none@none>
Date: Fri, 7 Jul 2017 14:52:23 +0200
Subject: [PATCH] OO-2636 format description and preparation in "formatted
 plain text with links" style

---
 .../olat/modules/lecture/ui/TeacherRollCallController.java  | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/olat/modules/lecture/ui/TeacherRollCallController.java b/src/main/java/org/olat/modules/lecture/ui/TeacherRollCallController.java
index 4c2bdf147e1..e7131c3c3fc 100644
--- a/src/main/java/org/olat/modules/lecture/ui/TeacherRollCallController.java
+++ b/src/main/java/org/olat/modules/lecture/ui/TeacherRollCallController.java
@@ -180,8 +180,10 @@ public class TeacherRollCallController extends FormBasicController {
 			layoutCont.contextPut("teachers", sb.toString());
 			layoutCont.contextPut("lectureBlockTitle", StringHelper.escapeJavaScript(lectureBlock.getTitle()));
 			layoutCont.contextPut("lectureBlockExternaalId", StringHelper.escapeJavaScript(lectureBlock.getExternalId()));
-			layoutCont.contextPut("lectureBlockDescription", StringHelper.escapeJavaScript(lectureBlock.getDescription()));
-			layoutCont.contextPut("lectureBlockPreparation", StringHelper.escapeJavaScript(lectureBlock.getPreparation()));
+			StringBuilder description = Formatter.stripTabsAndReturns(Formatter.formatURLsAsLinks(lectureBlock.getDescription()));
+			layoutCont.contextPut("lectureBlockDescription", StringHelper.xssScan(description));
+			StringBuilder preparation = Formatter.stripTabsAndReturns(Formatter.formatURLsAsLinks(lectureBlock.getPreparation()));
+			layoutCont.contextPut("lectureBlockPreparation", StringHelper.xssScan(preparation));
 			layoutCont.contextPut("lectureBlockLocation", StringHelper.escapeJavaScript(lectureBlock.getLocation()));
 			layoutCont.contextPut("lectureBlock",lectureBlock);
 			layoutCont.contextPut("lectureBlockOptional", !lectureBlock.isCompulsory());
-- 
GitLab