diff --git a/main/inc/lib/exercise.lib.php b/main/inc/lib/exercise.lib.php
index 0260bd2e01..1cdcebe7c4 100644
--- a/main/inc/lib/exercise.lib.php
+++ b/main/inc/lib/exercise.lib.php
@@ -532,7 +532,13 @@ class ExerciseLib
}
if ($answerType != UNIQUE_ANSWER_IMAGE) {
- $answer = Security::remove_XSS($answer, STUDENT);
+ $userStatus = STUDENT;
+ // Allows to do a remove_XSS in question of exersice with user status COURSEMANAGER
+ // see BT#18242
+ if (api_get_configuration_value('question_exercise_html_strict_filtering')) {
+ $userStatus = COURSEMANAGER;
+ }
+ $answer = Security::remove_XSS($answer, $userStatus);
}
$s .= Display::input(
'hidden',
@@ -578,7 +584,13 @@ class ExerciseLib
case GLOBAL_MULTIPLE_ANSWER:
case MULTIPLE_ANSWER_TRUE_FALSE_DEGREE_CERTAINTY:
$input_id = 'choice-'.$questionId.'-'.$answerId;
- $answer = Security::remove_XSS($answer, STUDENT);
+ $userStatus = STUDENT;
+ // Allows to do a remove_XSS in question of exersice with user status COURSEMANAGER
+ // see BT#18242
+ if (api_get_configuration_value('question_exercise_html_strict_filtering')) {
+ $userStatus = COURSEMANAGER;
+ }
+ $answer = Security::remove_XSS($answer, $userStatus);
if (in_array($numAnswer, $userChoiceList)) {
$attributes = [
@@ -775,7 +787,13 @@ class ExerciseLib
}
}
- $answer = Security::remove_XSS($answer, STUDENT);
+ $userStatus = STUDENT;
+ // Allows to do a remove_XSS in question of exersice with user status COURSEMANAGER
+ // see BT#18242
+ if (api_get_configuration_value('question_exercise_html_strict_filtering')) {
+ $userStatus = COURSEMANAGER;
+ }
+ $answer = Security::remove_XSS($answer, $userStatus);
$answer_input = '';
$answer_input .= '