Exercises: add remove_xss + fix behat test

main/exercise/exercise.class.php

@@ -3880,17 +3880,8 @@ class Exercise
         $userAnsweredQuestion = false;
         $correctAnswerId = [];
 
-        $userStatus = STUDENT;
-        // Allows to do a remove_XSS in question of exercise with user status COURSEMANAGER
-        // see BT#18242
-        if (api_get_configuration_value('question_exercise_html_strict_filtering')) {
-            $userStatus = COURSEMANAGERLOWSECURITY;
-        }
-
         for ($answerId = 1; $answerId <= $nbrAnswers; $answerId++) {
             $answer = $objAnswerTmp->selectAnswer($answerId);
-            $answer = Security::remove_XSS($answer, $userStatus);
-
             $answerComment = $objAnswerTmp->selectComment($answerId);
             $answerCorrect = $objAnswerTmp->isCorrect($answerId);
             $answerWeighting = (float) $objAnswerTmp->selectWeighting($answerId);

main/inc/lib/exercise_show_functions.lib.php

@@ -415,7 +415,7 @@ class ExerciseShowFunctions
         }
 
         echo '<td width="40%">';
-        echo $answer;
+        echo Security::remove_XSS($answer);
         echo '</td>';
 
         if ($exercise->showExpectedChoice()) {
@@ -541,7 +541,7 @@ class ExerciseShowFunctions
         }
 
         $content .= '<td width="40%">';
-        $content .= $answer;
+        $content .= Security::remove_XSS($answer);
         $content .= '</td>';
 
         if ($exercise->showExpectedChoice()) {
@@ -643,7 +643,7 @@ class ExerciseShowFunctions
         }
 
         echo '<td width="20%">';
-        echo $answer;
+        echo Security::remove_XSS($answer);
         echo '</td><td width="5%" style="text-align:center;">';
         if (isset($newOptions[$studentChoiceDegree])) {
             echo $newOptions[$studentChoiceDegree]['name'];
@@ -768,7 +768,7 @@ class ExerciseShowFunctions
         }
 
         echo '<td width="40%">';
-        echo $answer;
+        echo Security::remove_XSS($answer);
         echo '</td>';
 
         if ($exercise->showExpectedChoice()) {