diff --git a/conf/defaults.config b/conf/defaults.config index 1264c97aa6..6ba2a8521b 100644 --- a/conf/defaults.config +++ b/conf/defaults.config @@ -979,7 +979,6 @@ $pg{specialPGEnvironmentVars}{problemPostamble} = { TeX => '', HTML=>'' }; # should appear as [qw(Mymodule.pm, Dependency1.pm, Dependency2.pm)] ${pg}{modules} = [ - [qw(HTML::Scrubber)], [qw(HTML::Parser)], [qw(HTML::Entities)], [qw(DynaLoader)], diff --git a/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm b/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm index ea1b3ed389..0c75b4efaf 100644 --- a/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm +++ b/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm @@ -41,7 +41,6 @@ use WeBWorK::Utils::Tasks qw(fake_set fake_set_version fake_problem); use WeBWorK::Debug; use WeBWorK::ContentGenerator::Instructor qw(assignSetVersionToUser); use PGrandom; -use HTML::Scrubber; # template method sub templateName { @@ -1010,27 +1009,6 @@ sub pre_header_initialize { my $formFields = { WeBWorK::Form->new_from_paramable($r)->Vars }; - ##### scrub answer fields for xss badness ##### - my $scrubber = HTML::Scrubber->new( - default=> 1, - script => 0, - process => 0, - comment => 1 - ); - foreach my $key (keys %$formFields) { - if ($key =~ /AnSwEr/) { - $formFields->{$key} = $scrubber->scrub( - (defined $formFields->{$key})? $formFields->{$key}:'' # using // would be more elegant but breaks perl 5.8.x - ); - ### HTML::scrubber is a little too enthusiastic about - ### removing > and < so we have to add them back in otherwise - ### they confuse pg - $formFields->{$key} =~ s/</{$key} =~ s/>/>/g; - } - } - - $self->{displayMode} = $displayMode; $self->{redisplay} = $redisplay; $self->{submitAnswers} = $submitAnswers; diff --git a/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm b/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm index 2745d8c3f0..97b2d82f2d 100644 --- a/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm +++ b/lib/WeBWorK/ContentGenerator/Instructor/ProblemGrader.pm @@ -20,7 +20,6 @@ package WeBWorK::ContentGenerator::Instructor::ProblemGrader; use base qw(WeBWorK::ContentGenerator); use WeBWorK::Utils qw(sortByName ); use WeBWorK::PG; -use HTML::Scrubber; =head1 NAME @@ -130,18 +129,6 @@ sub initialize { #if the instructor added a comment we should save that to the latest answer if ($r->param("$userID.comment")) { - ### $comment needs to be sanitized. It could currently contain badness written - ### into the comment by the instructor - - - my $scrubber = HTML::Scrubber->new( - default=> 1, - script => 0, - process => 0, - comment => 1 - ); - - my $comment = $scrubber->scrub( ( defined $r->param("$userID.comment") )?$r->param("$userID.comment"):'' ); my $userPastAnswerID = $db->latestProblemPastAnswer($courseName, $userID, $setID, $problemID); if ($userPastAnswerID) { diff --git a/lib/WeBWorK/ContentGenerator/Problem.pm b/lib/WeBWorK/ContentGenerator/Problem.pm index da1abcb98c..6c11f1b719 100644 --- a/lib/WeBWorK/ContentGenerator/Problem.pm +++ b/lib/WeBWorK/ContentGenerator/Problem.pm @@ -42,7 +42,6 @@ use URI::Escape; use WeBWorK::Localize; use WeBWorK::Utils::Tasks qw(fake_set fake_problem); use WeBWorK::AchievementEvaluator; -use HTML::Scrubber; ################################################################################ # CGI param interface to this module (up-to-date as of v1.153) @@ -723,26 +722,7 @@ sub pre_header_initialize { $formFields->{$_} = $oldAnswers{$_} foreach keys %oldAnswers; } - ##### scrub answer fields for xss badness ##### - my $scrubber = HTML::Scrubber->new( - default=> 1, - script => 0, - process => 0, - comment => 1 - ); - foreach my $key (keys %$formFields) { - if ($key =~ /AnSwEr/) { - $formFields->{$key} = $scrubber->scrub( - (defined $formFields->{$key})? $formFields->{$key}:'' # using // would be more elegant but breaks perl 5.8.x - ); - ### HTML::scrubber is a little too enthusiastic about - ### removing > and < so we have to add them back in otherwise - ### they confuse pg - $formFields->{$key} =~ s/</{$key} =~ s/>/>/g; - } - } - + ##### translation ##### debug("begin pg processing");