From 2ae8194de04f42c470ba18e078eb7623cee07799 Mon Sep 17 00:00:00 2001
From: Elmar Ludwig <elmar.ludwig@uni-osnabrueck.de>
Date: Tue, 12 Sep 2023 15:49:07 +0000
Subject: [PATCH] use purifyHtml() as in the Text block, fixes #3176

Closes #3176

Merge request studip/studip!2153
---
 .../BlockTypes/BiographyAchievements.php          | 15 +++++++++++++++
 .../Courseware/BlockTypes/BiographyGoals.php      | 15 +++++++++++++++
 .../CoursewareBiographyAchievementsBlock.vue      |  2 +-
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/lib/models/Courseware/BlockTypes/BiographyAchievements.php b/lib/models/Courseware/BlockTypes/BiographyAchievements.php
index e002950b151..3af5d64daee 100644
--- a/lib/models/Courseware/BlockTypes/BiographyAchievements.php
+++ b/lib/models/Courseware/BlockTypes/BiographyAchievements.php
@@ -42,6 +42,21 @@ class BiographyAchievements extends BlockType
         ];
     }
 
+    public function getPayload()
+    {
+        $payload = parent::getPayload();
+        $payload['description'] = \Studip\Markup::purifyHtml(\Studip\Markup::markAsHtml($payload['description']));
+
+        return $payload;
+    }
+
+    public function setPayload($payload): void
+    {
+        $payload['description'] = \Studip\Markup::purifyHtml(\Studip\Markup::markAsHtml($payload['description']));
+
+        parent::setPayload($payload);
+    }
+
     public static function getJsonSchema(): Schema
     {
         $schemaFile = __DIR__.'/BiographyAchievements.json';
diff --git a/lib/models/Courseware/BlockTypes/BiographyGoals.php b/lib/models/Courseware/BlockTypes/BiographyGoals.php
index 0cf67f1f8d6..dcfb76cc961 100644
--- a/lib/models/Courseware/BlockTypes/BiographyGoals.php
+++ b/lib/models/Courseware/BlockTypes/BiographyGoals.php
@@ -38,6 +38,21 @@ class BiographyGoals extends BlockType
         ];
     }
 
+    public function getPayload()
+    {
+        $payload = parent::getPayload();
+        $payload['description'] = \Studip\Markup::purifyHtml(\Studip\Markup::markAsHtml($payload['description']));
+
+        return $payload;
+    }
+
+    public function setPayload($payload): void
+    {
+        $payload['description'] = \Studip\Markup::purifyHtml(\Studip\Markup::markAsHtml($payload['description']));
+
+        parent::setPayload($payload);
+    }
+
     public static function getJsonSchema(): Schema
     {
         $schemaFile = __DIR__.'/BiographyGoals.json';
diff --git a/resources/vue/components/courseware/CoursewareBiographyAchievementsBlock.vue b/resources/vue/components/courseware/CoursewareBiographyAchievementsBlock.vue
index ed5cc2278c1..20540408902 100644
--- a/resources/vue/components/courseware/CoursewareBiographyAchievementsBlock.vue
+++ b/resources/vue/components/courseware/CoursewareBiographyAchievementsBlock.vue
@@ -27,7 +27,7 @@
                             {{ $gettext('Enddatum') }}: {{ getReadableDate(currentData.end_date)}}
                         </h4>
                         <h4 v-show="hasParticipation">
-                            {{ $gettext('Beteiligung') }}: <span v-html="currentData.role"></span>
+                            {{ $gettext('Beteiligung') }}: {{ currentData.role }}
                         </h4>
                         <div>
                             <h4>{{ $gettext('Beschreibung') }}:</h4>
-- 
GitLab