StudentQuiz: can we mitigate the potential XSS risks? #812360

lib.php

@@ -73,6 +73,35 @@ function studentquiz_supports($feature) {
     }
 }
 
+/**
+ * Callback immediately after require_login succeeds.
+ */
+function studentquiz_after_require_login() {
+    global $PAGE, $CFG, $COURSE;
+    $forceclean = false;
+
+    if ($PAGE->activityname === 'studentquiz') {
+        $forceclean = true;
+    } else {
+        $instanceid = null;
+        if ($catparam = optional_param('cat', null, PARAM_SEQUENCE)) {
+            [, $contextid] = explode(',', $catparam);
+            $instanceid = context::instance_by_id($contextid)->instanceid;
+        } else if ($questionid = optional_param('id', null, PARAM_INT)) {
+            $question = question_bank::load_question($questionid);
+            $instanceid = context::instance_by_id($question->contextid)->instanceid;
+        }
+
+        if ($instanceid && get_course_and_cm_from_cmid($instanceid, 'studentquiz', $COURSE)) {
+            $forceclean = true;
+        }
+    }
+
+    if ($forceclean) {
+        $CFG->forceclean = true;
+    }
+}
+
 /**
  * Saves a new instance of the StudentQuiz into the database
  *