MDL-25836 fixed stripped src attribute from script tag

diff --git a/lib/editor/tinymce/lib.php b/lib/editor/tinymce/lib.php
index 5a54a91..b0f3bf0 100644 (file)
--- a/lib/editor/tinymce/lib.php
+++ b/lib/editor/tinymce/lib.php
@@ -158,7 +158,7 @@ class tinymce_texteditor extends texteditor {
         if (empty($CFG->xmlstrictheaders) and (!empty($options['legacy']) or !empty($options['noclean']) or !empty($options['trusted']))) {
             // now deal somehow with non-standard tags, people scream when we do not make moodle code xtml strict,
             // but they scream even more when we strip all tags that are not strict :-(
-            $params['valid_elements'] = '*[*]';
+            $params['valid_elements'] = 'script[src|type],*[*]'; // for some reason the *[*] does not inlcude javascript src attribute MDL-25836
             $params['invalid_elements'] = '';
         }