From 11e13d1629a960b431c7f0fbc64e504bd32ae01a Mon Sep 17 00:00:00 2001
From: Michael Hawkins <michaelh@moodle.com>
Date: Tue, 1 Dec 2020 18:59:03 +0800
Subject: [PATCH] MDL-69911 core: Clean content passed through TeX filter

---
 filter/tex/filter.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/filter/tex/filter.php b/filter/tex/filter.php
index 395638d22b7..66f9eb00e99 100644
--- a/filter/tex/filter.php
+++ b/filter/tex/filter.php
@@ -189,6 +189,9 @@ class filter_tex extends moodle_text_filter {
                 continue;
             }
 
+            // Sanitize the decoded string, because filter_text_image() injects the final string between script tags.
+            $texexp = clean_param($texexp, PARAM_TEXT);
+
             $md5 = md5($texexp);
             if (!$DB->record_exists("cache_filters", array("filter"=>"tex", "md5key"=>$md5))) {
                 $texcache = new stdClass();
-- 
2.17.1