I'm using lib/gradelib.php::update_grade() to push grades into Moodle's grade book. The grades are being sent from Flash including the 'feedback' parameter.
My question is, is the text in 'feedback' escaped or cleaned or do I have to call a text cleaning function manually?
So far it works and links get automatically added in str_feedback output but I'm concerned about security.
Thanks in advance.
Does grade_update() clean or escape input for the feedback field?
This discussion has been locked because a year has elapsed since the last post. Please start a new discussion topic.