From ffdb962bc5bad1fc520f148fcd18f8ed232dc396 Mon Sep 17 00:00:00 2001
From: Michael Pound <michwpound@gmail.com>
Date: Mon, 17 Feb 2025 15:57:30 +0000
Subject: [PATCH] TW21240105, cleaning comments before rendering

---
 external.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/external.php b/external.php
index c35cac0..53eefde 100755
--- a/external.php
+++ b/external.php
@@ -708,7 +708,7 @@ public static function get_comments($noteid) {
             $comment = (object)[];
             $comment->id = $note->id;
             $comment->noteid = $note->noteid;
-            $comment->content = $note->content;
+            $comment->content = clean_param($note->content, PARAM_TEXT);
             $comment->candelete = (($canpost && $note->userid === $USER->id) || $candeleteall) ? true : false;
             $comment->date = userdate($note->timecreated);
             $comments[] = $comment;