❌ This issue is not open for contribution. Visit Contributing guidelines to learn about the contributing process and how to find suitable issues.
Target branch: `unstable`
Observed behavior
The Rich Text Editor (RTE) does not escape HTML-like input entered as plain text. When a user types a string such as `
` or `<>` in an RTE field:
- While editing, the text appears as typed.
- After closing the editor (switching to view mode), the content is rendered as HTML — the tag is interpreted by the browser, causing the literal text (e.g. `
`) to disappear from the rendered output.
This affects languages that use angle-bracket guillemets for quotes (e.g. Spanish writes `<>`). After closing the editor, `<>` collapses to `<>` because `` is parsed as an HTML tag.
Additionally, when attempting to save or publish a QTI package containing `` (or any other invalid HTML tag) in the content, the backend raises an error at publish time because `` is not a valid tag.
Errors and logs
No specific logs available at this time.
Expected behavior
Any HTML-like text typed into an RTE field should be treated as plain text and properly escaped (e.g. `` should be stored and displayed as the literal string ``, not interpreted as an HTML tag). Angle-bracket guillemets used in languages like Spanish (`<>`) should survive close/reopen cycles without being mangled.
User-facing consequences
- Content is silently corrupted: text containing angle-bracket characters disappears from view after closing the editor, with no warning to the user.
- Users writing in languages that use angle-bracket guillemets (e.g. Spanish) cannot reliably enter quoted text in RTE fields.
- Attempting to publish a QTI package containing such content results in a backend error, blocking the publish workflow entirely.
Steps to reproduce
- Open any RTE field in Studio (e.g. a question body in an assessment).
- Type a string containing angle brackets, such as `
` or `<>`.
- Close the editor (switch to view mode).
- Observe that the angle-bracket text is rendered as HTML and disappears from the displayed content.
- (For the publish error) Save the content and attempt to publish a QTI package — the backend returns an error because the invalid tag is present in the stored content.
Context
- Affects all browsers and operating systems.
- Observed on the `unstable` branch.
Acceptance Criteria
AI usage
Drafted with Claude Code. Reproduction steps and acceptance criteria were reviewed and confirmed manually.
❌ This issue is not open for contribution. Visit Contributing guidelines to learn about the contributing process and how to find suitable issues.
Target branch: `unstable`
Observed behavior
The Rich Text Editor (RTE) does not escape HTML-like input entered as plain text. When a user types a string such as `
This affects languages that use angle-bracket guillemets for quotes (e.g. Spanish writes `<>`). After closing the editor, `<>` collapses to `<>` because `` is parsed as an HTML tag.
Additionally, when attempting to save or publish a QTI package containing `` (or any other invalid HTML tag) in the content, the backend raises an error at publish time because `` is not a valid tag.
Errors and logs
No specific logs available at this time.
Expected behavior
Any HTML-like text typed into an RTE field should be treated as plain text and properly escaped (e.g. `` should be stored and displayed as the literal string ``, not interpreted as an HTML tag). Angle-bracket guillemets used in languages like Spanish (`<>`) should survive close/reopen cycles without being mangled.
User-facing consequences
Steps to reproduce
Context
Acceptance Criteria
AI usage
Drafted with Claude Code. Reproduction steps and acceptance criteria were reviewed and confirmed manually.