Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pervent reverse tabnabbing in edx platform

Browse Source
This commit is contained in:
Awais Jibran
2019-08-22 16:37:44 +05:00
parent 1c4f9da92d
commit 1a4eb7d2e8
61 changed files with 120 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cms/static/js/base.js
View File

@@ -97,7 +97,10 @@ define([
// general link management - new window/tab
$('a[rel="external"]:not([title])')
.attr('title', gettext('This link will open in a new browser window/tab'));
$('a[rel="external"]').attr('target', '_blank');
$('a[rel="external"]').attr({
rel: 'noopener external',
target: '_blank'
});
// general link management - lean modal window
$('a[rel="modal"]').attr('title', gettext('This link will open in a modal window')).leanModal({

2
cms/templates/container.html
View File

@@ -144,7 +144,7 @@ from openedx.core.djangolib.markup import HTML, Text
<p>${_("Confirm that you have properly configured content in each of your experiment groups.")}</p>
</div>
<div class="bit external-help">
<a href="${get_online_help_info(online_help_token())['doc_url']}" target="_blank" class="button external-help-button">${_("Learn more about component containers")}</a>
<a href="${get_online_help_info(online_help_token())['doc_url']}" rel="noopener" target="_blank" class="button external-help-button">${_("Learn more about component containers")}</a>
</div>
% elif is_unit_page:
<div id="publish-unit"></div>

2
cms/templates/course-create-rerun.html
View File

@@ -148,7 +148,7 @@ from openedx.core.djangolib.js_utils import js_escaped_string
</div>
<div class="bit external-help">
<a href="${get_online_help_info(online_help_token())['doc_url']}" target="_blank" class="button external-help-button">${_("Learn more about Course Re-runs")}</a>
<a href="${get_online_help_info(online_help_token())['doc_url']}" rel="noopener" target="_blank" class="button external-help-button">${_("Learn more about Course Re-runs")}</a>
</div>
</aside>

10
cms/templates/course_outline.html
View File

@@ -164,7 +164,7 @@ from django.core.urlresolvers import reverse
<div style="width: 50%" class="status-studio-frontend">
% endif
<%static:studiofrontend entry="courseOutlineHealthCheck">
<%
<%
course_key = context_course.id
%>
{
@@ -188,7 +188,7 @@ from django.core.urlresolvers import reverse
"settings": ${reverse('settings_handler', kwargs={'course_key_string': unicode(course_key)})| n, dump_js_escaped_json}
}
}
</%static:studiofrontend>
</%static:studiofrontend>
</div>
<div class="status-highlights-enabled"></div>
</div>
@@ -218,14 +218,14 @@ from django.core.urlresolvers import reverse
<h3 class="title-3">${_("Reorganizing your course")}</h3>
<p>${_("Drag sections, subsections, and units to new locations in the outline.")}</p>
<div class="external-help">
<a href="${get_online_help_info('outline')['doc_url']}" target="_blank" class="button external-help-button">${_("Learn more about the course outline")}</a>
<a href="${get_online_help_info('outline')['doc_url']}" rel="noopener" target="_blank" class="button external-help-button">${_("Learn more about the course outline")}</a>
</div>
</div>
<div class="bit">
<h3 class="title-3">${_("Setting release dates and grading policies")}</h3>
<p>${_("Select the Configure icon for a section or subsection to set its release date. When you configure a subsection, you can also set the grading policy and due date.")}</p>
<div class="external-help">
<a href="${get_online_help_info('grading')['doc_url']}" target="_blank" class="button external-help-button">${_("Learn more about grading policy settings")}</a>
<a href="${get_online_help_info('grading')['doc_url']}" rel="noopener" target="_blank" class="button external-help-button">${_("Learn more about grading policy settings")}</a>
</div>
</div>
<div class="bit">
@@ -234,7 +234,7 @@ from django.core.urlresolvers import reverse
<p>${Text(_("To make a section, subsection, or unit unavailable to learners, select the Configure icon for that level, then select the appropriate {em_start}Hide{em_end} option. Grades for hidden sections, subsections, and units are not included in grade calculations.")).format(em_start=HTML("<strong>"), em_end=HTML("</strong>"))}</p>
<p>${Text(_("To hide the content of a subsection from learners after the subsection due date has passed, select the Configure icon for a subsection, then select {em_start}Hide content after due date{em_end}. Grades for the subsection remain included in grade calculations.")).format(em_start=HTML("<strong>"), em_end=HTML("</strong>"))}</p>
<div class="external-help">
<a href="${get_online_help_info('visibility')['doc_url']}" target="_blank" class="button external-help-button">${_("Learn more about content visibility settings")}</a>
<a href="${get_online_help_info('visibility')['doc_url']}" rel="noopener" target="_blank" class="button external-help-button">${_("Learn more about content visibility settings")}</a>
</div>
</div>

4
cms/templates/export.html
View File

@@ -235,7 +235,7 @@ else:
<p>${_("Use an archive program to extract the data from the .tar.gz file. Extracted data includes the library.xml file, as well as subfolders that contain library content.")}</p>
</div>
<div class="bit external-help">
<a href="${get_online_help_info(online_help_token())['doc_url']}" target="_blank" class="button external-help-button">${_("Learn more about exporting a library")}</a>
<a href="${get_online_help_info(online_help_token())['doc_url']}" rel="noopener" target="_blank" class="button external-help-button">${_("Learn more about exporting a library")}</a>
</div>
</aside>
%else:
@@ -269,7 +269,7 @@ else:
<p>${_("Use an archive program to extract the data from the .tar.gz file. Extracted data includes the course.xml file, as well as subfolders that contain course content.")}</p>
</div>
<div class="bit external-help">
<a href="${get_online_help_info(online_help_token())['doc_url']}" target="_blank" class="button external-help-button">${_("Learn more about exporting a course")}</a>
<a href="${get_online_help_info(online_help_token())['doc_url']}" rel="noopener" target="_blank" class="button external-help-button">${_("Learn more about exporting a course")}</a>
</div>
</aside>
%endif

6
cms/templates/group_configurations.html
View File

@@ -86,7 +86,7 @@ from openedx.core.djangolib.markup import HTML, Text
<p>${_("Enrollment track groups allow you to offer different course content to learners in each enrollment track. Learners enrolled in each enrollment track in your course are automatically included in the corresponding enrollment track group.")}</p>
<p>${_("On unit pages in the course outline, you can restrict access to components to learners based on their enrollment track.")}</p>
<p>${_("You cannot edit enrollment track groups, but you can expand each group to view details of the course content that is designated for learners in the group.")}</p>
<p><a href="${get_online_help_info(enrollment_track_help_token())['doc_url']}" target="_blank" class="button external-help-button">${_("Learn More")}</a></p>
<p><a href="${get_online_help_info(enrollment_track_help_token())['doc_url']} rel="noopener" target="_blank" class="button external-help-button">${_("Learn More")}</a></p>
</div>
</div>
% endif
@@ -96,7 +96,7 @@ from openedx.core.djangolib.markup import HTML, Text
<p>${_("If you have cohorts enabled in your course, you can use content groups to create cohort-specific courseware. In other words, you can customize the content that particular cohorts see in your course.")}</p>
<p>${_("Each content group that you create can be associated with one or more cohorts. In addition to making course content available to all learners, you can restrict access to some content to learners in specific content groups. Only learners in the cohorts that are associated with the specified content groups see the additional content.")}</p>
<p>${Text(_("Click {em_start}New content group{em_end} to add a new content group. To edit the name of a content group, hover over its box and click {em_start}Edit{em_end}. You can delete a content group only if it is not in use by a unit. To delete a content group, hover over its box and click the delete icon.")).format(em_start=HTML("<strong>"), em_end=HTML("</strong>"))}</p>
<p><a href="${get_online_help_info(content_groups_help_token())['doc_url']}" target="_blank" class="button external-help-button">${_("Learn More")}</a></p>
<p><a href="${get_online_help_info(content_groups_help_token())['doc_url']}" rel="noopener" target="_blank" class="button external-help-button">${_("Learn More")}</a></p>
</div>
</div>
% if should_show_experiment_groups:
@@ -105,7 +105,7 @@ from openedx.core.djangolib.markup import HTML, Text
<h3 class="title-3">${_("Experiment Group Configurations")}</h3>
<p>${_("Use experiment group configurations if you are conducting content experiments, also known as A/B testing, in your course. Experiment group configurations define how many groups of learners are in a content experiment. When you create a content experiment for a course, you select the group configuration to use.")}</p>
<p>${Text(_("Click {em_start}New Group Configuration{em_end} to add a new configuration. To edit a configuration, hover over its box and click {em_start}Edit{em_end}. You can delete a group configuration only if it is not in use in an experiment. To delete a configuration, hover over its box and click the delete icon.")).format(em_start=HTML("<strong>"), em_end=HTML("</strong>"))}</p>
<p><a href="${get_online_help_info(experiment_group_configurations_help_token())['doc_url']}" target="_blank" class="button external-help-button">${_("Learn More")}</a></p>
<p><a href="${get_online_help_info(experiment_group_configurations_help_token())['doc_url']}" rel="noopener" target="_blank" class="button external-help-button">${_("Learn More")}</a></p>
</div>
</div>
% endif

4
cms/templates/import.html
View File

@@ -213,7 +213,7 @@ else:
<p>${_("If you change and import a library that is referenced by randomized content blocks in one or more courses, those courses do not automatically use the updated content. You must manually refresh the randomized content blocks to bring them up to date with the latest library content.")}</p>
</div>
<div class="bit external-help">
<a href="${get_online_help_info(online_help_token())['doc_url']}" target="_blank" class="button external-help-button">${_("Learn more about importing a library")}</a>
<a href="${get_online_help_info(online_help_token())['doc_url']}" rel="noopener" target="_blank" class="button external-help-button">${_("Learn more about importing a library")}</a>
</div>
</aside>
%else:
@@ -245,7 +245,7 @@ else:
<p>${_("If you perform an import while your course is running, and you change the URL names (or url_name nodes) of any Problem components, the student data associated with those Problem components may be lost. This data includes students' problem scores.")}</p>
</div>
<div class="bit external-help">
<a href="${get_online_help_info(online_help_token())['doc_url']}" target="_blank" class="button external-help-button">${_("Learn more about importing a course")}</a>
<a href="${get_online_help_info(online_help_token())['doc_url']}" rel="noopener" target="_blank" class="button external-help-button">${_("Learn more about importing a course")}</a>
</div>
</aside>
%endif

2
cms/templates/index.html
View File

@@ -519,7 +519,7 @@ from openedx.core.djangolib.js_utils import (
<ol class="list-actions">
<li class="action-item">
<a href="${get_online_help_info(online_help_token())['doc_url']}" target="_blank">${_("Getting Started with {studio_name}").format(studio_name=settings.STUDIO_NAME)}</a>
<a href="${get_online_help_info(online_help_token())['doc_url']}" rel="noopener" target="_blank">${_("Getting Started with {studio_name}").format(studio_name=settings.STUDIO_NAME)}</a>
</li>
</ol>
</div>

2
cms/templates/js/add-xblock-component-support-legend.underscore
View File

@@ -1,7 +1,7 @@
<% if (support_legend.show_legend) { %>
<span class="support-documentation">
<a class="support-documentation-link"
href="https://edx.readthedocs.io/projects/edx-partner-course-staff/en/latest/exercises_tools/create_exercises_and_tools.html#levels-of-support-for-tools" target="_blank">
href="https://edx.readthedocs.io/projects/edx-partner-course-staff/en/latest/exercises_tools/create_exercises_and_tools.html#levels-of-support-for-tools" rel="noopener" target="_blank">
<%- support_legend.documentation_label %>
</a>
<span class="support-documentation-level">

2
cms/templates/js/course-highlights-enable.underscore
View File

@@ -8,5 +8,5 @@
<% } else { %>
<button class="status-highlights-enabled-value button" aria-labelledby="highlights-enabled-label"><%- gettext('Enable Now') %></button>
<% } %>
<a class="status-highlights-enabled-info" href="<%- highlights_doc_url %>" target="_blank">Learn more</a>
<a class="status-highlights-enabled-info" href="<%- highlights_doc_url %>" rel="noopener" target="_blank">Learn more</a>
</div>

2
cms/templates/js/highlights-enable-editor.underscore
View File

@@ -15,7 +15,7 @@
),
{
linkStart: edx.HtmlUtils.interpolateHtml(
edx.HtmlUtils.HTML('<a href="{highlightsDocUrl}" target="_blank">'),
edx.HtmlUtils.HTML('<a href="{highlightsDocUrl}" rel="noopener" target="_blank">'),
{highlightsDocUrl: xblockInfo.attributes.highlights_doc_url}
),
linkEnd: edx.HtmlUtils.HTML('</a>')

2
cms/templates/js/license-selector.underscore
View File

@@ -3,7 +3,7 @@
<%- gettext("License Type") %>
</h3>
<ul class="license-types">
<% var link_start_tpl = '<a href="{url}" target="_blank">'; %>
<% var link_start_tpl = '<a href="{url}" rel="noopener" target="_blank">'; %>
<% _.each(licenseInfo, function(license, licenseType) { %>
<li class="license-type" data-license="<%- licenseType %>">
<button name="license-<%- licenseType %>"

2
cms/templates/library.html
View File

@@ -98,7 +98,7 @@ from openedx.core.djangolib.markup import HTML, Text
</div>
% endif
<div class="bit external-help">
<a href="${get_online_help_info(online_help_token())['doc_url']}" target="_blank" class="button external-help-button">${_("Learn more about content libraries")}</a>
<a href="${get_online_help_info(online_help_token())['doc_url']}" rel="noopener" target="_blank" class="button external-help-button">${_("Learn more about content libraries")}</a>
</div>
</div>
</div>

2
cms/templates/textbooks.html
View File

@@ -67,7 +67,7 @@ CMS.URL.LMS_BASE = "${settings.LMS_BASE | n, js_escaped_string}"
</div>
<div class="bit external-help">
<a href="${get_online_help_info(online_help_token())['doc_url']}" target="_blank" class="button external-help-button">${_("Learn more about textbooks")}</a>
<a href="${get_online_help_info(online_help_token())['doc_url']}" rel="noopener" target="_blank" class="button external-help-button">${_("Learn more about textbooks")}</a>
</div>
</aside>
</section>

6
cms/templates/ux/reference/fragments/course-settings.html
View File

@@ -41,7 +41,7 @@
<h3 class="title">Course Summary Page <span class="tip">(for student enrollment and access)</span></h3>
<div class="copy">
<p><a class="link-courseURL" rel="external" href="http://localhost:8000/courses/course-v1:AndyA+AA101+1/about" title="This link will open in a new browser window/tab" target="_blank">http://localhost:8000/courses/course-v1:AndyA+AA101+1/about</a></p>
<p><a class="link-courseURL" rel="external" href="http://localhost:8000/courses/course-v1:AndyA+AA101+1/about" title="This link will open in a new browser window/tab" rel="noopener" target="_blank">http://localhost:8000/courses/course-v1:AndyA+AA101+1/about</a></p>
</div>
<ul class="list-actions">
@@ -351,7 +351,7 @@
<label class="sr" for="course-overview-cm-textarea">
HTML Code Editor
</label>
<span class="tip tip-stacked">Introductions, prerequisites, FAQs that are used on <a class="link-courseURL" rel="external" href="http://localhost:8000/courses/course-v1:AndyA+AA101+1/about" title="This link will open in a new browser window/tab" target="_blank">your course summary page</a> (formatted in HTML)</span>
<span class="tip tip-stacked">Introductions, prerequisites, FAQs that are used on <a class="link-courseURL" rel="external" href="http://localhost:8000/courses/course-v1:AndyA+AA101+1/about" title="This link will open in a new browser window/tab" rel="noopener" target="_blank">your course summary page</a> (formatted in HTML)</span>
</li>
<li class="field image" id="field-course-image">
@@ -465,7 +465,7 @@
</button>
<p class="tip">
<a href="https://creativecommons.org/about" target="_blank">
<a href="https://creativecommons.org/about" rel="noopener" target="_blank">
Learn more about Creative Commons
</a>

4
cms/templates/widgets/header.html
View File

@@ -220,7 +220,7 @@
<h2 class="sr-only">${_("Account Navigation")}</h2>
<ol>
<li class="nav-item nav-account-help">
<h3 class="title"><span class="label"><a href="${get_online_help_info(online_help_token)['doc_url']}" title="${_('Contextual Online Help')}" target="_blank">${_("Help")}</a></span></h3>
<h3 class="title"><span class="label"><a href="${get_online_help_info(online_help_token)['doc_url']}" title="${_('Contextual Online Help')}" rel="noopener" target="_blank">${_("Help")}</a></span></h3>
</li>
<li class="nav-item nav-account-user">
<%include file="user_dropdown.html" args="online_help_token=online_help_token" />
@@ -236,7 +236,7 @@
<h2 class="sr-only">${_("Account Navigation")}</h2>
<ol>
<li class="nav-item nav-not-signedin-help">
<a href="${get_online_help_info(online_help_token)['doc_url']}" title="${_('Contextual Online Help')}" target="_blank">${_("Help")}</a>
<a href="${get_online_help_info(online_help_token)['doc_url']}" title="${_('Contextual Online Help')}" rel="noopener" target="_blank">${_("Help")}</a>
</li>
% if static.get_value('ALLOW_PUBLIC_ACCOUNT_CREATION', settings.FEATURES.get('ALLOW_PUBLIC_ACCOUNT_CREATION')):
<li class="nav-item nav-not-signedin-signup">