Merge pull request #216 from edx/IM/security-fixes-7
Incident Management Security Fixes 7
This commit is contained in:
Ali Akbar
@@ -3,7 +3,7 @@
|
||||
<span class="icon fa fa-cloud-upload" aria-hidden="true"></span>
|
||||
<div class="text-container">
|
||||
<div class="video-uploads-header"><%- uploadHeader %></div>
|
||||
<div class="video-upload-text"><%= uploadText %></div>
|
||||
<div class="video-upload-text"><%= uploadText %></div> <% // xss-lint: disable=underscore-not-escaped %>
|
||||
<div class="video-max-file-size-text"><%- maxSizeText %></div>
|
||||
<div class="video-allowed-extensions-text"><%- supportedVideosText %></div>
|
||||
</div>
|
||||
@@ -11,6 +11,6 @@
|
||||
<input type="file" class="sr js-file-input" name="file" multiple>
|
||||
</form>
|
||||
<section class="active-video-upload-container">
|
||||
<h3 class="sr"><%= gettext("Active Uploads") %></h3>
|
||||
<h3 class="sr"><%- gettext("Active Uploads") %></h3>
|
||||
<ul class="active-video-upload-list"></ul>
|
||||
</section>
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<h4 class="video-detail-name"><%- fileName %></h4>
|
||||
<progress class="video-detail-progress" value="<%= progress %>"></progress>
|
||||
<progress class="video-detail-progress" value="<%- progress %>"></progress>
|
||||
<div class="video-upload-status">
|
||||
<span class="icon alert-icon fa fa-warning upload-failure" aria-hidden="true"></span>
|
||||
<span class="video-detail-status"><%- gettext(status) %></span>
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
<div class="xblock-editor" data-locator="<%= xblockInfo.get('id') %>" data-course-key="<%= xblockInfo.get('courseKey') %>">
|
||||
<div class="xblock-editor" data-locator="<%- xblockInfo.get('id') %>" data-course-key="<%- xblockInfo.get('courseKey') %>">
|
||||
<div class="message modal-introduction">
|
||||
<p><%- introductionMessage %></p>
|
||||
</div>
|
||||
|
||||
@@ -1 +1 @@
|
||||
<div class="xblock-editor" data-locator="<%= xblockInfo.get('id') %>" data-course-key="<%= xblockInfo.get('courseKey') %>"></div>
|
||||
<div class="xblock-editor" data-locator="<%- xblockInfo.get('id') %>" data-course-key="<%- xblockInfo.get('courseKey') %>"></div>
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
<li class="action-item" data-mode="<%= mode %>">
|
||||
<a href="#" class="<%= mode %>-button"><%= displayName %></a>
|
||||
<li class="action-item" data-mode="<%- mode %>">
|
||||
<a href="#" class="<%- mode %>-button"><%- displayName %></a>
|
||||
</li>
|
||||
|
||||
@@ -12,13 +12,13 @@
|
||||
|
||||
<script id="metadata-string-entry" type="text/template">
|
||||
<div class="wrapper-comp-setting">
|
||||
\t<label class="label setting-label" for="<%= uniqueId %>"><%= model.get('display_name') %></label>
|
||||
\t<input class="input setting-input" type="text" id="<%= uniqueId %>" value='<%= model.get("value") %>'/>
|
||||
\t<label class="label setting-label" for="<%- uniqueId %>"><%- model.get('display_name') %></label>
|
||||
\t<input class="input setting-input" type="text" id="<%- uniqueId %>" value='<%- model.get("value") %>'/>
|
||||
\t<button class="action setting-clear inactive" type="button" name="setting-clear" value="Clear" data-tooltip="Clear">
|
||||
<span class="icon fa fa-undo" aria-hidden="true"></span><span class="sr">"Clear Value"</span>
|
||||
</button>
|
||||
</div>
|
||||
<span class="tip setting-help"><%= model.get('help') %></span>
|
||||
<span class="tip setting-help"><%- model.get('help') %></span>
|
||||
|
||||
</script>
|
||||
|
||||
|
||||
@@ -1,20 +1,20 @@
|
||||
<nav class="pagination pagination-full bottom" aria-label="<%= paginationLabel %>">
|
||||
<div class="nav-item previous"><button class="nav-link previous-page-link"><span class="icon fa fa-angle-left" aria-hidden="true"></span> <span class="nav-label"><%= gettext("Previous") %></span></button></div>
|
||||
<nav class="pagination pagination-full bottom" aria-label="<%- paginationLabel %>">
|
||||
<div class="nav-item previous"><button class="nav-link previous-page-link"><span class="icon fa fa-angle-left" aria-hidden="true"></span> <span class="nav-label"><%- gettext("Previous") %></span></button></div>
|
||||
<div class="nav-item page">
|
||||
<div class="pagination-form">
|
||||
<label class="page-number-label" for="page-number-input"><%= interpolate(
|
||||
<label class="page-number-label" for="page-number-input"><%- interpolate(
|
||||
gettext("Page number out of %(total_pages)s"),
|
||||
{total_pages: total_pages},
|
||||
true
|
||||
)%></label>
|
||||
<input id="page-number-input" class="page-number-input" name="page-number" type="text" size="4" autocomplete="off" aria-describedby="page-number-input-helper"/>
|
||||
<span class="sr field-helper" id="page-number-input-helper"><%= gettext("Enter the page number you'd like to quickly navigate to.") %></span>
|
||||
<span class="sr field-helper" id="page-number-input-helper"><%- gettext("Enter the page number you'd like to quickly navigate to.") %></span>
|
||||
</div>
|
||||
|
||||
<span class="current-page"><%= current_page %></span>
|
||||
<span class="current-page"><%- current_page %></span>
|
||||
<span class="sr"> out of </span>
|
||||
<span class="page-divider" aria-hidden="true">/</span>
|
||||
<span class="total-pages"><%= total_pages %></span>
|
||||
<span class="total-pages"><%- total_pages %></span>
|
||||
</div>
|
||||
<div class="nav-item next"><button class="nav-link next-page-link"><span class="nav-label"><%= gettext("Next") %></span> <span class="icon fa fa-angle-right" aria-hidden="true"></span></button></div>
|
||||
<div class="nav-item next"><button class="nav-link next-page-link"><span class="nav-label"><%- gettext("Next") %></span> <span class="icon fa fa-angle-right" aria-hidden="true"></span></button></div>
|
||||
</nav>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<div class="wrapper-modal wrapper-modal-image">
|
||||
<section class="image-link">
|
||||
<%= smallHTML%>
|
||||
<%= smallHTML%> <% // xss-lint: disable=underscore-not-escaped %>
|
||||
<a href="#" class="modal-ui-icon action-fullscreen" role="button">
|
||||
<span class="label">
|
||||
<span class="icon fa fa-arrows-alt fa-large" aria-hidden="true"></span> <%- gettext("Fullscreen") %>
|
||||
@@ -11,7 +11,7 @@
|
||||
<section class="image-modal">
|
||||
<section class="image-content">
|
||||
<div class="image-wrapper">
|
||||
<img alt="<%= largeALT %>, <%- gettext('Large') %>" src="<%= largeSRC %>" />
|
||||
<img alt="<%- largeALT %>, <%- gettext('Large') %>" src="<%- largeSRC %>" />
|
||||
</div>
|
||||
|
||||
<a href="#" class="modal-ui-icon action-close" role="button">
|
||||
|
||||
@@ -1,20 +1,13 @@
|
||||
(function(requirejs, require, define) {
|
||||
define([], function() {
|
||||
define(['edx-ui-toolkit/js/utils/html-utils'], function(HtmlUtils) {
|
||||
return Container;
|
||||
|
||||
function Container(state) {
|
||||
state.containerEl = $(
|
||||
'<div ' +
|
||||
'style=" ' +
|
||||
'clear: both; ' +
|
||||
'width: 665px; ' +
|
||||
'margin-left: auto; ' +
|
||||
'margin-right: auto; ' +
|
||||
'" ' +
|
||||
'></div>'
|
||||
);
|
||||
'<div style=" clear: both; width: 665px; margin-left: auto; margin-right: auto; " ></div>'
|
||||
);
|
||||
|
||||
$('#inputtype_' + state.problemId).before(state.containerEl);
|
||||
$('#inputtype_' + state.problemId).before(HtmlUtils.HTML(state.containerEl).toString());
|
||||
}
|
||||
}); // End-of: define([], function () {
|
||||
}(RequireJS.requirejs, RequireJS.require, RequireJS.define)); // End-of: (function (requirejs, require, define) {
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
if (!this.tooltip.length) {
|
||||
this.tooltip = $('<div />', {
|
||||
class: this.className
|
||||
}).appendTo(this.element);
|
||||
}).appendTo(this.element); // xss-lint: disable=javascript-jquery-insert-into-target
|
||||
}
|
||||
|
||||
this.hide();
|
||||
@@ -58,7 +58,7 @@
|
||||
pageY = typeof pageY !== 'undefined' ? pageY : element.offset().top + element.height() / 2;
|
||||
var tooltipText = $(element).attr('data-tooltip');
|
||||
this.tooltip
|
||||
.html(tooltipText)
|
||||
.text(tooltipText)
|
||||
.css(this.getCoords(pageX, pageY));
|
||||
},
|
||||
|
||||
|
||||
Reference in New Issue
Block a user