Merge pull request #11911 from edx/renzo/safe-templates
Secure templates used to inject Segment and Optimizely
This commit is contained in:
Renzo Lucioni
@@ -1,3 +1,6 @@
|
||||
<%page expression_filter="h"/>
|
||||
<%! from openedx.core.djangolib.js_utils import js_escaped_string %>
|
||||
|
||||
% if settings.CMS_SEGMENT_KEY:
|
||||
<!-- begin segment footer -->
|
||||
<script type="text/javascript">
|
||||
@@ -6,10 +9,10 @@
|
||||
// screws up RequireJS' JQuery initialization.
|
||||
var onLoadCallback = function() {
|
||||
analytics.identify(
|
||||
"${user.id}",
|
||||
"${ user.id | n, js_escaped_string }",
|
||||
{
|
||||
email: "${user.email}",
|
||||
username: "${user.username}"
|
||||
email: "${ user.email | n, js_escaped_string }",
|
||||
username: "${ ser.username | n, js_escaped_string }"
|
||||
},
|
||||
{
|
||||
integrations: {
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
<%! from django.template.defaultfilters import escapejs %>
|
||||
<%page expression_filter="h"/>
|
||||
<%! from openedx.core.djangolib.js_utils import js_escaped_string %>
|
||||
|
||||
% if context_course:
|
||||
<%
|
||||
@@ -11,12 +12,12 @@
|
||||
<script type="text/javascript">
|
||||
// if inside course, inject the course location into the JS namespace
|
||||
%if context_course:
|
||||
var course_location_analytics = "${locator | escapejs}";
|
||||
var course_location_analytics = "${ locator | n, js_escaped_string }";
|
||||
%endif
|
||||
|
||||
// Asynchronously load Segment's analytics.js library
|
||||
!function(){var analytics=window.analytics=window.analytics||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","reset","group","track","ready","alias","page","once","off","on"];analytics.factory=function(t){return function(){var e=Array.prototype.slice.call(arguments);e.unshift(t);analytics.push(e);return analytics}};for(var t=0;t<analytics.methods.length;t++){var e=analytics.methods[t];analytics[e]=analytics.factory(e)}analytics.load=function(t){var e=document.createElement("script");e.type="text/javascript";e.async=!0;e.src=("https:"===document.location.protocol?"https://":"http://")+"cdn.segment.com/analytics.js/v1/"+t+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(e,n)};analytics.SNIPPET_VERSION="3.1.0";
|
||||
analytics.load("${ settings.CMS_SEGMENT_KEY }");
|
||||
analytics.load("${ settings.CMS_SEGMENT_KEY | n, js_escaped_string }");
|
||||
analytics.page();
|
||||
}}();
|
||||
// Note: user tracking moved to segment-io-footer.html
|
||||
@@ -26,7 +27,7 @@
|
||||
<!-- dummy Segment -->
|
||||
<script type="text/javascript">
|
||||
%if context_course:
|
||||
var course_location_analytics = "${locator | escapejs}";
|
||||
var course_location_analytics = "${ locator | n, js_escaped_string }";
|
||||
%endif
|
||||
var analytics = {
|
||||
"track": function() {}
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
<%page expression_filter="h"/>
|
||||
|
||||
% if settings.OPTIMIZELY_PROJECT_ID and not disable_optimizely:
|
||||
<script src=${'//cdn.optimizely.com/js/{}.js'.format(settings.OPTIMIZELY_PROJECT_ID)}></script>
|
||||
<script src=${ '//cdn.optimizely.com/js/{}.js'.format(settings.OPTIMIZELY_PROJECT_ID) }></script>
|
||||
% endif
|
||||
|
||||
@@ -1,13 +1,16 @@
|
||||
<%page expression_filter="h"/>
|
||||
<%! from openedx.core.djangolib.js_utils import js_escaped_string %>
|
||||
|
||||
% if settings.LMS_SEGMENT_KEY:
|
||||
<!-- begin segment footer -->
|
||||
<script type="text/javascript">
|
||||
% if user.is_authenticated():
|
||||
$(window).load(function() {
|
||||
analytics.identify(
|
||||
"${user.id}",
|
||||
"${ user.id | n, js_escaped_string }",
|
||||
{
|
||||
email: "${user.email}",
|
||||
username: "${user.username}"
|
||||
email: "${ user.email | n, js_escaped_string }",
|
||||
username: "${ user.username | n, js_escaped_string }"
|
||||
},
|
||||
{
|
||||
integrations: {
|
||||
|
||||
@@ -1,9 +1,12 @@
|
||||
<%page expression_filter="h"/>
|
||||
<%! from openedx.core.djangolib.js_utils import js_escaped_string %>
|
||||
|
||||
% if settings.LMS_SEGMENT_KEY:
|
||||
<!-- begin Segment -->
|
||||
<script type="text/javascript">
|
||||
// Asynchronously load Segment's analytics.js library
|
||||
!function(){var analytics=window.analytics=window.analytics||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","reset","group","track","ready","alias","page","once","off","on"];analytics.factory=function(t){return function(){var e=Array.prototype.slice.call(arguments);e.unshift(t);analytics.push(e);return analytics}};for(var t=0;t<analytics.methods.length;t++){var e=analytics.methods[t];analytics[e]=analytics.factory(e)}analytics.load=function(t){var e=document.createElement("script");e.type="text/javascript";e.async=!0;e.src=("https:"===document.location.protocol?"https://":"http://")+"cdn.segment.com/analytics.js/v1/"+t+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(e,n)};analytics.SNIPPET_VERSION="3.1.0";
|
||||
analytics.load("${ settings.LMS_SEGMENT_KEY }");
|
||||
analytics.load("${ settings.LMS_SEGMENT_KEY | n, js_escaped_string }");
|
||||
analytics.page();
|
||||
}}();
|
||||
// Note: user tracking moved to segment-io-footer.html
|
||||
|
||||
Reference in New Issue
Block a user