% if waffle_flag_enabled:
-
- <%static:webpack entry="AssetsPage">
+ <%static:studiofrontend page="AssetsPage" lang="fr">
+ {
+ "id": "${context_course.id | n, js_escaped_string}",
+ "name": "${context_course.display_name_with_default | n, js_escaped_string}",
+ "url_name": "${context_course.location.name | n, js_escaped_string}",
+ "org": "${context_course.location.org | n, js_escaped_string}",
+ "num": "${context_course.location.course | n, js_escaped_string}",
+ "display_course_number": "${context_course.display_coursenumber | n, js_escaped_string}",
+ "revision": "${context_course.location.revision | n, js_escaped_string}"
+ }
+
% else:
% endif
diff --git a/common/djangoapps/pipeline_mako/templates/static_content.html b/common/djangoapps/pipeline_mako/templates/static_content.html
index 6e0aecc977..9767468c2a 100644
--- a/common/djangoapps/pipeline_mako/templates/static_content.html
+++ b/common/djangoapps/pipeline_mako/templates/static_content.html
@@ -86,6 +86,45 @@ engine = Engine(dirs=settings.DEFAULT_TEMPLATE_ENGINE['DIRS'])
source, template_path = Loader(engine).load_template_source(path)
%>${source | n, decode.utf8}
+<%def name="studiofrontend(page, lang='en')">
+ <%doc>
+ Loads a studio-frontend page, with the necessary context. Context is expected
+ as a dictionary in the body of this tag.
+
+ Dev note: we could also add the locale-injection script in this block
+ -use a better default than the hardcoded 'en'. There should be a setting or something?
+ -lookup (webpack exported) locale-injection script using lang as key
+ -include it as the first script in this block
+
+ <%
+ from django.template import Template, Context
+ from webpack_loader.exceptions import WebpackLoaderBadStatsError
+ import json
+
+ def _convert_dict_to_json(input_dict):
+ output_json = "{"
+ for key in input_dict:
+ output_json = "{}{}:\"{}\",".format(output_json, key, input_dict[key])
+ output_json += "}"
+ return output_json
+
+ body = capture(caller.body)
+ body_dict = json.loads(body)
+ body_dict['lang'] = lang
+ return Template("""
+
+
+ {% load render_bundle from webpack_loader %}
+ {% render_bundle page %}
+ """).render(Context({
+ 'body': _convert_dict_to_json(body_dict),
+ 'page': page
+ }))
+ %>
+
+
<%def name="webpack(entry)">
<%doc>
Loads Javascript onto your page from a Webpack-generated bundle.
diff --git a/scripts/tests/test_xss_linter.py b/scripts/tests/test_xss_linter.py
index 2bfdd5e65b..b5239ba8b8 100644
--- a/scripts/tests/test_xss_linter.py
+++ b/scripts/tests/test_xss_linter.py
@@ -741,16 +741,22 @@ class TestMakoTemplateLinter(TestLinter):
${x | h}
${x | h}
+ <%static:studiofrontend page="${x}" lang="en">
+ ${x | h}
+
+ ${x | h}
""")
linter._check_mako_file_is_safe(mako_template, results)
- self.assertEqual(len(results.violations), 5)
+ self.assertEqual(len(results.violations), 7)
self.assertEqual(results.violations[0].rule, Rules.mako_unwanted_html_filter)
self.assertEqual(results.violations[1].rule, Rules.mako_invalid_js_filter)
self.assertEqual(results.violations[2].rule, Rules.mako_unwanted_html_filter)
self.assertEqual(results.violations[3].rule, Rules.mako_invalid_js_filter)
self.assertEqual(results.violations[4].rule, Rules.mako_unwanted_html_filter)
+ self.assertEqual(results.violations[5].rule, Rules.mako_invalid_js_filter)
+ self.assertEqual(results.violations[6].rule, Rules.mako_unwanted_html_filter)
def test_check_mako_expressions_javascript_strings(self):
"""
diff --git a/scripts/xss_linter.py b/scripts/xss_linter.py
index 42d071d971..aa89801332 100755
--- a/scripts/xss_linter.py
+++ b/scripts/xss_linter.py
@@ -2382,6 +2382,8 @@ class MakoTemplateLinter(BaseLinter):
| # require js script tag end (optionally the _async version)
<%static:webpack.*?> | # webpack script tag start
| # webpack script tag end
+ <%static:studiofrontend.*?> | # studiofrontend script tag start
+ | # studiofrontend script tag end
<%block[ ]*name=['"]requirejs['"]\w*> | # require js tag start
# require js tag end
""",