From 9135e7286d162e7038c3b67f2c01254ba93a0729 Mon Sep 17 00:00:00 2001 From: Simon Chen Date: Thu, 18 May 2017 15:57:02 -0400 Subject: [PATCH] Disable script auto-eval on lms --- lms/static/lms/js/require-config.js | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/lms/static/lms/js/require-config.js b/lms/static/lms/js/require-config.js index 4e0638411a..05d3f3dd7f 100644 --- a/lms/static/lms/js/require-config.js +++ b/lms/static/lms/js/require-config.js @@ -4,7 +4,7 @@ (function(require, define) { 'use strict'; - var defineDependency; + var defineDependency, librarySetup; // We do not wish to bundle common libraries (that may also be used by non-RequireJS code on the page // into the optimized files. Therefore load these libraries through script tags and explicitly define them. @@ -31,15 +31,27 @@ console.error('Expected library to be included on page, but not found on window object: ' + name); } }; + + librarySetup = function() { + // This is the function to setup all the vendor libraries + + // Underscore.string no longer installs itself directly on '_'. For compatibility with existing + // code, add it to '_' with its previous name. + if (window._ && window.s) { + window._.str = window.s; + } + + window.$.ajaxSetup({ + contents: { + script: false + } + }); + }; + defineDependency('jQuery', 'jquery'); defineDependency('jQuery', 'jquery-migrate'); defineDependency('_', 'underscore'); defineDependency('s', 'underscore.string'); - // Underscore.string no longer installs itself directly on '_'. For compatibility with existing - // code, add it to '_' with its previous name. - if (window._ && window.s) { - window._.str = window.s; - } defineDependency('gettext', 'gettext'); defineDependency('Logger', 'logger'); defineDependency('URI', 'URI'); @@ -52,6 +64,8 @@ // utility.js adds two functions to the window object, but does not return anything defineDependency('isExternal', 'utility', true); + + librarySetup(); } require.config({