Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #27367 from edx/aakbar/xss-disable-2

Browse Source 
Refactor: disable xsslint for numerous files
This commit is contained in:
Ali Akbar
2021-04-19 15:51:30 +05:00
committed by GitHub
parent bb3be323f0 de87916768
commit 9e8684cc72
6 changed files with 38 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
common/static/js/capa/editamolecule.js
View File

@@ -148,9 +148,10 @@
function formatInfo(raw_info) {
var results = [];
var fragment;
if (raw_info.search('It is not possible') == -1) {
var fragment = $('<div>').append(raw_info);
fragment = $('<div>').append(raw_info); // xss-lint: disable=javascript-jquery-append
fragment.find('font').each(function() {
results.push($(this).html());
});
@@ -173,7 +174,7 @@
function updateMessages(message_field, values) {
var error = values.error;
if (error) {
message_field.html(error).show();
message_field.html(error).show(); // xss-lint: disable=javascript-jquery-html
} else {
// Clear messages
message_field.html('').hide();

2
common/static/js/capa/jsmolcalc/jsmolcalc.nocache.js
View File

@@ -89,7 +89,7 @@ function jsmolcalc(){
if (typeof isBodyLoaded == 'undefined' || !isBodyLoaded()) {
var markerId = '__gwt_marker_jsmolcalc';
var markerScript;
$doc_0.write('<script id="' + markerId + '"><\/script>');
$doc_0.write('<script id="' + markerId + '"><\/script>'); // xss-lint: disable=javascript-concat-html
markerScript = $doc_0.getElementById(markerId);
thisScript = markerScript && markerScript.previousSibling;
while (thisScript && thisScript.tagName != 'SCRIPT') {

1
common/static/js/capa/schematicinput.js
View File

@@ -2,6 +2,7 @@ $(function() {
// TODO: someone should fix all of this...
// $("a[rel*=leanModal]").leanModal(); //TODO: Make this work with the new modal library. Try and integrate this with the "slices"
// xss-lint: disable=javascript-jquery-append
$('body').append('\
<div id="circuit_editor_modal" class="modal hide fade"> \
<div class="modal-body"> \

2
common/static/js/capa/src/jsinput.js
View File

@@ -82,7 +82,7 @@ var JSInput = (function($, undefined) {
// Setting state presumes getting state, so don't get state
// unless set state is defined.
if (stateGetter && stateSetter) {
state = unescape(_deepKey(cWindow, stateGetter)());
state = unescape(_deepKey(cWindow, stateGetter)()); // xss-lint: disable=javascript-escape
store = {
answer: answer,
state: state

49
lms/static/js/Markdown.Converter.js
View File

@@ -1,3 +1,4 @@
/* eslint-disable */
var Markdown;
if (typeof exports === 'object' && typeof require === 'function') // we're in a CommonJS (e.g. Node.js) module
@@ -50,7 +51,7 @@ else
// file before uncommenting it.
//
(function() {
(function() {
function identity(x) { return x; }
function returnFalse(x) { return false; }
@@ -119,7 +120,7 @@ else
// (see _ProcessListItems() for details):
var g_list_level;
this.makeHtml = function(text) {
this.makeHtml = function(text) {
//
// Main function. The order in which other subs are called here is
// essential. Link and image substitutions need to happen before
@@ -241,7 +242,7 @@ else
return text;
}
function _HashHTMLBlocks(text) {
function _HashHTMLBlocks(text) {
// Hashify HTML blocks:
// We only want to do this for block-level HTML tags, such as headers,
// lists, and tables. That's because we still want to wrap <p>s around
@@ -429,7 +430,7 @@ else
text = _DoItalicsAndBold(text);
// Do hard breaks:
text = text.replace(/ +\n/g, ' <br>\n');
text = text.replace(/ +\n/g, ' <br>\n');
return text;
}
@@ -580,7 +581,7 @@ else
}
}
url = attributeSafeUrl(url);
var result = '<a href="' + url + '"';
var result = '<a href="' + url + '"'; // xss-lint: disable=javascript-concat-html
if (title != '') {
title = attributeEncode(title);
@@ -588,7 +589,7 @@ else
result += ' title="' + title + '"';
}
result += '>' + link_text + '</a>';
result += '>' + link_text + '</a>'; // xss-lint: disable=javascript-concat-html
return result;
}
@@ -686,7 +687,7 @@ else
alt_text = escapeCharacters(attributeEncode(alt_text), '*_[]()');
url = escapeCharacters(url, '*_');
var result = '<img src="' + url + '" alt="' + alt_text + '"';
var result = '<img src="' + url + '" alt="' + alt_text + '"'; // xss-lint: disable=javascript-concat-html
// attacklab: Markdown.pl adds empty title attributes to images.
// Replicate this bug.
@@ -702,7 +703,7 @@ else
return result;
}
function _DoHeaders(text) {
function _DoHeaders(text) {
// Setext-style headers:
// Header 1
// ========
@@ -711,11 +712,11 @@ else
// --------
//
text = text.replace(/^(.+)[ \t]*\n=+[ \t]*\n+/gm,
function(wholeMatch, m1) { return '<h1>' + _RunSpanGamut(m1) + '</h1>\n\n'; }
function(wholeMatch, m1) { return '<h1>' + _RunSpanGamut(m1) + '</h1>\n\n'; } // xss-lint: disable=javascript-concat-html
);
text = text.replace(/^(.+)[ \t]*\n-+[ \t]*\n+/gm,
function(matchFound, m1) { return '<h2>' + _RunSpanGamut(m1) + '</h2>\n\n'; }
function(matchFound, m1) { return '<h2>' + _RunSpanGamut(m1) + '</h2>\n\n'; } // xss-lint: disable=javascript-concat-html
);
// atx-style headers:
@@ -740,7 +741,7 @@ else
text = text.replace(/^(\#{1,6})[ \t]*(.+?)[ \t]*\#*\n+/gm,
function(wholeMatch, m1, m2) {
var h_level = m1.length;
return '<h' + h_level + '>' + _RunSpanGamut(m2) + '</h' + h_level + '>\n\n';
return '<h' + h_level + '>' + _RunSpanGamut(m2) + '</h' + h_level + '>\n\n'; // xss-lint: disable=javascript-concat-html
}
);
@@ -794,7 +795,7 @@ else
// HTML block parser. This is a hack to work around the terrible
// hack that is the HTML block parser.
result = result.replace(/\s+$/, '');
result = '<' + list_type + '>' + result + '</' + list_type + '>\n';
result = '<' + list_type + '>' + result + '</' + list_type + '>\n'; // xss-lint: disable=javascript-concat-html
return result;
});
} else {
@@ -805,7 +806,7 @@ else
var list_type = (m3.search(/[*+-]/g) > -1) ? 'ul' : 'ol';
var result = _ProcessListItems(list, list_type);
result = runup + '<' + list_type + '>\n' + result + '</' + list_type + '>\n';
result = runup + '<' + list_type + '>\n' + result + '</' + list_type + '>\n'; // xss-lint: disable=javascript-concat-html
return result;
});
}
@@ -898,7 +899,7 @@ else
item = _RunSpanGamut(item);
}
last_item_had_a_double_newline = ends_with_double_newline;
return '<li>' + item + '</li>\n';
return '<li>' + item + '</li>\n'; // xss-lint: disable=javascript-concat-html
}
);
@@ -940,7 +941,7 @@ else
codeblock = codeblock.replace(/^\n+/g, ''); // trim leading newlines
codeblock = codeblock.replace(/\n+$/g, ''); // trim trailing whitespace
codeblock = '<pre><code>' + codeblock + '\n</code></pre>';
codeblock = '<pre><code>' + codeblock + '\n</code></pre>'; // xss-lint: disable=javascript-concat-html
return '\n\n' + codeblock + '\n\n' + nextChar;
}
@@ -1003,7 +1004,7 @@ else
c = c.replace(/[ \t]*$/g, ''); // trailing whitespace
c = _EncodeCode(c);
c = c.replace(/:\/\//g, '~P'); // to prevent auto-linking. Not necessary in code *blocks*, but in code spans. Will be converted back after the auto-linker runs.
return m1 + '<code>' + c + '</code>';
return m1 + '<code>' + c + '</code>'; // xss-lint: disable=javascript-concat-html
}
);
@@ -1040,7 +1041,7 @@ else
return text;
}
function _DoItalicsAndBold(text) {
function _DoItalicsAndBold(text) {
// <strong> must go first:
text = text.replace(/([\W_]|^)(\*\*|__)(?=\S)([^\r]*?\S[\*_]*)\2([\W_]|$)/g,
'$1<strong>$3</strong>$4');
@@ -1051,7 +1052,7 @@ else
return text;
}
function _DoBlockQuotes(text) {
function _DoBlockQuotes(text) {
/*
text = text.replace(/
( // Wrap whole match in $1
@@ -1092,7 +1093,7 @@ else
return pre;
});
return hashBlock('<blockquote>\n' + bq + '\n</blockquote>');
return hashBlock('<blockquote>\n' + bq + '\n</blockquote>'); // xss-lint: disable=javascript-concat-html
}
);
return text;
@@ -1128,7 +1129,7 @@ else
str = str.replace(/^([ \t]*)/g, '<p>');
str += '</p>';
grafsOut.push(str);
}
}
}
//
// Unhashify HTML blocks
@@ -1183,7 +1184,7 @@ else
return text;
}
function _DoAutoLinks(text) {
function _DoAutoLinks(text) {
// note that at this point, all other URL in the text are already hyperlinked as <a href=""></a>
// *except* for the <http://www.foo.com> case
@@ -1193,7 +1194,7 @@ else
// autolink anything like <http://example.com>
var replacer = function(wholematch, m1) { return '<a href="' + m1 + '">' + pluginHooks.plainLinkText(m1) + '</a>'; };
var replacer = function(wholematch, m1) { return '<a href="' + m1 + '">' + pluginHooks.plainLinkText(m1) + '</a>'; }; // xss-lint: disable=javascript-concat-html
text = text.replace(/<((https?|ftp):[^'">\s]+)>/gi, replacer);
// Email addresses: <address@domain.foo>
@@ -1298,6 +1299,6 @@ else
function escapeCharacters_callback(wholeMatch, m1) {
var charCodeToEscape = m1.charCodeAt(0);
return '~E' + charCodeToEscape + 'E';
}
}; // end of the Markdown.Converter constructor
}
}; // end of the Markdown.Converter constructor
}());

14
lms/static/js/Markdown.Editor.js
View File

@@ -870,7 +870,7 @@
var sibling = preview.nextSibling;
parent.removeChild(preview);
preview.innerHTML = text;
if (!sibling) { parent.appendChild(preview); } else { parent.insertBefore(preview, sibling); }
if (!sibling) { parent.appendChild(preview); } else { parent.insertBefore(preview, sibling); } // eslint-disable-line max-len, xss-lint: disable=javascript-jquery-insert-into-target
};
var nonSuckyBrowserPreviewSet = function(text) {
@@ -1053,7 +1053,7 @@
}
document.getElementById('wmd-editor-dialog-form-errors').textContent = [
interpolate(
interpolate( // eslint-disable-line no-undef, xss-lint: disable=javascript-interpolate
ngettext(
// Translators: 'errorCount' is the number of errors found in the form.
'%(errorCount)s error found in form.', '%(errorCount)s errors found in form.',
@@ -1523,7 +1523,7 @@
};
commandProto.wrap = function(chunk, len) {
this.unwrap(chunk);
this.unwrap(chunk); // xss-lint: disable=javascript-jquery-insertion
var regex = new re('(.{1,' + len + '})( +|$\\n?)', 'gm'),
that = this;
@@ -1935,13 +1935,13 @@
};
if (/^(?![ ]{0,3}>)/m.test(chunk.selection)) {
this.wrap(chunk, SETTINGS.lineLength - 2);
this.wrap(chunk, SETTINGS.lineLength - 2); // xss-lint: disable=javascript-jquery-insertion
chunk.selection = chunk.selection.replace(/^/gm, '> ');
replaceBlanksInTags(true);
chunk.skipLines();
} else {
chunk.selection = chunk.selection.replace(/^[ ]{0,3}> ?/gm, '');
this.unwrap(chunk);
this.unwrap(chunk); // xss-lint: disable=javascript-jquery-insertion
replaceBlanksInTags(false);
if (!/^(\n|^)[ ]{0,3}>/.test(chunk.selection) && chunk.startTag) {
@@ -2073,7 +2073,7 @@
var hasDigits = /\d+[.]/.test(chunk.startTag);
chunk.startTag = '';
chunk.selection = chunk.selection.replace(/\n[ ]{4}/g, '\n');
this.unwrap(chunk);
this.unwrap(chunk); // xss-lint: disable=javascript-jquery-insertion
chunk.skipLines();
if (hasDigits) {
@@ -2114,7 +2114,7 @@
chunk.skipLines(nLinesUp, nLinesDown, true);
chunk.startTag = prefix;
var spaces = prefix.replace(/./g, ' ');
this.wrap(chunk, SETTINGS.lineLength - spaces.length);
this.wrap(chunk, SETTINGS.lineLength - spaces.length); // xss-lint: disable=javascript-jquery-insertion
chunk.selection = chunk.selection.replace(/\n/g, '\n' + spaces);
};