Make base.html Mako template safe by default by:
1. Add page-level default of html escaping
2. Fix escaping of all variables in base.html
3. Fix escaping of all dependent underscore templates
Also includes additional best practices for certificates and
textbooks JavaScript/Underscore in order to complete that work.
TNL-3425
We added the ability here to check if a role has a user in with the ability to refresh the role cache before checking. Since some tests will make inline requests, which in turn put a user into a new role, we have to refresh afterwards otherwise we won't see that new role in place. Since we don't want to automatically refresh ever, we just added a way to request it, since we know in this test that we're doing something, effectively, out-of-band, which necessitates it.
The function initializeXBlock() expects a DOM element, and is passed one in most
cases. However, when adding a new XBlock component in Studio, the function is
passed a jQuery object, which ends up being forwarded to the actual
initialisation function of the XBlock.
- Rename escape_json_dumps to dump_js_escaped_json
- Rename escape_js_string to js_escaped_string
- Update js_escaped_string to output empty string for None
- Introduce dump_html_escaped_json
- Move dump_js_escaped_json after the pipe as new best practice
- Introduce additional uses of helpers
- Introduce new djangolib directory and move js_utils
Collectstatic failed in production when comprehensive theme contained custom css files.
This patch fixes that problem by removing ComprehensiveThemeFinder from STATICFILES_FINDERS
and ComprehensiveThemingAware mixin from STATICFILES_STORAGE.
Comprehensive theme static dirs are added to the top of the STATICFILES_DIRS entry,
which means that the default django FilesystemFinder will find theme static files,
and since the theme folder is at the top of STATICFILES_DIRS, theme files will take
precedence over default LMS/CMS static files.
This change means that theme static file URLs are no longer prefixed with themes/<theme-name>/,
but since we currently only support one comprehensive theme at a time, that shouldn't be a problem.
If/when we want to make the choice of a theme dynamic per-request (microsites?), we will have to
bring custom theme finders and storage mixins back, but for now, we don't need them.
