* testing
* updates to drop down
* unit tests. env changes were copied based on other MFEs in LMS
* added exam settings link to other course settings pages
* fixed pylint errors
* updates for requested changes
* updates for requested changes, as well as changes for xss linter
- Rename escape_json_dumps to dump_js_escaped_json
- Rename escape_js_string to js_escaped_string
- Update js_escaped_string to output empty string for None
- Introduce dump_html_escaped_json
- Move dump_js_escaped_json after the pipe as new best practice
- Introduce additional uses of helpers
- Introduce new djangolib directory and move js_utils
Make escaping for json simpler and more consistent in Mako templates
- add escape_json_dumps to escape and json.dumps
- add escape_js_str to escape javascript string
- refactor Studio to use escape_json_dumps in Mako templates
TNL-2646: Escape json.dumps
- Resolve SEC-27 by escaping course name in advanced settings
- Add escape_json_dumps to simplify escaping json in Mako templates
SEC-27: XSS/JS Error in Advanced Settings with invalid course name
This commit adds validation for course advanced settings. Currently when course
administrators make invalid changes in the Settings/Advanced Settings tab,
they're not notified through a new modal window of the list of invalid settings
changes.
* Extending CourseMetadata
- Previously, we only had update_from_json method in CourseMetadata.py,
and it was only validating one field every POST request.
- Now we have validate_and_update_from_json method that encapsulates the
functionality of update_from_json into a validation call
- To avoid discrepancy of validation standards between modules, validation
uses the from_json method implemented to each field in xblock.
* Different Response in advanced settings ajax requests
- After receiving a POST ajax request, course.py calls
validate_and_update_from_json, and sends a json object of either:
1) valid course metadata model
2) error objects
* Error Messages shown in validation-error-modal
- error objects passed through ajax are shown in a separate modal.
To translate strings in mako templates, the pattern of ```${_()}``` should be used instead of ```gettext``` even if the strings to be translated is located in a ```script``` block.
This commit adds all of cms.
These keys are now objects with a limited interface, and the particular
internal representation is managed by the data storage layer (the
modulestore).
For the LMS, there should be no outward-facing changes to the system.
The keys are, for now, a change to internal representation only. For
Studio, the new serialized form of the keys is used in urls, to allow
for further migration in the future.
Co-Author: Andy Armstrong <andya@edx.org>
Co-Author: Christina Roberts <christina@edx.org>
Co-Author: David Baumgold <db@edx.org>
Co-Author: Diana Huang <dkh@edx.org>
Co-Author: Don Mitchell <dmitchell@edx.org>
Co-Author: Julia Hansbrough <julia@edx.org>
Co-Author: Nimisha Asthagiri <nasthagiri@edx.org>
Co-Author: Sarina Canelake <sarina@edx.org>
[LMS-2370]
