Nimisha Asthagiri
0c604da9ee
Merge pull request #11900 from edx/nasthagiri/css-template
...
XSS Safe by default: dashboard, header, footer, navigation, help_modal
2016-03-31 17:25:30 -04:00
Nimisha Asthagiri
432c570628
XSS Safe default - header.html, navigation.html, help_modal.html
2016-03-31 16:34:33 -04:00
sanfordstudent
fd37948726
Merge pull request #11989 from edx/release
...
Release
2016-03-30 11:22:23 -04:00
Carol Tong
4ab75c7c00
Update help text on Grading Assignment Types page
2016-03-29 15:39:24 -04:00
Calen Pennington
37813d1820
Merge pull request #11958 from cpennington/cale/xss
...
Make (some) Mako templates HTML escaped by default
2016-03-29 11:03:31 -04:00
Calen Pennington
683151a238
XSS escape cms/templates/course-create-rerun.html
2016-03-29 08:51:22 -04:00
Calen Pennington
b81a15d57f
XSS escape cms/templates/course_outline.html
2016-03-29 08:51:22 -04:00
cahrens
39dc8a5915
Perform esacaping in the templates.
...
Use new best practices.
2016-03-28 15:05:40 -04:00
Sanford Student
ed7237b671
fixing typo in template
2016-03-25 16:50:28 -04:00
Daniel Friedman
a0654f93a2
Merge pull request #11890 from edx/dan-f/make-cms-500-safe
...
Make CMS 500 template safe by default
2016-03-24 11:24:12 -04:00
Daniel Friedman
32f6bc0791
Merge pull request #11887 from edx/dan-f/make-cms-404-safe
...
Make CMS 404 template safe by default
2016-03-24 11:23:13 -04:00
Daniel Friedman
c210d918b2
Make CMS 404 template safe by default
2016-03-24 10:31:42 -04:00
Daniel Friedman
0fd137c271
Make CMS 500 template safe by default
2016-03-24 09:51:55 -04:00
Renzo Lucioni
40ef82d513
Merge pull request #11911 from edx/renzo/safe-templates
...
Secure templates used to inject Segment and Optimizely
2016-03-23 17:15:11 -04:00
Calen Pennington
ac951c4bd2
XSS escape cms/templates/course_info.html
2016-03-23 16:12:41 -04:00
Calen Pennington
53a2960941
XSS escape cms/templates/component.html
2016-03-23 16:12:40 -04:00
Calen Pennington
7922dcbb9c
XSS escape cms/templates/js/asset.underscore
2016-03-23 16:12:40 -04:00
Calen Pennington
485c542838
XSS escape cms/templates/js/asset-library.underscore
2016-03-23 16:12:40 -04:00
Calen Pennington
b91d1f2256
XSS escape cms/templates/asset_index.html
2016-03-23 16:12:40 -04:00
Daniel Friedman
56b1196246
Fix accidental extra escaping
2016-03-23 14:46:35 -04:00
Renzo Lucioni
a104d82e70
Secure templates used to inject Segment and Optimizely
2016-03-23 14:40:24 -04:00
Daniel Friedman
679cdc3775
Merge pull request #11893 from edx/dan-f/make-cms-activation_invalid-safe
...
Make CMS activation_invalid template safe by default
2016-03-23 13:55:51 -04:00
Daniel Friedman
0b6faee467
Merge pull request #11891 from edx/dan-f/make-cms-activation_complete-safe
...
Make CMS activation_complete template safe by default
2016-03-23 13:55:11 -04:00
Jesse Zoldak
6f0d1157f1
Add h filter page directive to cms mako templates without variables
...
The files to change were found with:
`ack --literal --type=html --match '${' --files-without-matches cms/templates`
2016-03-23 12:05:12 -04:00
Daniel Friedman
48e2299e47
Make CMS activation_invalid template safe by default
2016-03-23 11:21:50 -04:00
Calen Pennington
2607f8a98c
XSS escape cms/templates/activation_active.html
2016-03-23 11:17:17 -04:00
Daniel Friedman
ea347c7a9b
Make CMS activation_complete template safe by default
2016-03-23 11:11:08 -04:00
cahrens
358ed2559a
Fix improper escaping.
2016-03-21 16:01:04 -04:00
cahrens
dd2a203677
Upgrade underscore to newest version.
...
FEDX-24
2016-03-16 17:08:27 -04:00
Andy Armstrong
06daf79b94
Upgrade RequireJS
...
FEDX-105
2016-03-16 12:42:00 -04:00
Calen Pennington
f092550945
Merge pull request #11562 from CredoReference/tags-selectbox-in-studio-based-on-xblockasides
...
XBlockAside improvement. Difficulty selectbox in Studio (based on new XBlockAside functionality)
2016-03-10 10:32:22 -05:00
Jonathan Piacenti
f1c1c7c146
Fix escaping issue in studio xblock wrapper for display name.
2016-03-04 13:38:20 -06:00
Andrew Gaylard
2fe0bf5a98
Fix TNL-3429.
2016-03-04 13:38:20 -06:00
Robert Raposa
8e1e4a4715
Use markup HTML helper with Text
...
TNL-4160
2016-03-04 10:44:41 -05:00
Dmitry Viskov
209ddc700d
Difficulty selectbox in Studio (based on new XBlockAside functionality). Include:
...
- adaptation asides to be imported from the XML
- updating SplitMongo to handle XBlockAsides (CRUD operations)
- updating Studio to handle XBlockAsides handler calls
- updating xblock/core.js to properly init XBlockAsides JavaScript
2016-03-02 03:37:13 +03:00
clrux
650c95f9c3
Merge pull request #11501 from edx/clrux/ac-328-uxpl
...
AC-328 adding UXPL classnames to headings
2016-03-01 07:23:07 -05:00
Chris Rodriguez
c619e1ec6b
Adding UXPL classnames to headings
2016-02-29 15:43:17 -05:00
Mushtaq Ali
3dc73c655b
Display studio name properly on empty course page.
2016-02-29 17:11:55 +05:00
Christine Lytwynec
41febaa875
Merge pull request #11565 from edx/clytwynec/ac-234
...
Remove hgroup usage
2016-02-19 16:06:22 -05:00
Michael Frey
5903ef832c
Merge pull request #11584 from edx/release
...
Merging release back to master
2016-02-18 14:55:25 -05:00
Mushtaq Ali
689bb73b84
Merge pull request #11551 from edx/mushtaq/fix-tnl4006
...
Studio homepage escaping
2016-02-18 22:52:01 +05:00
Mushtaq Ali
7a9991e95c
Studio homepage escaping
2016-02-18 21:10:21 +05:00
Bill DeRusha
b686abc18d
Disable mailchimp integration for most segment identify requests
2016-02-17 17:10:48 -05:00
Christine Lytwynec
57b7034e5b
Remove hgroup usage
2016-02-17 12:05:15 -05:00
clrux
21aa7edd1c
Merge pull request #9909 from edx/clrux/ac-179
...
AC-179 fixing skip links
2016-02-17 09:09:27 -05:00
Chris Rodriguez
2a4e141e0e
LMS: fixing skip links and adding a11y tests
2016-02-17 07:46:42 -05:00
Robert Raposa
b69c6d62bf
Make base.html Mako template safe by default
...
Make base.html Mako template safe by default by:
1. Add page-level default of html escaping
2. Fix escaping of all variables in base.html
3. Fix escaping of all dependent underscore templates
Also includes additional best practices for certificates and
textbooks JavaScript/Underscore in order to complete that work.
TNL-3425
2016-02-16 13:19:24 -05:00
srpearce
b68beea4df
Merge pull request #11508 from edx/sylvia/DOC-2692
...
Update help text for Pages page in Studio to reflect Courseware-Course etc change
2016-02-16 11:12:04 -05:00
cahrens
30c42e724d
Ensure that window.course is avaiable before anyone accesses it.
...
TNL-4106
2016-02-10 15:59:45 -05:00
Sylvia Pearce
97228f3b92
Update help text for Pages page in Studio to reflect Courseware-Course etc change
2016-02-10 13:26:47 -05:00
