Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35,824 Commits 1 Branch 0 Tags
69339390c7b4da3bb04e4ffae313f8d4c764b478
Commit Graph

35824 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ned Batchelder
69339390c7 Merge pull request #11910 from edx/ned/safe-templates-1 
Safe templates for static_templates
 2016-03-23 20:36:43 -04:00
Renzo Lucioni
40ef82d513 Merge pull request #11911 from edx/renzo/safe-templates 
Secure templates used to inject Segment and Optimizely
 2016-03-23 17:15:11 -04:00
Ned Batchelder
e53e5d9d03 Safe templates for static_templates 2016-03-23 17:04:40 -04:00
Akiva Leffert
f0d8d48a02 Merge pull request #11914 from edx/aleffert/sidebar-template 
Mark register-sidebar template safe by default
 2016-03-23 16:32:08 -04:00
Simon Chen
d871447207 Merge pull request #11894 from edx/schen/xss-fix-dashboard-course-upsell 
Escape properly the elements on the dashboard xseries upsell template
 2016-03-23 16:24:08 -04:00
Simon Chen
97590928ad Merge branch 'master' into schen/xss-fix-dashboard-course-upsell 2016-03-23 16:24:01 -04:00
Eric Fischer
41c1c30f2b Merge pull request #11917 from edx/efischer/fix_safe_linter 
Safe template linter should use DOTALL
 2016-03-23 16:11:19 -04:00
Eric Fischer
7cfa0fa111 Safe template linter should use DOTALL 
MULTILINE has to do with how '^' and '$' behave, DOTALL will make the
'.' match newlines as well. This catches several failures that were
previously missed.
 2016-03-23 15:59:29 -04:00
Daniel Friedman
08ddeca426 Merge pull request #11912 from edx/dan-f/fix-accidental-extra-escaping 
Fix accidental extra escaping
 2016-03-23 15:55:18 -04:00
Simon Chen
79783800b4 Escape properly the elements on the dashboard xseries upsell template 2016-03-23 15:41:30 -04:00
Akiva Leffert
d44b4d28ce Mark register-sidebar template safe by default 2016-03-23 15:10:07 -04:00
Daniel Friedman
56b1196246 Fix accidental extra escaping 2016-03-23 14:46:35 -04:00
Renzo Lucioni
a104d82e70 Secure templates used to inject Segment and Optimizely 2016-03-23 14:40:24 -04:00
Daniel Friedman
679cdc3775 Merge pull request #11893 from edx/dan-f/make-cms-activation_invalid-safe 
Make CMS activation_invalid template safe by default
 2016-03-23 13:55:51 -04:00
Daniel Friedman
0b6faee467 Merge pull request #11891 from edx/dan-f/make-cms-activation_complete-safe 
Make CMS activation_complete template safe by default
 2016-03-23 13:55:11 -04:00
Jesse Zoldak
1b1f39527b Merge pull request #11902 from edx/zoldak/html-escape-mako-without-variables 
Add h filter page directive to cms mako templates without variables
 2016-03-23 13:30:46 -04:00
Michael Katz
c4a18db989 Merge pull request #11896 from edx/mkatz/3pauthsafetemplate 
add filter to profile page
 2016-03-23 13:11:49 -04:00
Peter Fogg
d28e0a277e Merge pull request #11895 from edx/peter-fogg/linter-fixes 
Minor fixes to the safe template linter.
 2016-03-23 12:39:28 -04:00
M. Rehan
8459b5be77 Merge pull request #10705 from edx/mrehan/SUST-22 
Implement 'from_string_or_404' in utils
 2016-03-23 21:26:39 +05:00
Peter Fogg
5d8a5d97e1 Merge pull request #11892 from edx/peter-fogg/remove-teams-wires 
Remove old teams example templates.
 2016-03-23 12:08:24 -04:00
Jesse Zoldak
6f0d1157f1 Add h filter page directive to cms mako templates without variables 
The files to change were found with:
`ack --literal --type=html --match '${' --files-without-matches cms/templates`
 2016-03-23 12:05:12 -04:00
Peter Fogg
6661063b5a Minor fixes to the safe template linter. 2016-03-23 11:38:45 -04:00
Michael Katz
4d6c787930 add filter 2016-03-23 11:34:21 -04:00
Daniel Friedman
48e2299e47 Make CMS activation_invalid template safe by default 2016-03-23 11:21:50 -04:00
Peter Fogg
11bb281019 Remove old teams example templates. 2016-03-23 11:19:01 -04:00
Daniel Friedman
ea347c7a9b Make CMS activation_complete template safe by default 2016-03-23 11:11:08 -04:00
Muhammad Rehan
771a7d06ca Implement 'from_string_or_404' util and its example usage. 2016-03-23 20:10:32 +05:00
Vedran Karačić
88aa4a9055 Merge pull request #11852 from edx/vkaracic/SOL-1712 
Change EcommerceService's is_enabled to accept User instead of request
 2016-03-23 09:40:56 +01:00
vkaracic
3c8ae7c3b2 Change EcommerceService's is_enabled to accept User instead of request 
. And change the verification link in the sidebar to redirect to new basket if the EcommerceService is enabled.
 2016-03-23 07:44:55 +00:00
Mushtaq Ali
5deb07d904 Merge pull request #11884 from edx/mushtaq/edx-ora2-version-1.1.1 
ORA2 version update
 2016-03-23 02:26:26 +05:00
Andy Armstrong
c7336b3d68 Merge pull request #11880 from edx/andya/add-ui-toolkit-only 
Add the UI Toolkit to edx-platform
 2016-03-22 16:34:54 -04:00
M. Rehan
c9e1a86086 Merge pull request #11860 from edx/adam/fix-math-input-ajax 
TNL-4217 – Initialize preview once for an input for the first time
 2016-03-23 00:58:18 +05:00
Andy Armstrong
0177eeded4 Add the UI Toolkit to edx-platform 
UITK-75
 2016-03-22 15:31:27 -04:00
Mushtaq Ali
1b60f73119 ORA2 version update to 1.1.1. Includes bug fixes for TNL-4268 2016-03-23 00:24:26 +05:00
Adam Palay
d3a467d366 Only add event listener if it hasn't been added yet 2016-03-23 00:00:27 +05:00
Ben Patterson
3332721948 Merge pull request #11867 from edx/benp/courseteam-flaky-fix 
Fix flaky condition that's showing up in firefox 42.
 2016-03-22 13:55:59 -04:00
Jesse Zoldak
a77000a89c Merge pull request #11881 from edx/zoldak/TE-1235 
Remove executable bit from test file  TE-1235
 2016-03-22 13:40:34 -04:00
Eric Fischer
c97a6a5178 Merge pull request #11758 from edx/christina/xss-tests 
Bok choy XSS changes
 2016-03-22 13:02:47 -04:00
Ben Patterson
44c7c927ed Merge pull request #11869 from edx/benp/bok-choy-race-condition 
Wait for numerical selection to load before continuing.
 2016-03-22 12:55:33 -04:00
Simon Chen
f2b7ca6f18 Merge pull request #11873 from edx/release 
Merge release 2016-03-22 back to master
 2016-03-22 12:12:56 -04:00
Andy Armstrong
4796d4f70a Merge pull request #11876 from edx/andya/revert-underscore-string-upgrade 
Revert "Upgrade underscore.string.min.js."
 2016-03-22 11:55:34 -04:00
Adam
6fc8da2769 Merge pull request #11875 from edx/adam/fix-typo 
fix typo on testing.rst page
 2016-03-22 11:54:41 -04:00
Ben Patterson
c6a2afa037 Wait for numerical selection to load before continuing. 
TNL-4272
 2016-03-22 11:53:54 -04:00
Jesse Zoldak
7e79d335a6 Remove executable bit from test file TE-1235 2016-03-22 11:46:06 -04:00
Andy Armstrong
e854690a99 Revert "Upgrade underscore.string.min.js." 
This reverts commit e5c7fdda03.

Unfortunately this change broke bundling on sandboxes, so reverting
it so that master isn't left in a bad state.
 2016-03-22 10:44:19 -04:00
Robert Raposa
f150fd9b3a Merge pull request #11800 from edx/robrap/safe-template-linter 
TNL-4214: Add safe template linter
 2016-03-22 10:40:29 -04:00
Adam Palay
82aad56e62 fix typo on testing.rst page 2016-03-22 10:25:01 -04:00
Eric Fischer
6bb06e5055 Update bok-choy requirement 2016-03-22 10:16:30 -04:00
Eric Fischer
be00a96129 Get environment variable for bok-choy-custom runs 2016-03-22 10:16:30 -04:00
cahrens
0c9937889b Enabling XSS vulnerability flag for bok choy tests 2016-03-22 10:16:27 -04:00