- Rename escape_json_dumps to dump_js_escaped_json
- Rename escape_js_string to js_escaped_string
- Update js_escaped_string to output empty string for None
- Introduce dump_html_escaped_json
- Move dump_js_escaped_json after the pipe as new best practice
- Introduce additional uses of helpers
- Introduce new djangolib directory and move js_utils
Format responses as a JSON dict containing an error_code and a
developer_message. user_message is not necessary, as these are API
level errors, not seen by end users.
MA-1900
- Remove escaping in display_name_with_default
- Move escaped version to deprecated display_name_with_default_escaped
- Does not include any other changes to remove double-escaping
Thanks to agaylard who initiated this work:
https://github.com/edx/edx-platform/pull/10756
TNL-3425
Course teams occasionally upload very large files as their course
image. Before this commit, those images would be used directly in
the student's dashboard, sometimes leading to MBs worth of image
data on that page. With this commit, we now auto-generate small
and large thumbnails of configurable size. The Student Dashboard
and Course About pages will make use of this new functionality
(CourseOverview.image_urls), but the behavior of
CourseOverview.course_image_url will not change.
Note that the thumbnails are still created in the contentstore,
and sit alongside their originals.
What's included:
1. Multiple sizes, currently starting with "raw", "small", and
"large". This falls back to the current behavior automatically in
the case where thumbnails don't exist or this feature has been
disabled in configuration.
2. Django admin based configuration for image sizes and whether
to enable the functionality at all. Note that to regenerate
images, you'd need to wipe the CourseOverviewImageSet model
rows -- it doesn't do that automatically. This is partly because
it's a very rare operation, and partly because I'm not entirely
sure what the longer term invalidation strategy should be in a
world where we might potentially have multiple themes. The
flexible configuration was intended to allow better customization
and theming.
3. The Course About pages also use the new thumbnail functionality,
as an example of "large". This is in addition to the "small"
used on the student dashboard.
Things I'm punting on for now (followup PRs welcome!):
1. Bringing the thumbnails to course discovery. A quick attempt
to do so showed that it wasn't getting properly invalidated
and updated when publishes happen (so the old image still showed
up). It probably has something to do with when we do the
re-indexing because it stores this data in elasticsearch, but
I'm not going to chase it down right now.
2. Center-cropping. While this is a nice-to-have feature, the
behavior in this PR is no worse than what already exists in
master in terms of image distortion (letting the browser handle
it).
3. Automated invalidation of the images when a new config is
created.
- The permission now checks the correct request attribute (GET instead of data).
- The Credit API view test has been updated to check for the positive access instead of just denial.
ECOM-3096
* Catalog results are now paginated
* Implements the new namespaced pagination described at
https://openedx.atlassian.net/wiki/pages/viewpage.action?pageId=47481813
* API level code returns pythonic business objects
* View layer performs serialize at the view layer
* Convert views to use DRF generic views
* Removes an unintentional authentication decorator that caused
the detail endpoint to return a 401 for anonymous users
MA-1724
Extends the Programs ConfigurationModel, cleans up Programs-related utilities and corresponding tests, and corrects caching. Uses the Programs API to list programs within Studio. ECOM-2769.
Make escaping for json simpler and more consistent in Mako templates
- add escape_json_dumps to escape and json.dumps
- add escape_js_str to escape javascript string
- refactor Studio to use escape_json_dumps in Mako templates
TNL-2646: Escape json.dumps
- Resolve SEC-27 by escaping course name in advanced settings
- Add escape_json_dumps to simplify escaping json in Mako templates
SEC-27: XSS/JS Error in Advanced Settings with invalid course name
