Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36,216 Commits 1 Branch 0 Tags
9e548cd83ea3cb68456c435d3cdef4f56d1bc5ce
Commit Graph

36216 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Waheed Ahmed
6541ce3e81 Merge pull request #11834 from edx/waheed/ecom-2948-move-white-label-sites-to-logistration 
Moved white label sites to logistration.
 2016-03-24 14:58:59 +05:00
Waheed Ahmed
b8a447c132 Moved white label sites to logistration. 
ECOM-2948
 2016-03-24 14:09:11 +05:00
attiyaIshaque
40dcb51084 Merge pull request #11850 from edx/ai/tnl3964-forum-vote-button 
Fix styling of vote button in forums responses.
 2016-03-24 11:26:28 +05:00
Ned Batchelder
69339390c7 Merge pull request #11910 from edx/ned/safe-templates-1 
Safe templates for static_templates
 2016-03-23 20:36:43 -04:00
Usman Khalid
11b709af72 Merge pull request #11930 from edx/private/release 
Merge private/release into release
 2016-03-24 04:06:27 +05:00
Usman Khalid
59b452a4b3 Quality fixes. 2016-03-24 02:46:54 +05:00
Renzo Lucioni
40ef82d513 Merge pull request #11911 from edx/renzo/safe-templates 
Secure templates used to inject Segment and Optimizely
 2016-03-23 17:15:11 -04:00
Nimisha Asthagiri
15e5a7dbf1 XSS Safe by default - vert_module.html 2016-03-23 17:13:59 -04:00
Ned Batchelder
e53e5d9d03 Safe templates for static_templates 2016-03-23 17:04:40 -04:00
Akiva Leffert
f0d8d48a02 Merge pull request #11914 from edx/aleffert/sidebar-template 
Mark register-sidebar template safe by default
 2016-03-23 16:32:08 -04:00
Simon Chen
d871447207 Merge pull request #11894 from edx/schen/xss-fix-dashboard-course-upsell 
Escape properly the elements on the dashboard xseries upsell template
 2016-03-23 16:24:08 -04:00
Simon Chen
97590928ad Merge branch 'master' into schen/xss-fix-dashboard-course-upsell 2016-03-23 16:24:01 -04:00
Sanford Student
d64b6d35ef making the welcome_back template safe 2016-03-23 16:19:09 -04:00
Calen Pennington
ac951c4bd2 XSS escape cms/templates/course_info.html 2016-03-23 16:12:41 -04:00
Calen Pennington
53a2960941 XSS escape cms/templates/component.html 2016-03-23 16:12:40 -04:00
Calen Pennington
7922dcbb9c XSS escape cms/templates/js/asset.underscore 2016-03-23 16:12:40 -04:00
Calen Pennington
485c542838 XSS escape cms/templates/js/asset-library.underscore 2016-03-23 16:12:40 -04:00
Calen Pennington
b91d1f2256 XSS escape cms/templates/asset_index.html 2016-03-23 16:12:40 -04:00
Eric Fischer
41c1c30f2b Merge pull request #11917 from edx/efischer/fix_safe_linter 
Safe template linter should use DOTALL
 2016-03-23 16:11:19 -04:00
Bill DeRusha
e6edba18b4 Safe Templatize: wiki templates 2016-03-23 16:06:36 -04:00
Akiva Leffert
2876076677 Remove unused empty file 2016-03-23 16:05:08 -04:00
Eric Fischer
7cfa0fa111 Safe template linter should use DOTALL 
MULTILINE has to do with how '^' and '$' behave, DOTALL will make the
'.' match newlines as well. This catches several failures that were
previously missed.
 2016-03-23 15:59:29 -04:00
Daniel Friedman
08ddeca426 Merge pull request #11912 from edx/dan-f/fix-accidental-extra-escaping 
Fix accidental extra escaping
 2016-03-23 15:55:18 -04:00
Simon Chen
79783800b4 Escape properly the elements on the dashboard xseries upsell template 2016-03-23 15:41:30 -04:00
Akiva Leffert
d44b4d28ce Mark register-sidebar template safe by default 2016-03-23 15:10:07 -04:00
Daniel Friedman
56b1196246 Fix accidental extra escaping 2016-03-23 14:46:35 -04:00
Renzo Lucioni
a104d82e70 Secure templates used to inject Segment and Optimizely 2016-03-23 14:40:24 -04:00
Kevin Falcone
06f5e49978 This appears to actually be in UTC (not in the django TZ default). 
You can see the times are marked +00:00 for the ISO 8601 format date and
I see no code in the backend that tries to convert.
 2016-03-23 14:38:18 -04:00
Kevin Falcone
8a85d7e346 Udpate to secure by default 
Most things were already escaped, including the json.dumps, and we've
decided not to use dump_html_escaped_json
 2016-03-23 14:35:08 -04:00
Daniel Friedman
679cdc3775 Merge pull request #11893 from edx/dan-f/make-cms-activation_invalid-safe 
Make CMS activation_invalid template safe by default
 2016-03-23 13:55:51 -04:00
Daniel Friedman
0b6faee467 Merge pull request #11891 from edx/dan-f/make-cms-activation_complete-safe 
Make CMS activation_complete template safe by default
 2016-03-23 13:55:11 -04:00
Jesse Zoldak
1b1f39527b Merge pull request #11902 from edx/zoldak/html-escape-mako-without-variables 
Add h filter page directive to cms mako templates without variables
 2016-03-23 13:30:46 -04:00
Michael Katz
c4a18db989 Merge pull request #11896 from edx/mkatz/3pauthsafetemplate 
add filter to profile page
 2016-03-23 13:11:49 -04:00
Peter Fogg
d28e0a277e Merge pull request #11895 from edx/peter-fogg/linter-fixes 
Minor fixes to the safe template linter.
 2016-03-23 12:39:28 -04:00
Muzaffar yousaf
a6627f57c9 Merge pull request #79 from edx/hotfix-2016-03-23 
[TNL-4073][TNL-4273] Make sure that domain defined for preview exists in
 2016-03-23 21:30:29 +05:00
Toby Lawrence
76c0c0413d Only require a module once. 
Looking at this code, I'm not entirely sure why it was added, but it's
demonstrably loading modules twice when not in debug mode.
 2016-03-23 12:29:47 -04:00
M. Rehan
8459b5be77 Merge pull request #10705 from edx/mrehan/SUST-22 
Implement 'from_string_or_404' in utils
 2016-03-23 21:26:39 +05:00
Peter Fogg
5d8a5d97e1 Merge pull request #11892 from edx/peter-fogg/remove-teams-wires 
Remove old teams example templates.
 2016-03-23 12:08:24 -04:00
Jesse Zoldak
6f0d1157f1 Add h filter page directive to cms mako templates without variables 
The files to change were found with:
`ack --literal --type=html --match '${' --files-without-matches cms/templates`
 2016-03-23 12:05:12 -04:00
Peter Fogg
6661063b5a Minor fixes to the safe template linter. 2016-03-23 11:38:45 -04:00
Michael Katz
4d6c787930 add filter 2016-03-23 11:34:21 -04:00
Toby Lawrence
e62a8da457 Set the correct names for overridden dependencies. 2016-03-23 11:28:25 -04:00
Daniel Friedman
48e2299e47 Make CMS activation_invalid template safe by default 2016-03-23 11:21:50 -04:00
Peter Fogg
11bb281019 Remove old teams example templates. 2016-03-23 11:19:01 -04:00
Calen Pennington
2607f8a98c XSS escape cms/templates/activation_active.html 2016-03-23 11:17:17 -04:00
Daniel Friedman
ea347c7a9b Make CMS activation_complete template safe by default 2016-03-23 11:11:08 -04:00
Muhammad Rehan
771a7d06ca Implement 'from_string_or_404' util and its example usage. 2016-03-23 20:10:32 +05:00
Michael Katz
9a94b106f8 safe template 2016-03-23 10:49:35 -04:00
Toby Lawrence
f8ddfb5945 Use a module/path mapping for RequireJS overrides instead of just paths. 
Instead of attempting to derive the module portion of a RequireJS
override strictly from the path to the JS file, we now use a dictionary
where the module name must be explicitly specified.  This allows us to
compensate for files which do not follow a naming scheme that is
compatible with RequireJS without having to normalize all files.  This
is extremely important when using third-party dependencies.
 2016-03-23 10:34:58 -04:00
attiyaIshaque
1e74f942f1 Merge branch 'master' into ai/tnl3964-forum-vote-button 2016-03-23 19:00:01 +05:00