Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6cbb9cbca3617da89ffae3a888b10a5c5d9bbaf2
edx-platform/lms/djangoapps/discussion
History
David Ormsbee 149b014053 fix: disallow "data:" links in discussion posts 
Sanitizes Markdown that goes back and forth between the server and
client side, to strip out data: links, so that they cannot be abused.
There is no present vulnerability to this issue–modern browsers disallow
data links in the first place, and we already filter this out in both
client-side code as well as the HTML generated in the REST API (it's run
through bleach). But we're adding this anyway, to further reduce the
odds that some client-side mistake could cause a vulnerability. This is
part of TNL-8589.
2021-08-03 15:19:07 -04:00
..
config
docs: update toggle docs
2021-04-01 21:58:29 -04:00
django_comment_client
fix: disallow "data:" links in discussion posts
2021-08-03 15:19:07 -04:00
management
refactor: pyupgrade second iteration
2021-04-30 15:35:47 +05:00
notification_prefs
refactor: pyupgrade second iteration
2021-04-30 15:35:47 +05:00
rest_api
Makes counting flagged comments optional, instead of automatic in case of moderators
2021-07-14 13:19:12 +05:00
settings
docs: update toggle docs
2021-04-01 21:58:29 -04:00
signals
BOM-2358 : Pyupgrade in dashboard, debug, discussion apps (#26529)
2021-02-22 15:42:21 +05:00
static/discussion
Short Circuit Digest preferences call on Discussion Home Page
2020-04-24 16:00:46 +05:00
templates/discussion
fix: don't duplicate text in forum notification email
2021-03-15 15:29:01 -04:00
tests
refactor: pyupgrade second iteration
2021-04-30 15:35:47 +05:00
__init__.py
Discssions as a plugin
2018-02-23 09:23:53 -05:00
apps.py
BOM-2358 : Pyupgrade in dashboard, debug, discussion apps (#26529)
2021-02-22 15:42:21 +05:00
exceptions.py
BOM-2278 : Pylint amnesty in discussion, dashboard (#26275)
2021-02-03 18:15:14 +05:00
plugins.py
BOM-2358 : Pyupgrade in dashboard, debug, discussion apps (#26529)
2021-02-22 15:42:21 +05:00
README.rst
Remove notifier_api app DEPR-111 (#25464)
2020-10-29 11:17:23 -04:00
tasks.py
feat: mark forum response notifications transactional
2021-03-16 08:50:40 -04:00
urls.py
Fix failures caused by removing lms/djangoapps from sys.path
2020-09-23 10:05:37 -04:00
views.py
fix: disallow "data:" links in discussion posts
2021-08-03 15:19:07 -04:00

README.rst 

Status: Maintenance

Responsibilities
================
The Discussion app powers the Open edX forums experience.

Direction: Move and Extract
===========================
Discussions related functionality is scattered across a number of places and should be better consolidated. Today we have:

* ``lms/djangoapps/discussion``
* ``openedx/core/djangoapps/django_comment_common``
* ``openedx/core/lib/xblock_builtin/xblock_discussion``

Ideally, what we want in the long term is for all of this extracted into a new repository that holds the code for both the inline discussion XBlock as well as all the Django apps.

That being said, it's not clear what the path forward for this app is. Forum functionality is something that has not been actively worked on for a while, and it's been suggested that we should remove this app altogether in favor of having better integration with other more established forum software. This decision is usually complicated by the desire to have tight integration with courseware and access to data for analytics.

Regardless, check with Product before undertaking any major refactoring work here.

Glossary
========

More Documentation
==================
Reference in New Issue View Git Blame Copy Permalink