Waheed Ahmed 7eb9a45e2d fix: cross-site scripting vulnerability on logout page ...

The target URL on logout page is marked as safe while rendering and
making the page volunerable to Cross-site scripting vulnerability.

Rendered the target variable outside safe HTML so that it should be
treated as text.

VAN-972

2022-05-31 16:07:05 +05:00

..

admin

fix: Removed usage of djangoratelimitbackend. (#30116)

2022-03-25 15:27:39 +05:00

api_admin

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:15:27 +05:00

bulk_email

feat: Ability to configure edx-ace with course emails

2022-02-21 17:17:44 +05:00

calculator

fix: rewrite calcualtor tips to reflect the supported features (#29957)

2022-03-10 12:48:41 -05:00

ccx

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:15:27 +05:00

certificates

fix: old links edx-guide-for-students now point to open-edx-learner-guide

2022-02-18 13:22:59 -05:00

components

PROD-1611

2020-09-01 16:22:20 +05:00

course_modes

fix: [REV-2608] add missing CSS class for currency conversion on Track Selection (#29923)

2022-02-15 08:17:02 -05:00

courseware

feat!: drop legacy course home view and related code

2022-04-14 15:18:31 -04:00

credit_notifications

…

dashboard

fix: Update enrollments FBE status by course key in dashboard (#30483)

2022-05-25 12:01:42 -04:00

debug

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:18:28 +05:00

discovery

…

discussion

style: button font reduced to reduce button size (#30256)

2022-04-15 16:57:14 +05:00

edxnotes

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:19:40 +05:00

emails

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:19:40 +05:00

embargo

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:19:40 +05:00

enrollment

DEPR-43 - Remove donation logic from student dashboard.

2020-07-21 15:26:29 -04:00

experiments

REV-1564: add user-metadata API, for use by Optimizely experiments (#25450)

2020-11-04 11:21:48 -05:00

fields

AA-517: fix duplicate IDs in MessageBannerView

2021-03-03 16:29:11 -05:00

financial-assistance

feat: use new financial assistance flow in FinancialAssistanceTool

2022-05-12 00:59:07 +05:00

fragments

[BD-10] Remove _uses_pattern_library property from EdxFragmentViews (#24536)

2020-07-27 12:01:40 -04:00

header

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:20:29 +05:00

instructor

refactor: remove VerifiedTrackCohortedCourse feature

2022-05-02 17:41:08 +03:00

learner_dashboard

style: heading color and mobile screen fix (#29924)

2022-02-15 17:07:35 +05:00

modal

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:22:40 +05:00

navigation

feat!: remove sysadmin dashboard feature w.r.t 0002-deprecate-sysadmin-dashboard-adr.rst

2021-04-08 09:15:11 -04:00

oauth2_provider

docs: Add README to lms/templates/oauth2_provider (#27682)

2021-05-20 13:37:59 -04:00

peer_grading

…

registration

Reveal a message to be extracted

2020-01-26 18:46:46 +03:30

save_for_later/edx_ace/saveforlater/email

feat: save for later (#29089)

2021-12-01 16:10:20 +05:00

static_templates

feat: Add a 403 and 429 handler.

2021-02-08 14:03:26 -05:00

student_account

feat: use new financial assistance flow in FinancialAssistanceTool

2022-05-12 00:59:07 +05:00

support

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:22:40 +05:00

survey

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:22:40 +05:00

ux/reference

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:23:36 +05:00

verify_student

MST-686 Update the IDV approval email to say our IDV is now valid for 2 years (#26859)

2021-03-04 16:25:42 -05:00

widgets

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:23:36 +05:00

wiki

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:23:36 +05:00

_gated_content.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:18:28 +05:00

.gitignore

…

.hgignore

…

annotatable.html

Convert Annotatable XModule to XBlock.

2020-11-24 04:58:59 +05:00

book_toc.xml

…

bookmark_button.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:15:27 +05:00

conditional_ajax.html

…

conditional_module.html

Convert ConditionalModule to ConditionalBlock.

2020-11-07 20:02:02 +05:00

course.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:15:27 +05:00

courses_list.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:15:27 +05:00

dashboard.html

fix: Update enrollments FBE status by course key in dashboard (#30483)

2022-05-25 12:01:42 -04:00

email_change_failed.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:19:40 +05:00

email_change_successful.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:19:40 +05:00

email_exists.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:19:40 +05:00

enroll_staff.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:19:40 +05:00

enroll_students.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:19:40 +05:00

extauth_failure.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:19:40 +05:00

feedback_email.txt

…

file-upload.underscore

…

footer.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:18:28 +05:00

forgot_password_modal.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:18:28 +05:00

goal_reminder_banner.html

feat: Update ace email header to match braze email header (#29310)

2021-11-15 10:44:41 -05:00

header.html

…

hidden_content.html

…

identity.xml

…

index_overlay.html

Use https for open.edx.org

2020-11-02 11:29:03 -05:00

index_promo_video.html

…

index.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:20:29 +05:00

invalid_email_key.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:20:29 +05:00

library-block-author-preview-header.html

…

logout.html

fix: cross-site scripting vulnerability on logout page

2022-05-31 16:07:05 +05:00

lti_form.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:20:29 +05:00

lti.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:20:29 +05:00

main_django.html

feat: Add course-wide custom scripts

2021-10-04 11:24:45 -07:00

main.html

fix: Remove token which disabled different origin subframe dialog suppression

2022-01-05 10:04:01 -05:00

manage_user_standing.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:22:40 +05:00

module-error.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:22:40 +05:00

page_banner.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:22:40 +05:00

pdf_viewer.html

PROD-1184 fixed pdf loading issue in textbook

2020-01-24 16:29:11 +05:00

poll.html

…

preview_menu.html

feat!: drop legacy courseware tab access for learners

2022-04-19 12:27:10 -04:00

problem_ajax.html

…

problem_notifications.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:22:40 +05:00

problem.html

AA-505: Some design updates for courseware "shift dates" UI

2021-01-04 13:29:58 -05:00

provider_login.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:22:40 +05:00

resubscribe.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:23:36 +05:00

secondary_email_change_failed.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:22:40 +05:00

secondary_email_change_successful.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:22:40 +05:00

seq_module.html

* feat: Add completion progress bar to dashboard

2022-02-09 09:28:48 -05:00

signup_modal.html

Use full names for common.djangoapps imports; warn when using old style (#25477)

2020-11-10 07:02:01 -05:00

split_test_author_view.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:22:40 +05:00

split_test_staff_view.html

…

split_test_student_view.html

…

staff_problem_info.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:22:40 +05:00

static_htmlbook.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:22:40 +05:00

static_pdfbook.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:22:40 +05:00

staticbook.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:22:40 +05:00

studio_render_children_view.html

…

studio_render_paged_children_view.html

…

tab_module.html

…

tracking_log.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:19:40 +05:00

unsubscribe.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:23:36 +05:00

user_dropdown.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:23:36 +05:00

using.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:23:36 +05:00

vert_module.html

AA-505: Some design updates for courseware "shift dates" UI

2021-01-04 13:29:58 -05:00

video_modal.html

Fix course about page video. (#22775)

2020-01-09 17:43:31 +05:00

video.html

fix: replace 'ugettext' with 'gettext' in lms

2021-12-16 13:23:36 +05:00

word_cloud.html

…

xrds.xml

…