feat: handle edit modals from advanced xblocks (#1445)

Adds new message types, updates message handlers, and implements a new modal iframe for legacy XBlock editing.
2025-02-20 12:05:48 -08:00
parent 2befd82e51
commit 7e4ecff4e8
15 changed files with 353 additions and 25 deletions
--- a/src/constants.js
+++ b/src/constants.js
@@ -78,6 +78,16 @@ export const REGEX_RULES = {
  noSpaceRule: /^\S*$/,
 };

+/**
+ * Feature policy for iframe, allowing access to certain courseware-related media.
+ *
+ * We must use the wildcard (*) origin for each feature, as courseware content
+ * may be embedded in external iframes. Notably, xblock-lti-consumer is a popular
+ * block that iframes external course content.
+
+ * This policy was selected in conference with the edX Security Working Group.
+ * Changes to it should be vetted by them (security@edx.org).
+ */
 export const IFRAME_FEATURE_POLICY = (
  'microphone *; camera *; midi *; geolocation *; encrypted-media *; clipboard-write *'
 );