allow loading wiki page in edit mode

Some iFramed pages can force the browser to forward to a new page. If you had one of those on a wiki page you couldn't get to the page to edit it because it forwarded too quickly. Now you can add ?edit=1 on the wiki page url and it won't render the wiki's content when the page loads, allowing you to edit it. This also white-listed the 'sandbox' attribute for iframe nodes. Sandbox isn't supported by all browsers, but adding it to the iframe would prevent it from forwarding if you don't want it to. Test Plan * embed an iframe in a page that tries to forward the page * add ?edit=1 to the wiki page and notice that it doesn't forward you * add the 'sandbox' attribute to the iframe and save the wiki page * the sandbox attribute should not have been scrubbed when saving closes #CNVS-1288 Change-Id: I5f257e88c81db93ff19d09798ad46a77abfd69bd Reviewed-on: https://gerrit.instructure.com/17250 Reviewed-by: Jeremy Stanley <jeremy@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> QA-Review: Adam Phillipps <adam@instructure.com>
2013-01-29 12:32:13 -07:00 · 2013-01-29 12:32:13 -07:00 · 4d1e54f33f
parent dc82956804
commit 4d1e54f33f
5 changed files with 25 additions and 6 deletions
--- a/app/controllers/wiki_pages_controller.rb
+++ b/app/controllers/wiki_pages_controller.rb
@ -52,6 +52,7 @@ class WikiPagesController < ApplicationController
  include Api::V1::WikiPage

  def show
+    @editing = true if Canvas::Plugin.value_to_boolean(params[:edit])
    if @page.deleted? && !@page.grants_right?(@current_user, session, :update) && @page.url != 'front-page'
      flash[:notice] = t('notices.page_deleted', 'The page "%{title}" has been deleted.', :title => @page.title)
      redirect_to named_context_url(@context, :context_wiki_page_url, 'front-page')
--- a/app/views/wiki_pages/_content.html.erb
+++ b/app/views/wiki_pages/_content.html.erb
@ -73,7 +73,11 @@ course will see this page first.  You can change that from [the course home page
      </div>
    <% else %>
      <div id="wiki_body" class="user_content">
-        <%= user_content(@page.body) %>
+        <% if @editing %>
+          <%= t('editing_content', 'Editing Content.') %>
+        <% else %>
+          <%= user_content(@page.body) %>
+        <% end %>
      </div>
    <% end %>
  <% end %>
@ -142,7 +146,7 @@ course will see this page first.  You can change that from [the course home page

    <% if @editing %>
      $(document).ready(function() {
-        $("#wiki_show_view_secondary .edit:first").click();
+        $("#wiki_show_view_secondary .edit_link:first").click();
      });
    <% end %>

--- a/public/javascripts/tinymce.editor_box.js
+++ b/public/javascripts/tinymce.editor_box.js
@ -166,7 +166,7 @@ define([
      theme_advanced_resizing : true,
      theme_advanced_blockformats : "p,h2,h3,h4,pre",
      theme_advanced_more_colors: false,
-      extended_valid_elements : "iframe[src|width|height|name|align|style|class]",
+      extended_valid_elements : "iframe[src|width|height|name|align|style|class|sandbox]",
      content_css: "/stylesheets/compiled/instructure_style.css,/stylesheets/compiled/tinymce.editor_box.css",
      editor_css: editor_css,

--- a/spec/views/wiki_pages/show.html.erb_spec.rb
+++ b/spec/views/wiki_pages/show.html.erb_spec.rb
@ -20,15 +20,29 @@ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
 require File.expand_path(File.dirname(__FILE__) + '/../views_helper')

 describe "/wiki_pages/show" do
-  it "should render" do
+  before do
    course_with_student
    view_context
    assigns[:wiki] = @course.wiki
    assigns[:page] = assigns[:wiki].wiki_page
+    assigns[:page].body = "my awesome content"
    assigns[:page].save!
    assigns[:context] = @course
+  end
+
+  it "should render" do
    render "wiki_pages/show"
-    response.should_not be_nil
+    doc = Nokogiri::HTML(response.body)
+    doc.css('#wiki_body').text.index(assigns[:page].body).should_not be_nil
+  end
+
+  it "should not render user content when editing" do
+    assigns[:editing] = true
+    render "wiki_pages/show"
+
+    doc = Nokogiri::HTML(response.body)
+    doc.css('#wiki_body').text.index(assigns[:page].body).should be_nil
+    doc.css('#wiki_body').text.index('Editing Content').should_not be_nil
  end
 end

--- a/vendor/plugins/sanitize_field/lib/sanitize_field.rb
+++ b/vendor/plugins/sanitize_field/lib/sanitize_field.rb
@ -89,7 +89,7 @@ module Instructure #:nodoc:
        'col'        => ['span', 'width'],
        'colgroup'   => ['span', 'width'],
        'img'        => ['align', 'alt', 'height', 'src', 'title', 'width'],
-        'iframe'     => ['src', 'width', 'height', 'name', 'align', 'frameborder', 'scrolling'],
+        'iframe'     => ['src', 'width', 'height', 'name', 'align', 'frameborder', 'scrolling', 'sandbox'],
        'ol'         => ['start', 'type'],
        'q'          => ['cite'],
        'table'      => ['summary', 'width', 'border', 'cellpadding', 'cellspacing', 'center', 'frame', 'rules', 'dir', 'lang'],