From 4d1e54f33fdfc30c6950605fa03a332d79dce313 Mon Sep 17 00:00:00 2001 From: Bracken Mosbacker Date: Tue, 29 Jan 2013 12:32:13 -0700 Subject: [PATCH] allow loading wiki page in edit mode Some iFramed pages can force the browser to forward to a new page. If you had one of those on a wiki page you couldn't get to the page to edit it because it forwarded too quickly. Now you can add ?edit=1 on the wiki page url and it won't render the wiki's content when the page loads, allowing you to edit it. This also white-listed the 'sandbox' attribute for iframe nodes. Sandbox isn't supported by all browsers, but adding it to the iframe would prevent it from forwarding if you don't want it to. Test Plan * embed an iframe in a page that tries to forward the page * add ?edit=1 to the wiki page and notice that it doesn't forward you * add the 'sandbox' attribute to the iframe and save the wiki page * the sandbox attribute should not have been scrubbed when saving closes #CNVS-1288 Change-Id: I5f257e88c81db93ff19d09798ad46a77abfd69bd Reviewed-on: https://gerrit.instructure.com/17250 Reviewed-by: Jeremy Stanley Tested-by: Jenkins QA-Review: Adam Phillipps --- app/controllers/wiki_pages_controller.rb | 1 + app/views/wiki_pages/_content.html.erb | 8 ++++++-- public/javascripts/tinymce.editor_box.js | 2 +- spec/views/wiki_pages/show.html.erb_spec.rb | 18 ++++++++++++++++-- .../sanitize_field/lib/sanitize_field.rb | 2 +- 5 files changed, 25 insertions(+), 6 deletions(-) diff --git a/app/controllers/wiki_pages_controller.rb b/app/controllers/wiki_pages_controller.rb index 0c1b450b64e..95a5576ecf6 100644 --- a/app/controllers/wiki_pages_controller.rb +++ b/app/controllers/wiki_pages_controller.rb @@ -52,6 +52,7 @@ class WikiPagesController < ApplicationController include Api::V1::WikiPage def show + @editing = true if Canvas::Plugin.value_to_boolean(params[:edit]) if @page.deleted? && !@page.grants_right?(@current_user, session, :update) && @page.url != 'front-page' flash[:notice] = t('notices.page_deleted', 'The page "%{title}" has been deleted.', :title => @page.title) redirect_to named_context_url(@context, :context_wiki_page_url, 'front-page') diff --git a/app/views/wiki_pages/_content.html.erb b/app/views/wiki_pages/_content.html.erb index 2b36bfa5c1d..5efa69c39a4 100644 --- a/app/views/wiki_pages/_content.html.erb +++ b/app/views/wiki_pages/_content.html.erb @@ -73,7 +73,11 @@ course will see this page first. You can change that from [the course home page <% else %>
- <%= user_content(@page.body) %> + <% if @editing %> + <%= t('editing_content', 'Editing Content.') %> + <% else %> + <%= user_content(@page.body) %> + <% end %>
<% end %> <% end %> @@ -142,7 +146,7 @@ course will see this page first. You can change that from [the course home page <% if @editing %> $(document).ready(function() { - $("#wiki_show_view_secondary .edit:first").click(); + $("#wiki_show_view_secondary .edit_link:first").click(); }); <% end %> diff --git a/public/javascripts/tinymce.editor_box.js b/public/javascripts/tinymce.editor_box.js index 45df59937ba..fc3aafb5925 100644 --- a/public/javascripts/tinymce.editor_box.js +++ b/public/javascripts/tinymce.editor_box.js @@ -166,7 +166,7 @@ define([ theme_advanced_resizing : true, theme_advanced_blockformats : "p,h2,h3,h4,pre", theme_advanced_more_colors: false, - extended_valid_elements : "iframe[src|width|height|name|align|style|class]", + extended_valid_elements : "iframe[src|width|height|name|align|style|class|sandbox]", content_css: "/stylesheets/compiled/instructure_style.css,/stylesheets/compiled/tinymce.editor_box.css", editor_css: editor_css, diff --git a/spec/views/wiki_pages/show.html.erb_spec.rb b/spec/views/wiki_pages/show.html.erb_spec.rb index 34a9d23f47c..81d1ced543a 100644 --- a/spec/views/wiki_pages/show.html.erb_spec.rb +++ b/spec/views/wiki_pages/show.html.erb_spec.rb @@ -20,15 +20,29 @@ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper') require File.expand_path(File.dirname(__FILE__) + '/../views_helper') describe "/wiki_pages/show" do - it "should render" do + before do course_with_student view_context assigns[:wiki] = @course.wiki assigns[:page] = assigns[:wiki].wiki_page + assigns[:page].body = "my awesome content" assigns[:page].save! assigns[:context] = @course + end + + it "should render" do render "wiki_pages/show" - response.should_not be_nil + doc = Nokogiri::HTML(response.body) + doc.css('#wiki_body').text.index(assigns[:page].body).should_not be_nil + end + + it "should not render user content when editing" do + assigns[:editing] = true + render "wiki_pages/show" + + doc = Nokogiri::HTML(response.body) + doc.css('#wiki_body').text.index(assigns[:page].body).should be_nil + doc.css('#wiki_body').text.index('Editing Content').should_not be_nil end end diff --git a/vendor/plugins/sanitize_field/lib/sanitize_field.rb b/vendor/plugins/sanitize_field/lib/sanitize_field.rb index 528729b69f4..3ff7e16215f 100644 --- a/vendor/plugins/sanitize_field/lib/sanitize_field.rb +++ b/vendor/plugins/sanitize_field/lib/sanitize_field.rb @@ -89,7 +89,7 @@ module Instructure #:nodoc: 'col' => ['span', 'width'], 'colgroup' => ['span', 'width'], 'img' => ['align', 'alt', 'height', 'src', 'title', 'width'], - 'iframe' => ['src', 'width', 'height', 'name', 'align', 'frameborder', 'scrolling'], + 'iframe' => ['src', 'width', 'height', 'name', 'align', 'frameborder', 'scrolling', 'sandbox'], 'ol' => ['start', 'type'], 'q' => ['cite'], 'table' => ['summary', 'width', 'border', 'cellpadding', 'cellspacing', 'center', 'frame', 'rules', 'dir', 'lang'],