This reverts commit 77f62a52a6.
refs LS-2622
Change-Id: Ie73c00fffbf1fc2f62448797ca0022feed8998bc
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/273715
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
fixes LS-2622
flag=none
test plan:
- Create a wiki page on a course with two mailto links in the content.
One with a valid email address string and one with an invalid string.
- Export the course.
- Verify the bad mailto link has been removed but the text is still
there.
- Copy the course to another.
- Verify the bad mailto link has been removed but the text is still
there.
Change-Id: I2277d420c5cd7339df197ebbaf983c3ed0e7d6a0
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/273648
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Isaac Moore <isaac.moore@instructure.com>
QA-Review: Isaac Moore <isaac.moore@instructure.com>
Product-Review: Eric Saupe <eric.saupe@instructure.com>
fixes LS-2325
flag=none
test plan:
- Create a page
- In the content of the page create a link to the course home by clicking
the dropdown next to the link button in the RCE menu, then clicking
Course Links, expand Course Navigation, then select Home
- With the Home link in the content, save the page
- Export the course
- Import the course content into a new course
- Verify the link in the imported page content is linked to the new page's
home navigation and not the old course
- Also verify just using the Copy Course from Import Course Content also
changes the home navigiation link as expected
Change-Id: Ib7779a4c42f9669ac4da6408a2fbd453ae31a039
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/267975
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Jackson Howe <jackson.howe@instructure.com>
QA-Review: Jackson Howe <jackson.howe@instructure.com>
Product-Review: Eric Saupe <eric.saupe@instructure.com>
[fsc-max-nodes=12]
[fsc-timeout=60]
* switch lots of parsing to Nokogumbo to keep things consistent
* deep CSS sanitization is now built in, and with a proper parser (meaning
we can drop our code to do it, and adjust some specs to account for things
that _are_ valid)
lots of changes because gumbo parsing<->serialization cycle is slightly different:
* better job preserving original whitespace
* literal non-breaking space characters are converted to entities
* <p> tags aren't inserted for the heck of it
* several _other_ entities are unnecessary, and output as literal characters
* some elements no longer have a closing tag
Change-Id: I7c5e36cbd04b8a05f64c9e0af00868dd6b00f4ce
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/256444
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Jacob Burroughs <jburroughs@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
closes LS-1685
flag=none
test plan:
- when a quiz is fixed-up, the tooltips on equation answers should
be reasonable.
- if we find inline latex burried in the sea of html-ish text
it's extracted and turned into an equation image. Sadly
I don't remember what quiz+question I discovered this on
(though it was near the top of peyton's course)
- when fixup generates equation images, the title has its closing
quote, so the tooltip looks correct.
Change-Id: I21201b094c46ee057d1a6f779d120db303e31bca
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/254544
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Nate Armstrong <narmstrong@instructure.com>
QA-Review: Robin Kuss <rkuss@instructure.com>
Product-Review: Ed Schiebel <eschiebel@instructure.com>
closes LS-1639
flag=none
The change to SyllabusBehaviors puts code back that existed
before the new math handling was introduced, and should have
been behind its flag.
If the new_math_equation_handling flag is on, turn it off if
we're editing a quiz, and skip having the backend inject the
hidden mathml, which is part of the legacy equation handling.
test plan:
=== With the new math_equation_handling flag off ====
- create a quiz, add a multiple choice question with an equation
as an answer
- save the question, save the quiz
- edit the quiz, edit the question, do not edit the answer
> look at the DOM. there should be no moe than 1
<span class="hidden-readable">
just after the equation image in the answer
- save the question, save the quiz
- preview the quiz
> expect just 1 <span class="hidden-readable"> in the DOM just
after the equation image
- no combination of edit, save, edit, ... should cause > 1
<span class="hidden-readable">
after the equation image
=== with the new_math_equation_handling flag on ===
- preview and edit the quiz you created with the flag off
> expect it to look A-OK
- create a new quiz
- use the rce's equation editor to put an equation everywhere
you can possible think of in a quiz
- the text
- answers
- comments on the answers
> expect the equations to look right no matter what
- edit the quiz and all the places where there are equations
> yep still ok
- save the qustion
> still ok
- save the quiz
> still ok
- preview the quiz, to completion to see answer comments
> looks good _and_ equations are mathjaxified
- edit everything again
> still looks good everywhere
Change-Id: I1319d007509f6e8cbc9c9af81e3939e365b0fa92
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/253507
Reviewed-by: Jackson Howe <jackson.howe@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Robin Kuss <rkuss@instructure.com>
Product-Review: Ed Schiebel <eschiebel@instructure.com>
closes LS-1637
flag=none
When the flag is off, we weren't loading MathJAx at all, which is
bad. We need it to process hidden mathml for a11y support.
test plan:
- in the rce add an equation and save
> expect a span class=hidden-readable with mathjax'd mathml
right after the image, or
> use a screenreader, the equation should be read
Change-Id: I73dc5e6718ee9b9403f29825378965c679e03254
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/253458
Reviewed-by: Charley Kline <ckline@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Robin Kuss <rkuss@instructure.com>
Product-Review: Keith Garner <kgarner@instructure.com>
closes LS-1601
flag=new_math_equation_handling
The previous approach was to replace the equation image with the
equation's LaTeX in canvas' backend, but not all user content sent
to the browser passes through UserContent.escape. Discussions
and legacy quiz questions included. The backend approach also suffered
from the an ugly visual where the LaTeX is displayed onscreen until
MathJax typesets it.
In a previous commit, I caught Discussion replies in apiUserContent
where the screenreader assistive mathml is injected into the DOM
adjacent to the image. That worked but we now had 2 places
where the replacement was taking place, and quiz questions are
still being missed.
A better approach is to handle it all in a central location, which
is with the code that detects math is on the page. The new approach
is to inject the LaTeX into the DOM adjacent to the image just before
MathJax does its processing, then removes the image when it finished.
This way the equation image is displayed to the user while MathJaX
does its work, and since we look for new math in a MutationObserver
watching the whole document, we never miss any equation images on the page.
Because we are looking for mutations anywhere on the page, there may
be nodes we want to ignore (e.g. the quiz timer). This is handled
by adding to the ignore_list css selector in main.js
test plan:
- with the "Updated math equation handling" flag on
(and optionally 'Support LaTex math equations almost everywhere")
- double check that equations created with the rce equation editor
are processed with mathjax all over canvas
> expect equation images to be visible until replaced by MathJax
typeset versions
- Discussions:
- reply to a discussion with an equation (inline and equation editor)
> expect them to be typeset by mathjax
- edit a reply and save
> expect the the reply to have it's math processed by mathjax
- Legacy Quizzes
- create a quiz, set it so 1 question per page
- add a couple questions with equations
- preview the quiz, moving forward and back thru the questions
> expect the questions go have their equations typeset by mathjax
Change-Id: I9e2ec4fd53de06748156bbd4adadac7e2b1e205f
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/252222
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Jackson Howe <jackson.howe@instructure.com>
QA-Review: Robin Kuss <rkuss@instructure.com>
Product-Review: Peyton Craighill <pcraighill@instructure.com>
This commit changes nothing in the RCE, but changes how canvas renders
equations in the resulting page. Rather than
adding mathml in a hidden span adjacent to the equation image for
MathJax to process, this change replaces the image with a span containing
the LaTex source for MathJax to format. This is better for a couple
reasons.
MathJax is not intended for formatting equations as they are
being edited and dealing with MathJax processed equations in the RCE when you
may want to edit an existing equation is never going to work well.
The visible MathJax-ified equations in the resulting page provides the
accessiblity we require.
This approach will update all existing content with math images,
so old content gets the benefit too.
Contrary to what some believe, you will not be able to select, copy
and paste parts of an equation.
closes: LS-1401
flag=new_math_equation_handling
test plan:
- with new_math_equation_handling flag on
- insert a math equation in the RCE
> notice that when you click on the equation's image, you do not
get the "Image Options" popup button
- click on the equation
> expect the "Edit Equation" popup button, not "Image Options"
- edit the equation and save
> expect it to be updated
- save the page
> expect the equation to fade into view after being processed by MathJax.
> expect the MathJax menu when you right click in it
> expect screenreaders read it nicely
- edit the page again
> expect the equation as an image again.
> expect to be able to edit the equation
- switch your user to a different language
- open a page with an equation and right-click in the eq.
> expect the mathjax context menu to be in the user's language
(assuming mathjax supports it)
Change-Id: Ieac6785d51c0cab475b1176712f46fc2c964ff71
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/247471
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Jackson Howe <jackson.howe@instructure.com>
QA-Review: Daniel Sasaki <dsasaki@instructure.com>
Product-Review: Peyton Craighill <pcraighill@instructure.com>
yes, this is terrible, but it's less bad than breaking URLs entirely
which is what we did before
test plan:
- upload an image to a course
- put the following in a quiz description using the HTML editor:
<img src="http://localhost:3000/files/3603/download?download_frd=1">
(substitute the hostname and id of the image)
- ensure the image shows up when viewing the quiz
- copy the course
- ensure the image shows up when viewing the quiz in the copy
fixes ADMIN-1103
Change-Id: I4b1914a7dd8baa1d03cf739163cdbf0e164e56da
Reviewed-on: https://gerrit.instructure.com/152470
Reviewed-by: James Williams <jamesw@instructure.com>
Tested-by: Jenkins
QA-Review: Luke Kingsley <lkingsley@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
test plan:
- have a course with a wiki page and assignment
- create another page that embeds the two former items
in an iframe with "?embedded=true" in the link
as described in the ticket
- copy the course
- in the copy, the "?embedded=true" links should be
preserved
fixes ADMIN-868
Change-Id: I20c775cbd8a76eabecf49252b61a45d0a7817278
Reviewed-on: https://gerrit.instructure.com/147898
Tested-by: Jenkins
Reviewed-by: James Williams <jamesw@instructure.com>
QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
test plan:
* make sure that links like
"https://example.com/files" are preserved on copy
but links to "/courses/:course_id/files" are
translated to the new course
closes #ADMIN-805
Change-Id: Ia7cd5ba5ea61fa05c8edb0cfc4d413b667aae5fd
Reviewed-on: https://gerrit.instructure.com/141728
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins
QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
test plan:
* links to external domains with url's similar
to canvas links, e.g. "https://example.com/users/1"
should not be modified on course copy
closes #ADMIN-754
Change-Id: Ie2f55f8a1806528da7631b00f6876bc0ac3f77d7
Reviewed-on: https://gerrit.instructure.com/140421
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
if we run into a link directly to "/files/X" we
should try to pass it through to the other course
instead of leaving it alone
Change-Id: Ie67add5553ec9fbb2a7e2acaf0274cf798eb6b4f
Reviewed-on: https://gerrit.instructure.com/135074
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
Fixes: CNVS-29738
Test Plan:
With an RCE view open, click the insert math equation button
Create a math equation and click insert equation
Ensure that the equation image alt attribute is prefixed by 'LaTeX: '
Change-Id: I6df61e83de9820f54757bbfdd3065275889df88c
Reviewed-on: https://gerrit.instructure.com/102708
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
fixes CNVS-59514
Also adds a MathMan module that wraps some convenience methods for 1-
figuring out if it's ok to use mathman; 2- constructing urls for hitting
mathman's endpoints.
test plan:
*With Ritex*
- Add an assignment (or some type of content with a description editable
via tinymce / rcs).
- Update the description to include a latex equation using the equation
editor.
- Upon saving the assignment, observe that an image of the equation is
visible.
- Using the browser's elemnt / DOM inspector, select the equation image,
and observe that there is a hidden span that contain a math ml
representation.
*With Mathman*
- Navigate to an account's plugin page, and select the MathMan plugin.
- On the edit screen, enable the plugin, and provide a working mathman
base url and check the 'Use for mml' checkbox. Save the changes.
- Add an assignment (or some type of content with a description editable
via tinymce / rcs).
- Update the description to include a latex equation using the equation
editor.
- Upon saving the assignment, observe that an image of the equation is
visible.
- Using the browser's elemnt / DOM inspector, select the equation image,
and observe that there is a hidden span that contain a math ml
representation.
Change-Id: I194d155b339123f7ed1948cf29070c1d17fc7f17
Reviewed-on: https://gerrit.instructure.com/84031
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Benjamin Christian Nelson <bcnelson@instructure.com>
Product-Review: John Corrigan <jcorrigan@instructure.com>
fixes CNVS-29811
test plan:
- Create an assignment (or any content type with a body / description
that uses RCS).
- Add a formula to the body / description.
- Observe that the formula is displayed.
Change-Id: I5c7ab3e1ba74c12654ac341983749122424ab6c4
Reviewed-on: https://gerrit.instructure.com/81691
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Benjamin Christian Nelson <bcnelson@instructure.com>
Product-Review: John Corrigan <jcorrigan@instructure.com>
used to turn 1.0.to_s to "1"
closes #CNVS-28310
Change-Id: I79106a4c0b42fe9b6d96097aaf9dd28a43024373
Reviewed-on: https://gerrit.instructure.com/75194
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins
QA-Review: KC Naegle <knaegle@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
test plan:
* create a course with a locked discussion topic
* add a link to the discussion topic to a wiki page
* create a term with dates for teachers in the past
* add the course to the past term
* as a teacher, copy the course
* the link in the wiki page should point to the
correct discussion topic in the copied course
closes #CNVS-27143
Change-Id: Ic7e72276e88c54a35346f5863fb141eedd44905f
Reviewed-on: https://gerrit.instructure.com/72014
Tested-by: Jenkins
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
this also fixes and issue where subsequent edits fail to generate mathml
successfully.
fixes CNVS-22762
test plan:
- in all browsers
- create an equation image, save, inspect
- edit page, re-save, inspect
- make sure things look right visually and for screenreaders
Change-Id: Ice5de7be720b217aa19850233e11fdf238d68158
Reviewed-on: https://gerrit.instructure.com/68372
Tested-by: Jenkins
Product-Review: Aaron Cannon <acannon@instructure.com>
Reviewed-by: Rob Orton <rob@instructure.com>
QA-Review: August Thornton <august@instructure.com>
fixes CNVS-21975
test-plan:
- put some invalid latex in an equation image
- save and load
- should not be a page error
- equation image's alt attribute should still have the unprocessed
latex
Change-Id: I635a042c11d9344d05f89c9ae5cdb9aff75eea13
Reviewed-on: https://gerrit.instructure.com/58783
Reviewed-by: Ryan Shaw <ryan@instructure.com>
QA-Review: Ben Bolton <bbolton@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins
closes CNVS-20200
first, takes the mathml translation we already know how to do
and stuffs that in a data element on equation images
second, extract mathml from data attribute and inject as a
screenreader span to make the mathml consumable.
I also reworked the "convertApiUserContent" coffee function to
be a little more broken up and individually testable (and
added specs for it), and made sure not to do this transformation
when editing (as that would start a content update loop where
we add content on every save/edit cycle)
TEST PLAN:
For each of the following places, make sure you can save
an equation image in the tinymce editor and get MATHML for
screeenreaders in the output:
Announcement reply
Discussion reply
Wiki Page body
Outcome description
Quiz essay answer text
ePortfolio page edit
Regression test mathml generation in other tinymce areas (which were
already producing it)
Change-Id: Icc769dc92e799563133d47c8dda8ea84fde034eb
Reviewed-on: https://gerrit.instructure.com/56029
Tested-by: Jenkins
Reviewed-by: Jason Madsen <jmadsen@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
by referencing symbols, just loading Context doesn't immediately cause
all the other stuff (and their dependents) to be loaded
Change-Id: I90e939ea03b628435ba77e2dc9ea886bf3f837c4
Reviewed-on: https://gerrit.instructure.com/51801
Tested-by: Jenkins
Reviewed-by: Ethan Vizitei <evizitei@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
refs CNVS-13987
what was called CanvasUuid was *not* generating UUIDs. it was generating
slugs. by default, its generate method only creates 4 character slugs.
these should obviously not be used as UUIDs. the misnomer already caused
a bug in EventStream where it used these slugs as UUIDs, causing
collisions. to fix:
(1) rename canvas_uuid gem to canvas_slug, and rename it's primary
class CanvasUuid to CanvasSlug
(2) create new canvas_uuid gem, with class CanvasUUID, extracted from
lib/uuid_singleton for actual UUID generation
(3) fix event stream use CanvasUUID, rather than following the rename
of CanvasUuid to CanvasSlug
test-plan:
- have cassandra set up for audit logs
- create an audit log entry (e.g. change a grade)
- look at the generated audit log entry's id field; it should be a UUID
value, not a 4 character slug
Change-Id: I19758fff4433cd6cb2e21219217dced19ee05c5a
Reviewed-on: https://gerrit.instructure.com/37506
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
test plan:
- have a course with a public syllabus
- link to two files in the syllabus body:
- a locked file
- an unlocked file
- access the course syllabus without logging in
- the unlocked file link should work
- the locked file link should not
fixes CNVS-11569
Change-Id: I75d25a46c7e4fac43c7f187a4aba166be85d1010
Reviewed-on: https://gerrit.instructure.com/31270
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Nathan Rogowski <nathan@instructure.com>
test plan:
- with draft state enabled
* create a wiki page
- use the sidebar to add a link to another wiki page
* save the page
* edit the page
- html view should show the href as ../pages/.. not ../wiki/..
- copy the link, changing the href to be ../wiki/..
* save the page
* copy the course
* navigate to the copied wiki page
- both links should point to the page in the new course
fixes CNVS-11443
Change-Id: Ib7f8b175ac6d894a9bfa651f8536b7cd48b60aac
Reviewed-on: https://gerrit.instructure.com/30780
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Matt Fairbourn <mfairbourn@instructure.com>
fixes CNVS-10679
this commit refactors quiz into a quizzes namespace. it contains various
shims to facilitate the data migration of polymorphic relationships
('Quiz' -> 'Quizzes::Quiz'). JIRA contains several tickets linked to
the above tickets in regards to removing these shims after the data
migration, as well as the strategies on reverting the shims once the
data migration is complete.
Change-Id: I30c566d60a87af6ee83e9d0041fdcb909ead6a89
Reviewed-on: https://gerrit.instructure.com/28573
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Derek DeVries <ddevries@instructure.com>
QA-Review: Myller de Araujo <myller@instructure.com>
Product-Review: Josh Simpson <jsimpson@instructure.com>
fixes a problem where internal links to wiki pages that
had titles that started with numbers would cause the
regular expressions to break
(also fixes a couple random typos and such)
test plan:
* create a wiki page with a title that starts with a
numeric character
* create a link to that wiki page (such as on another
wiki page)
* copy the course
* the copied course should have a correct link
fixes #CNVS-4158
Change-Id: I8c6a26feb4766e078f06656e7e26f381ae5934d5
Reviewed-on: https://gerrit.instructure.com/18064
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
fixes#9345fixes#10702
test plan:
(for #9345)
* create a course with a file and an assignment
* put a link to the file in the assignment description
* make the link text also be the link to the file
you should have something like this:
<a href="/courses/XXX/files/YYY/download?wrap=1">/courses/XXX/files/YYY/download?wrap=1</a>
* export the course. the assignment export should succeed (no errors in the summary)
* import the export, and the assignment should be there
(for #10702)
* create a course with two assignments, each in separate assignment groups, and a file
* put a link to the file in the syllabus description, using the link itself as the
link text, as above
* export/import, and verify the assignment groups don't disappear
Change-Id: Icb0a8727a5d7f703bdf7646d98b72b2877246576
Reviewed-on: https://gerrit.instructure.com/13863
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
old UserContent.css_size was really weird about what it would accept and
when it would return a String vs. a Float. the times it returned a
Float, it would make api_user_content explode. fix that and add some
specs. the vulnerable code was exercised, among other places, in the
assignment json, which impacts gradebooks and other UI features.
fixes#9881
test-plan:
- create an assignment in a course
- in the assignment description, include the html
<object width='100%' />
- try and view the gradebook for the course
- it should not have an ajax request error
Change-Id: I02e824414013347730185fbf7f7fb94a951f3e77
Reviewed-on: https://gerrit.instructure.com/12895
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
This modifies the API to return information on the required user_content
params for api responses. The javascript then processes the api response
fields and replaces the user content with iframe posts to safefiles,
same as we do server-side in erb currently for user_content in non-api
responses. This is done before the html is inserted on the page.
The current implementation requires the api to respond with these extra
data attributes all the time, not just for in-app requests. This isn't
ideal, but other api users will safely ignore those extra data
attributes.
test plan: in a discussion, post a reply that contains an object or
embed tag. reload the page and verify that the flash or java or whatever
still appears. inspect the html, and check that it is contained inside
an iframe pointing to the safefiles domain, rather than embedded
directly on the main canvas domain.
Change-Id: I5f1c5f4f267f654ec339ee422f0743f33ee2564f
Reviewed-on: https://gerrit.instructure.com/12111
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan:
* create a course with a module that has an external tool link in it;
* link to the external tool from a wiki page (you'll need to do this
manually by copying the link from the modules page and taking the
path);
* create a new course and copy the first course's content into it;
* verify that the link exists in the wiki page and properly links to
the external tool.
Change-Id: Ia7a3169ba1deb9e42955b658a3bf26203d311e5d
Reviewed-on: https://gerrit.instructure.com/10997
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Basic LTI links before could only be added as items in context
modules. This extends that functionality to also support inserting
Basic LTI links into rich content fields. There is no UI provided
for inserting these links, that comes in another commit.
test plan:
- create an external tool in a course with a specific url
- manually create a URL to
/courses/:id/external_tools/retrieve?url=<url>
- the tool should be loaded at the given url
Change-Id: I658b838b8c9a2a6826cf803fd41cb9924fb287ef
Reviewed-on: https://gerrit.instructure.com/5428
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
One in course copy, and one in common cartridge export.
refs #5739
Change-Id: I4ba016f643a22f0cf3f6dbbe6b00dcd7d228a10a
Reviewed-on: https://gerrit.instructure.com/5979
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
user_content will now work for any arbitrary RTE field, no matter if it
came from a column, a string nested three levels deep in a serialized
column, whatever.
let's call this technique "controlled XSS injection"
Change-Id: I56eed1f9b546ac7849dc60faa0f2b3801231131e
Reviewed-on: https://gerrit.instructure.com/3704
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Cody Cutrer