ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,719 Commits 324 Branches 20,019 Tags 1.7 GiB
Ruby 51.2%
JavaScript 33.7%
TypeScript 10.3%
HTML 2.5%
SCSS 1.3%
Other 1%
Go to file
Brian Finney 01e6bfbaf7 Sanitize quiz answer comments html 
Fixes CNVS-22170

Test plan:
 - Create a quiz
 - Set a answer comment to `">'><img src=x onerror=alert(3)>`
 - Take the test and view the resulting answer comment every where you
 can find it
 - Try lots of other forms of html to try and execute javascript

Change-Id: I209b266a648810763e03b602790001034815b44f
Reviewed-on: https://gerrit.instructure.com/59457
Reviewed-by: Cameron Sutter <csutter@instructure.com>
Tested-by: Jenkins
QA-Review: Adam Stone <astone@instructure.com>
Product-Review: Cameron Sutter <csutter@instructure.com>
 		2015-07-29 16:10:10 +00:00
Gemfile.d Appium Specs for Mobile Apps 2015-07-28 20:26:08 +00:00
app Sanitize quiz answer comments html 2015-07-29 16:10:10 +00:00
bin rails 4.0.10 2014-09-16 22:07:39 +00:00
client_apps Fixes event sorting issue in question inspection view of QLA 2015-07-27 16:17:56 +00:00
config create ext_outcomes_tool_placement_url api for turnitin 2015-07-28 22:46:54 +00:00
db/migrate Add Upload CSS/JS tab to Theme Editor 2015-07-28 22:35:52 +00:00
doc fix typo 2015-07-15 10:03:01 -06:00
docker-compose spec: ensure we wait for a new page load when doing a get 2015-05-02 13:21:05 +00:00
gems create ext_outcomes_tool_placement_url api for turnitin 2015-07-28 22:46:54 +00:00
guard move 'parallel' gem to the everything group 2015-07-20 22:03:21 +00:00
lib add feature flag for moderated grading 2015-07-29 03:16:42 +00:00
public remove old uploadify code 2015-07-27 21:55:10 +00:00
script fix script/canvas_update to work with brandable_css 2015-07-07 20:41:28 +00:00
spec Assignment quick add specs 2015-07-29 14:19:04 +00:00
.bowerrc introduced bower to manage js dependencies 2013-12-13 17:45:57 +00:00
.dockerignore docker-compose based dev environment 2015-03-30 20:59:48 +00:00
.fontcustom-manifest.json Update icons for tinymce editor 2015-06-29 19:48:39 +00:00
.gitignore A new way of doing css/sass & New Canvas Theme Editor 2015-07-02 22:42:18 +00:00
.i18nignore bump rails 3 to github branch for ruby 2.2 compatibility 2015-02-18 22:55:20 +00:00
.jshintrc make jslint settings more sane 2012-08-17 11:04:40 -06:00
.rubocop.yml turn off Rubocop::Cop::Style::WhileUntilModifier 2015-04-28 17:20:55 +00:00
.travis.yml more travis builds 2014-02-10 16:23:19 +00:00
CONTRIBUTING.md add a contributing doc for github coolness 2012-09-19 10:16:04 -06:00
COPYRIGHT Initial commit. 2011-01-31 18:57:29 -07:00
Gemfile use eval_gemfile for bundler goodness 2015-02-18 18:15:14 +00:00
Guardfile ensure node_modules are up-to-date for guard & compile_assets 2015-07-16 19:17:54 +00:00
LICENSE Initial commit. 2011-01-31 18:57:29 -07:00
README.md remove travis.ci badge until we are re-enabled 2014-07-01 23:08:00 +00:00
Rakefile remove rails 2 support 2014-08-06 18:16:19 +00:00
bower.json add moment.js to our common bundle 2015-07-17 18:35:12 +00:00
code_of_conduct.md contributor code of conduct 2014-12-23 18:13:59 +00:00
config.ru start adding rails 3.0 support 2013-03-22 19:08:40 +00:00
docker-compose.yml allow *.canvas.docker in the docker-compose dev environment 2015-04-23 16:47:09 +00:00
gulpfile.babel.js A new way of doing css/sass & New Canvas Theme Editor 2015-07-02 22:42:18 +00:00
karma.conf.js upgrade karma 2015-07-17 04:50:07 +00:00
package.json handle running 'brandable_css' from within a symlinked dir 2015-07-27 21:06:29 +00:00

README.md

Canvas LMS

Canvas is a new, open-source LMS by Instructure Inc. It is released under the AGPLv3 license for use by anyone interested in learning more about or using learning management systems.

Please see our main wiki page for more information

Installation

Detailed instructions for installation and configuration of Canvas are provided on our wiki.