ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,361 Commits 324 Branches 20,019 Tags 1.7 GiB
Ruby 51.2%
JavaScript 33.7%
TypeScript 10.3%
HTML 2.5%
SCSS 1.3%
Other 1%
Go to file
Sterling Cobb 69ea170eb1 there was an xss script issue in preview iframes 
fixes CNVS-17101

When you have a file with a <script> name, when no preview could be
shown for that file, it would run the xss. This fixes that.

Test Plan
Given you are on new files
And you create a file with the name <script>alert("Hi");</script>
When you preview that file
Then you should NOT see a pop up with the words Hi

Change-Id: Iaaeddd9e0121707b6122a3095fa9127b06815d2b
Reviewed-on: https://gerrit.instructure.com/44869
Reviewed-by: Dan Minkevitch <dan@instructure.com>
Product-Review: Sterling Cobb <sterling@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
 		2014-11-25 02:26:42 +00:00
Gemfile.d allow excluding students from global surveys 2014-11-19 20:45:23 +00:00
app there was an xss script issue in preview iframes 2014-11-25 02:26:42 +00:00
bin rails 4.0.10 2014-09-16 22:07:39 +00:00
client_apps Quiz Reports API - force regeneration 2014-11-12 22:49:38 +00:00
config restore korean translation 2014-11-24 21:39:25 +00:00
db/migrate add external integration keys 2014-11-21 01:19:24 +00:00
doc api docs: use array type instead of 'tags' 2014-11-12 18:27:39 +00:00
gems spec: simple_cov tweaks 2014-11-24 17:39:14 +00:00
guard Implement PostGrades dialog in ReactJS 2014-11-19 23:55:56 +00:00
lib fix deleting of observer enrollments through sis import 2014-11-25 01:21:51 +00:00
loom introduced bower to manage js dependencies 2013-12-13 17:45:57 +00:00
public setup default lti2 placements 2014-11-24 23:34:28 +00:00
script i18nliner-js (part I) 2014-10-30 06:25:36 +00:00
spec fix sections_visible_to for array arguments 2014-11-25 01:31:32 +00:00
vendor/plugins no more wiziq 2014-11-06 16:00:13 +00:00
.bowerrc introduced bower to manage js dependencies 2013-12-13 17:45:57 +00:00
.fontcustom-manifest.json add eye and cloud-lock icons to icon font & newfiles 2014-10-30 19:21:47 +00:00
.gitignore added jsx 2014-11-03 23:20:33 +00:00
.i18nignore i18nliner(.rb) 2014-10-29 21:59:39 +00:00
.jshintrc make jslint settings more sane 2012-08-17 11:04:40 -06:00
.travis.yml more travis builds 2014-02-10 16:23:19 +00:00
CONTRIBUTING.md add a contributing doc for github coolness 2012-09-19 10:16:04 -06:00
COPYRIGHT Initial commit. 2011-01-31 18:57:29 -07:00
Gemfile begin rails 4 2014-08-27 23:09:17 +00:00
Guardfile added jsx 2014-11-03 23:20:33 +00:00
LICENSE Initial commit. 2011-01-31 18:57:29 -07:00
README.md remove travis.ci badge until we are re-enabled 2014-07-01 23:08:00 +00:00
Rakefile remove rails 2 support 2014-08-06 18:16:19 +00:00
bower.json Updated react-router 2014-10-16 18:04:44 +00:00
config.ru start adding rails 3.0 support 2013-03-22 19:08:40 +00:00
karma.conf.js new avatars upload image function 2014-03-07 18:52:28 +00:00
package.json added jsx 2014-11-03 23:20:33 +00:00

README.md

Canvas LMS

Canvas is a new, open-source LMS by Instructure Inc. It is released under the AGPLv3 license for use by anyone interested in learning more about or using learning management systems.

Please see our main wiki page for more information

Installation

Detailed instructions for installation and configuration of Canvas are provided on our wiki.