canvas-lms

History

Jackson Howe 53d433019b Increase depth limit for syllabus User content with deeply nested html elements couldn't be parsed by Nokogiri when the depth exceeded the DEFAULT_MAX_TREE_DEPTH of 400. The depth limit has already been increased in other places (quizzes, wiki pages), so we'll do the same for syllabus content to prevent making the entire syllabus inaccessible if deeply nested content is saved. This change also prevents content that can't be parsed from being saved in the syllabus. fixes LS-3114 flag = none Test plan: - Get my document with deeply-nested html and save the content to a course's syllabus_body in a rails console - Go to that course's syllabus in the UI - Expect the page to load fine - Lower the max_tree_depth constant in gems/canvas_sanitize/lib/canvas_sanitize/canvas_sanitize.rb (L75) to 1 - Restart rails server - In a new course, go to the syllabus and in the html editor, paste <div><div><p>hi</p></div></div> - Click save and expect to get a 4xx response Change-Id: Ib97ab86c102162f8efdc29c1122e0aa6d9801026 Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/289992 Reviewed-by: Eric Saupe <eric.saupe@instructure.com> QA-Review: Eric Saupe <eric.saupe@instructure.com> Product-Review: Jackson Howe <jackson.howe@instructure.com> Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>	2022-04-20 19:38:27 +00:00
..
canvas_sanitize	Increase depth limit for syllabus	2022-04-20 19:38:27 +00:00
canvas_sanitize.rb	RuboCop: Style/StringLiterals, Style/StringLiteralsInInterpolation	2021-11-25 14:03:06 +00:00

Jackson Howe 53d433019b Increase depth limit for syllabus

User content with deeply nested html elements couldn't be parsed by
Nokogiri when the depth exceeded the DEFAULT_MAX_TREE_DEPTH of 400.
The depth limit has already been increased in other places (quizzes,
wiki pages), so we'll do the same for syllabus content to prevent making
the entire syllabus inaccessible if deeply nested content is saved. This
change also prevents content that can't be parsed from being saved in
the syllabus.

fixes LS-3114
flag = none

Test plan:
 - Get my document with deeply-nested html and save the content to a
   course's syllabus_body in a rails console
 - Go to that course's syllabus in the UI
 - Expect the page to load fine
 - Lower the max_tree_depth constant in
   gems/canvas_sanitize/lib/canvas_sanitize/canvas_sanitize.rb (L75) to 1
 - Restart rails server
 - In a new course, go to the syllabus and in the html editor, paste
   <div><div><p>hi</p></div></div>
 - Click save and expect to get a 4xx response

Change-Id: Ib97ab86c102162f8efdc29c1122e0aa6d9801026
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/289992
Reviewed-by: Eric Saupe <eric.saupe@instructure.com>
QA-Review: Eric Saupe <eric.saupe@instructure.com>
Product-Review: Jackson Howe <jackson.howe@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>

2022-04-20 19:38:27 +00:00

canvas_sanitize

Increase depth limit for syllabus

2022-04-20 19:38:27 +00:00

canvas_sanitize.rb

RuboCop: Style/StringLiterals, Style/StringLiteralsInInterpolation

2021-11-25 14:03:06 +00:00