feat!: update Drag and Drop v2 XBlock to prevent XSS vulnerabilities

BREAKING CHANGE: disallowed HTML tags (e.g. <script>) will no longer be rendered in LMS and Studio.
open-craft · Nov 28, 2022 · 1b00879 · 1b00879
1 parent bb8b6ea
commit 1b00879
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 5 deletions.
diff --git a/requirements/edx/base.in b/requirements/edx/base.in
@@ -165,3 +165,4 @@ XBlock                              # Courseware component architecture
 xblock-utils                        # Provides utilities used by the Discussion XBlock
 xss-utils                           # https://github.com/edx/edx-platform/pull/20633 Fix XSS via Translations
 enmerkar-underscore                 # Implements a underscore extractor for django-babel.
+xblock-drag-and-drop-v2             # Drag and Drop XBlock
diff --git a/requirements/edx/base.txt b/requirements/edx/base.txt
@@ -1069,8 +1069,8 @@ xblock==1.5.1
     #   xblock-google-drive
     #   xblock-poll
     #   xblock-utils
-xblock-drag-and-drop-v2 @ git+https://github.com/edx-solutions/[email protected]
-    # via -r requirements/edx/github.in
+xblock-drag-and-drop-v2==3.0.0
+    # via -r requirements/edx/base.in
 xblock-poll @ git+https://github.com/open-craft/[email protected]
     # via -r requirements/edx/github.in
 xblock-utils==2.2.0

diff --git a/requirements/edx/development.txt b/requirements/edx/development.txt
@@ -1560,7 +1560,7 @@ xblock==1.5.1
     #   xblock-google-drive
     #   xblock-poll
     #   xblock-utils
-xblock-drag-and-drop-v2 @ git+https://github.com/edx-solutions/[email protected]
+xblock-drag-and-drop-v2==3.0.0
     # via -r requirements/edx/testing.txt
 xblock-poll @ git+https://github.com/open-craft/[email protected]
     # via -r requirements/edx/testing.txt

diff --git a/requirements/edx/github.in b/requirements/edx/github.in
@@ -74,4 +74,3 @@ git+https://github.com/edx/django-require.git@0c54adb167142383b26ea6b3edecc32118
 # Third Party XBlocks
 
 git+https://github.com/open-craft/[email protected]#egg=xblock-poll==1.12.0
-git+https://github.com/edx-solutions/[email protected]#egg=xblock-drag-and-drop-v2==2.3.5
diff --git a/requirements/edx/testing.txt b/requirements/edx/testing.txt
@@ -1435,7 +1435,7 @@ xblock==1.5.1
     #   xblock-google-drive
     #   xblock-poll
     #   xblock-utils
-xblock-drag-and-drop-v2 @ git+https://github.com/edx-solutions/[email protected]
+xblock-drag-and-drop-v2==3.0.0
     # via -r requirements/edx/base.txt
 xblock-poll @ git+https://github.com/open-craft/[email protected]
     # via -r requirements/edx/base.txt
Original file line number	Diff line number	Diff line change
Expand Up		@@ -74,4 +74,3 @@ git+https://github.com/edx/django-require.git@0c54adb167142383b26ea6b3edecc32118
		# Third Party XBlocks

		git+https://github.com/open-craft/[email protected]#egg=xblock-poll==1.12.0
		git+https://github.com/edx-solutions/[email protected]#egg=xblock-drag-and-drop-v2==2.3.5