Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update html cleaning rules #444

Merged
merged 5 commits into from
Jul 10, 2024
Merged

fix: update html cleaning rules #444

merged 5 commits into from
Jul 10, 2024

Conversation

ahmed-arb
Copy link
Collaborator

@ahmed-arb ahmed-arb commented Jul 3, 2024
edited
Loading

Context:

OpenEdx uses Cleaner from LXML to sanitize HTML before displaying it on the about page. It removes URLs if they contain JavaScript. The decision rule matches the following schemes in the URL:

  • javascript:
  • jscript:
  • livescript:
  • vbscript:
  • data:
  • about:
  • mocha:

Solution:

We override the rule to bypass cleaning if href value is a URL.

@ahmed-arb
Copy link
Collaborator Author

@ziafazal Please review.

ziafazal
ziafazal reviewed Jul 4, 2024
View reviewed changes
Copy link

@ziafazal ziafazal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ahmed-arb overall looks good few minor things to look into. Please add unit tests too.

openedx/core/djangolib/markup.py Outdated Show resolved Hide resolved
openedx/core/djangolib/markup.py Outdated Show resolved Hide resolved
@ahmed-arb ahmed-arb force-pushed the ahmed-arb/fix-html-clean branch from a55f99b to 592c7e3 Compare July 5, 2024 07:05
@ahmed-arb ahmed-arb requested a review from ziafazal July 5, 2024 07:07
@ahmed-arb
Copy link
Collaborator Author

@ziafazal please review again.
Doc-strings added and wrote test cases for testing valid urls will not be removed. Also fixed broken tests.

ziafazal
ziafazal reviewed Jul 5, 2024
View reviewed changes
Copy link

@ziafazal ziafazal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ahmed-arb completed another round of review.

openedx/core/djangolib/markup.py Outdated Show resolved Hide resolved
openedx/core/djangolib/tests/test_markup.py Outdated Show resolved Hide resolved
openedx/features/wikimedia_features/messenger/apps.py
@@ -20,7 +20,6 @@ class MessengerConfig(AppConfig):
PluginSettings.CONFIG: {
ProjectType.LMS: {
SettingsType.COMMON: {PluginSettings.RELATIVE_PATH: 'settings.common'},
SettingsType.TEST: {PluginSettings.RELATIVE_PATH: 'settings.test'},
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why we need to remove this?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This module does not exist.

openedx/core/djangolib/markup.py Outdated Show resolved Hide resolved
@ahmed-arb ahmed-arb force-pushed the ahmed-arb/fix-html-clean branch from ec0572d to c37c050 Compare July 5, 2024 09:03
@ahmed-arb ahmed-arb requested a review from ziafazal July 5, 2024 09:04
@ahmed-arb ahmed-arb self-assigned this Jul 5, 2024
@ahmed-arb
Copy link
Collaborator Author

@ziafazal Please review now.

ziafazal
ziafazal approved these changes Jul 5, 2024
View reviewed changes
Copy link

@ziafazal ziafazal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ahmed-arb this looks good now. 👍

@ahmed-arb ahmed-arb merged commit 0633e78 into develop Jul 10, 2024
1 check passed
@ahmed-arb ahmed-arb deleted the ahmed-arb/fix-html-clean branch July 10, 2024 12:25
@ahmed-arb ahmed-arb restored the ahmed-arb/fix-html-clean branch August 29, 2024 10:13
@ahmed-arb ahmed-arb deleted the ahmed-arb/fix-html-clean branch November 4, 2024 07:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ziafazal ziafazal ziafazal approved these changes

@Abdul-Muqadim-Arbisoft Abdul-Muqadim-Arbisoft Awaiting requested review from Abdul-Muqadim-Arbisoft

Assignees

@ahmed-arb ahmed-arb

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ahmed-arb @ziafazal