@instructure/outcomes-ui 4.1.4 → 4.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/es/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/lib/__tests__/sanitize.test.js +133 -11
- package/es/lib/sanitize.js +22 -26
- package/es/translated/ar/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/ar/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/ar/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/ar/lib/sanitize.js +22 -26
- package/es/translated/ca/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/ca/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/ca/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/ca/lib/sanitize.js +22 -26
- package/es/translated/cy/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/cy/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/cy/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/cy/lib/sanitize.js +22 -26
- package/es/translated/da/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/da/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/da/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/da/lib/sanitize.js +22 -26
- package/es/translated/da-x-k12/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/da-x-k12/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/da-x-k12/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/da-x-k12/lib/sanitize.js +22 -26
- package/es/translated/de/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/de/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/de/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/de/lib/sanitize.js +22 -26
- package/es/translated/en/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/en/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/en/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/en/lib/sanitize.js +22 -26
- package/es/translated/en-AU/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/en-AU/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/en-AU/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/en-AU/lib/sanitize.js +22 -26
- package/es/translated/en-AU-x-unimelb/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/en-AU-x-unimelb/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/en-AU-x-unimelb/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/en-AU-x-unimelb/lib/sanitize.js +22 -26
- package/es/translated/en-CA/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/en-CA/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/en-CA/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/en-CA/lib/sanitize.js +22 -26
- package/es/translated/en-CY/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/en-CY/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/en-CY/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/en-CY/lib/sanitize.js +22 -26
- package/es/translated/en-GB/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/en-GB/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/en-GB/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/en-GB/lib/sanitize.js +22 -26
- package/es/translated/en-GB-x-ukhe/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/en-GB-x-ukhe/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/en-GB-x-ukhe/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/en-GB-x-ukhe/lib/sanitize.js +22 -26
- package/es/translated/en-IE/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/en-IE/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/en-IE/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/en-IE/lib/sanitize.js +22 -26
- package/es/translated/es/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/es/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/es/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/es/lib/sanitize.js +22 -26
- package/es/translated/es-ES/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/es-ES/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/es-ES/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/es-ES/lib/sanitize.js +22 -26
- package/es/translated/es_ES/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/es_ES/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/es_ES/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/es_ES/lib/sanitize.js +22 -26
- package/es/translated/fi/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/fi/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/fi/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/fi/lib/sanitize.js +22 -26
- package/es/translated/fr/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/fr/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/fr/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/fr/lib/sanitize.js +22 -26
- package/es/translated/fr-CA/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/fr-CA/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/fr-CA/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/fr-CA/lib/sanitize.js +22 -26
- package/es/translated/ht/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/ht/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/ht/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/ht/lib/sanitize.js +22 -26
- package/es/translated/is/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/is/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/is/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/is/lib/sanitize.js +22 -26
- package/es/translated/it/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/it/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/it/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/it/lib/sanitize.js +22 -26
- package/es/translated/ja/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/ja/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/ja/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/ja/lib/sanitize.js +22 -26
- package/es/translated/mi/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/mi/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/mi/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/mi/lib/sanitize.js +22 -26
- package/es/translated/nb/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/nb/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/nb/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/nb/lib/sanitize.js +22 -26
- package/es/translated/nb-x-k12/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/nb-x-k12/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/nb-x-k12/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/nb-x-k12/lib/sanitize.js +22 -26
- package/es/translated/nl/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/nl/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/nl/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/nl/lib/sanitize.js +22 -26
- package/es/translated/pl/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/pl/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/pl/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/pl/lib/sanitize.js +22 -26
- package/es/translated/pt/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/pt/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/pt/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/pt/lib/sanitize.js +22 -26
- package/es/translated/pt-BR/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/pt-BR/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/pt-BR/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/pt-BR/lib/sanitize.js +22 -26
- package/es/translated/ru/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/ru/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/ru/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/ru/lib/sanitize.js +22 -26
- package/es/translated/sl/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/sl/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/sl/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/sl/lib/sanitize.js +22 -26
- package/es/translated/sv/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/sv/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/sv/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/sv/lib/sanitize.js +22 -26
- package/es/translated/sv-x-k12/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/sv-x-k12/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/sv-x-k12/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/sv-x-k12/lib/sanitize.js +22 -26
- package/es/translated/th/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/th/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/th/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/th/lib/sanitize.js +22 -26
- package/es/translated/vi/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/vi/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/vi/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/vi/lib/sanitize.js +22 -26
- package/es/translated/zh-Hans/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/zh-Hans/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/zh-Hans/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/zh-Hans/lib/sanitize.js +22 -26
- package/es/translated/zh-Hant/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/es/translated/zh-Hant/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/es/translated/zh-Hant/lib/__tests__/sanitize.test.js +133 -11
- package/es/translated/zh-Hant/lib/sanitize.js +22 -26
- package/lib/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/components/Gradebook/popovers/StudentPopover/index.d.ts.map +1 -1
- package/lib/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/lib/__tests__/sanitize.test.js +132 -10
- package/lib/lib/sanitize.js +22 -26
- package/lib/translated/ar/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/ar/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/ar/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/ar/lib/sanitize.js +22 -26
- package/lib/translated/ca/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/ca/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/ca/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/ca/lib/sanitize.js +22 -26
- package/lib/translated/cy/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/cy/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/cy/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/cy/lib/sanitize.js +22 -26
- package/lib/translated/da/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/da/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/da/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/da/lib/sanitize.js +22 -26
- package/lib/translated/da-x-k12/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/da-x-k12/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/da-x-k12/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/da-x-k12/lib/sanitize.js +22 -26
- package/lib/translated/de/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/de/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/de/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/de/lib/sanitize.js +22 -26
- package/lib/translated/en/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/en/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/en/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/en/lib/sanitize.js +22 -26
- package/lib/translated/en-AU/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/en-AU/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/en-AU/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/en-AU/lib/sanitize.js +22 -26
- package/lib/translated/en-AU-x-unimelb/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/en-AU-x-unimelb/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/en-AU-x-unimelb/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/en-AU-x-unimelb/lib/sanitize.js +22 -26
- package/lib/translated/en-CA/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/en-CA/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/en-CA/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/en-CA/lib/sanitize.js +22 -26
- package/lib/translated/en-CY/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/en-CY/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/en-CY/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/en-CY/lib/sanitize.js +22 -26
- package/lib/translated/en-GB/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/en-GB/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/en-GB/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/en-GB/lib/sanitize.js +22 -26
- package/lib/translated/en-GB-x-ukhe/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/en-GB-x-ukhe/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/en-GB-x-ukhe/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/en-GB-x-ukhe/lib/sanitize.js +22 -26
- package/lib/translated/en-IE/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/en-IE/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/en-IE/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/en-IE/lib/sanitize.js +22 -26
- package/lib/translated/es/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/es/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/es/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/es/lib/sanitize.js +22 -26
- package/lib/translated/es-ES/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/es-ES/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/es-ES/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/es-ES/lib/sanitize.js +22 -26
- package/lib/translated/es_ES/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/es_ES/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/es_ES/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/es_ES/lib/sanitize.js +22 -26
- package/lib/translated/fi/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/fi/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/fi/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/fi/lib/sanitize.js +22 -26
- package/lib/translated/fr/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/fr/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/fr/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/fr/lib/sanitize.js +22 -26
- package/lib/translated/fr-CA/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/fr-CA/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/fr-CA/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/fr-CA/lib/sanitize.js +22 -26
- package/lib/translated/ht/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/ht/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/ht/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/ht/lib/sanitize.js +22 -26
- package/lib/translated/is/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/is/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/is/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/is/lib/sanitize.js +22 -26
- package/lib/translated/it/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/it/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/it/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/it/lib/sanitize.js +22 -26
- package/lib/translated/ja/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/ja/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/ja/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/ja/lib/sanitize.js +22 -26
- package/lib/translated/mi/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/mi/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/mi/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/mi/lib/sanitize.js +22 -26
- package/lib/translated/nb/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/nb/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/nb/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/nb/lib/sanitize.js +22 -26
- package/lib/translated/nb-x-k12/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/nb-x-k12/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/nb-x-k12/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/nb-x-k12/lib/sanitize.js +22 -26
- package/lib/translated/nl/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/nl/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/nl/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/nl/lib/sanitize.js +22 -26
- package/lib/translated/pl/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/pl/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/pl/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/pl/lib/sanitize.js +22 -26
- package/lib/translated/pt/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/pt/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/pt/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/pt/lib/sanitize.js +22 -26
- package/lib/translated/pt-BR/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/pt-BR/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/pt-BR/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/pt-BR/lib/sanitize.js +22 -26
- package/lib/translated/ru/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/ru/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/ru/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/ru/lib/sanitize.js +22 -26
- package/lib/translated/sl/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/sl/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/sl/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/sl/lib/sanitize.js +22 -26
- package/lib/translated/sv/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/sv/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/sv/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/sv/lib/sanitize.js +22 -26
- package/lib/translated/sv-x-k12/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/sv-x-k12/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/sv-x-k12/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/sv-x-k12/lib/sanitize.js +22 -26
- package/lib/translated/th/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/th/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/th/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/th/lib/sanitize.js +22 -26
- package/lib/translated/vi/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/vi/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/vi/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/vi/lib/sanitize.js +22 -26
- package/lib/translated/zh-Hans/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/zh-Hans/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/zh-Hans/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/zh-Hans/lib/sanitize.js +22 -26
- package/lib/translated/zh-Hant/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js +99 -23
- package/lib/translated/zh-Hant/components/Gradebook/popovers/StudentPopover/index.js +4 -1
- package/lib/translated/zh-Hant/lib/__tests__/sanitize.test.js +132 -10
- package/lib/translated/zh-Hant/lib/sanitize.js +22 -26
- package/package.json +3 -3
|
@@ -254,80 +254,156 @@ describe('StudentPopover', function () {
|
|
|
254
254
|
}, _callee0);
|
|
255
255
|
})));
|
|
256
256
|
});
|
|
257
|
-
describe('
|
|
258
|
-
it('
|
|
259
|
-
var _t6;
|
|
257
|
+
describe('Security', function () {
|
|
258
|
+
it('does not render the mastery report link for a javascript: URI', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee1() {
|
|
260
259
|
return _regenerator().w(function (_context1) {
|
|
261
260
|
while (1) switch (_context1.n) {
|
|
262
261
|
case 0:
|
|
263
262
|
renderComponent({
|
|
264
|
-
|
|
263
|
+
studentGradesUrl: 'javascript:alert(document.cookie)'
|
|
265
264
|
});
|
|
266
265
|
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
267
|
-
_t6 = expect;
|
|
268
266
|
_context1.n = 1;
|
|
269
|
-
return screen.
|
|
267
|
+
return screen.findByText('Message');
|
|
270
268
|
case 1:
|
|
271
|
-
|
|
269
|
+
expect(screen.queryByText('View Mastery Report')).not.toBeInTheDocument();
|
|
272
270
|
case 2:
|
|
273
271
|
return _context1.a(2);
|
|
274
272
|
}
|
|
275
273
|
}, _callee1);
|
|
276
274
|
})));
|
|
277
|
-
it('does not
|
|
275
|
+
it('does not render the mastery report link for a data: URI', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee10() {
|
|
278
276
|
return _regenerator().w(function (_context10) {
|
|
279
277
|
while (1) switch (_context10.n) {
|
|
280
278
|
case 0:
|
|
281
279
|
renderComponent({
|
|
282
|
-
|
|
280
|
+
studentGradesUrl: 'data:text/html,<script>alert(1)</script>'
|
|
283
281
|
});
|
|
284
282
|
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
285
283
|
_context10.n = 1;
|
|
286
|
-
return screen.
|
|
284
|
+
return screen.findByText('Message');
|
|
287
285
|
case 1:
|
|
288
|
-
expect(screen.
|
|
286
|
+
expect(screen.queryByText('View Mastery Report')).not.toBeInTheDocument();
|
|
289
287
|
case 2:
|
|
290
288
|
return _context10.a(2);
|
|
291
289
|
}
|
|
292
290
|
}, _callee10);
|
|
293
291
|
})));
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
it('shows an error message when error prop is provided', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee11() {
|
|
297
|
-
var _t7;
|
|
292
|
+
it('renders the mastery report link for a safe https URL', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee11() {
|
|
293
|
+
var safeUrl, masteryLink;
|
|
298
294
|
return _regenerator().w(function (_context11) {
|
|
299
295
|
while (1) switch (_context11.n) {
|
|
300
296
|
case 0:
|
|
297
|
+
safeUrl = 'https://canvas.instructure.com/courses/123/grades/1';
|
|
301
298
|
renderComponent({
|
|
302
|
-
|
|
299
|
+
studentGradesUrl: safeUrl
|
|
303
300
|
});
|
|
304
301
|
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
305
|
-
_t7 = expect;
|
|
306
302
|
_context11.n = 1;
|
|
307
|
-
return screen.findByText('
|
|
303
|
+
return screen.findByText('View Mastery Report');
|
|
308
304
|
case 1:
|
|
309
|
-
|
|
305
|
+
masteryLink = _context11.v;
|
|
306
|
+
expect(masteryLink.closest('a')).toHaveAttribute('href', safeUrl);
|
|
310
307
|
case 2:
|
|
311
308
|
return _context11.a(2);
|
|
312
309
|
}
|
|
313
310
|
}, _callee11);
|
|
314
311
|
})));
|
|
315
|
-
it('
|
|
312
|
+
it('renders the mastery report link for a safe http URL', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee12() {
|
|
313
|
+
var safeUrl, masteryLink;
|
|
316
314
|
return _regenerator().w(function (_context12) {
|
|
317
315
|
while (1) switch (_context12.n) {
|
|
318
316
|
case 0:
|
|
317
|
+
safeUrl = 'http://canvas.instructure.com/courses/123/grades/1';
|
|
319
318
|
renderComponent({
|
|
320
|
-
|
|
319
|
+
studentGradesUrl: safeUrl
|
|
321
320
|
});
|
|
322
321
|
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
323
322
|
_context12.n = 1;
|
|
324
|
-
return screen.findByText('
|
|
323
|
+
return screen.findByText('View Mastery Report');
|
|
325
324
|
case 1:
|
|
326
|
-
|
|
325
|
+
masteryLink = _context12.v;
|
|
326
|
+
expect(masteryLink.closest('a')).toHaveAttribute('href', safeUrl);
|
|
327
327
|
case 2:
|
|
328
328
|
return _context12.a(2);
|
|
329
329
|
}
|
|
330
330
|
}, _callee12);
|
|
331
331
|
})));
|
|
332
332
|
});
|
|
333
|
+
describe('Loading State', function () {
|
|
334
|
+
it('shows a spinner when isLoading is true', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee13() {
|
|
335
|
+
var _t6;
|
|
336
|
+
return _regenerator().w(function (_context13) {
|
|
337
|
+
while (1) switch (_context13.n) {
|
|
338
|
+
case 0:
|
|
339
|
+
renderComponent({
|
|
340
|
+
isLoading: true
|
|
341
|
+
});
|
|
342
|
+
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
343
|
+
_t6 = expect;
|
|
344
|
+
_context13.n = 1;
|
|
345
|
+
return screen.findByTitle('Loading user details');
|
|
346
|
+
case 1:
|
|
347
|
+
_t6(_context13.v).toBeInTheDocument();
|
|
348
|
+
case 2:
|
|
349
|
+
return _context13.a(2);
|
|
350
|
+
}
|
|
351
|
+
}, _callee13);
|
|
352
|
+
})));
|
|
353
|
+
it('does not show student details when isLoading is true', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee14() {
|
|
354
|
+
return _regenerator().w(function (_context14) {
|
|
355
|
+
while (1) switch (_context14.n) {
|
|
356
|
+
case 0:
|
|
357
|
+
renderComponent({
|
|
358
|
+
isLoading: true
|
|
359
|
+
});
|
|
360
|
+
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
361
|
+
_context14.n = 1;
|
|
362
|
+
return screen.findByTitle('Loading user details');
|
|
363
|
+
case 1:
|
|
364
|
+
expect(screen.queryByTestId('lmgb-student-popover-avatar')).not.toBeInTheDocument();
|
|
365
|
+
case 2:
|
|
366
|
+
return _context14.a(2);
|
|
367
|
+
}
|
|
368
|
+
}, _callee14);
|
|
369
|
+
})));
|
|
370
|
+
});
|
|
371
|
+
describe('Error State', function () {
|
|
372
|
+
it('shows an error message when error prop is provided', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee15() {
|
|
373
|
+
var _t7;
|
|
374
|
+
return _regenerator().w(function (_context15) {
|
|
375
|
+
while (1) switch (_context15.n) {
|
|
376
|
+
case 0:
|
|
377
|
+
renderComponent({
|
|
378
|
+
error: 'Failed to load student details'
|
|
379
|
+
});
|
|
380
|
+
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
381
|
+
_t7 = expect;
|
|
382
|
+
_context15.n = 1;
|
|
383
|
+
return screen.findByText('Failed to load student details');
|
|
384
|
+
case 1:
|
|
385
|
+
_t7(_context15.v).toBeInTheDocument();
|
|
386
|
+
case 2:
|
|
387
|
+
return _context15.a(2);
|
|
388
|
+
}
|
|
389
|
+
}, _callee15);
|
|
390
|
+
})));
|
|
391
|
+
it('does not show student details when error is present', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee16() {
|
|
392
|
+
return _regenerator().w(function (_context16) {
|
|
393
|
+
while (1) switch (_context16.n) {
|
|
394
|
+
case 0:
|
|
395
|
+
renderComponent({
|
|
396
|
+
error: 'Something went wrong'
|
|
397
|
+
});
|
|
398
|
+
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
399
|
+
_context16.n = 1;
|
|
400
|
+
return screen.findByText('Something went wrong');
|
|
401
|
+
case 1:
|
|
402
|
+
expect(screen.queryByTestId('lmgb-student-popover-avatar')).not.toBeInTheDocument();
|
|
403
|
+
case 2:
|
|
404
|
+
return _context16.a(2);
|
|
405
|
+
}
|
|
406
|
+
}, _callee16);
|
|
407
|
+
})));
|
|
408
|
+
});
|
|
333
409
|
});
|
|
@@ -100,6 +100,9 @@ var MasteryScores = function MasteryScores(_ref2) {
|
|
|
100
100
|
}, bucket.count)));
|
|
101
101
|
}))));
|
|
102
102
|
};
|
|
103
|
+
var isSafeUrl = function isSafeUrl(url) {
|
|
104
|
+
return /^(https?:\/\/|\/)/i.test(url);
|
|
105
|
+
};
|
|
103
106
|
var Actions = function Actions(_ref3) {
|
|
104
107
|
var studentGradesUrl = _ref3.studentGradesUrl;
|
|
105
108
|
var _useState = useState(false),
|
|
@@ -122,7 +125,7 @@ var Actions = function Actions(_ref3) {
|
|
|
122
125
|
borderWidth: "none small none none",
|
|
123
126
|
width: "0px",
|
|
124
127
|
height: "1.4rem"
|
|
125
|
-
}), studentGradesUrl && /*#__PURE__*/React.createElement(Flex.Item, null, /*#__PURE__*/React.createElement(Link, {
|
|
128
|
+
}), studentGradesUrl && isSafeUrl(studentGradesUrl) && /*#__PURE__*/React.createElement(Flex.Item, null, /*#__PURE__*/React.createElement(Link, {
|
|
126
129
|
href: studentGradesUrl,
|
|
127
130
|
variant: "standalone"
|
|
128
131
|
}, /*#__PURE__*/React.createElement(Text, {
|
|
@@ -1,16 +1,138 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { describe, expect, it } from '@jest/globals';
|
|
2
2
|
import { sanitizeHtml } from "../sanitize.js";
|
|
3
|
-
describe('
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
3
|
+
describe('sanitizeHtml', function () {
|
|
4
|
+
describe('equation images (Canvas-specific)', function () {
|
|
5
|
+
it('rewrites /equation_images src to absolute canvas URL', function () {
|
|
6
|
+
var equationImage = 'Some text with an <img src="/equation_images/image" />';
|
|
7
|
+
expect(sanitizeHtml(equationImage)).toContain('canvas.instructure.com/equation_images/image');
|
|
8
|
+
});
|
|
9
|
+
it('adds vertical-align style to equation images', function () {
|
|
10
|
+
var equationImage = '<img src="/equation_images/abc" />';
|
|
11
|
+
expect(sanitizeHtml(equationImage)).toContain('vertical-align: middle');
|
|
12
|
+
});
|
|
13
|
+
it('leaves non-equation image src untouched', function () {
|
|
14
|
+
var otherImage = '<img src="/another_image">';
|
|
15
|
+
var out = sanitizeHtml(otherImage);
|
|
16
|
+
expect(out).toContain('src="/another_image"');
|
|
17
|
+
expect(out).not.toContain('canvas.instructure.com');
|
|
18
|
+
});
|
|
7
19
|
});
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
20
|
+
describe('null / empty input handling', function () {
|
|
21
|
+
it('returns empty string for null', function () {
|
|
22
|
+
expect(sanitizeHtml(null)).toBe('');
|
|
23
|
+
});
|
|
24
|
+
it('returns empty string for undefined', function () {
|
|
25
|
+
expect(sanitizeHtml(void 0)).toBe('');
|
|
26
|
+
});
|
|
27
|
+
it('returns empty string for empty string', function () {
|
|
28
|
+
expect(sanitizeHtml('')).toBe('');
|
|
29
|
+
});
|
|
11
30
|
});
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
31
|
+
describe('XSS - script execution vectors', function () {
|
|
32
|
+
it('strips <script> tags', function () {
|
|
33
|
+
var xss = 'Hello<script>alert(1)</script>World';
|
|
34
|
+
var out = sanitizeHtml(xss);
|
|
35
|
+
expect(out).not.toContain('<script');
|
|
36
|
+
expect(out).not.toContain('alert(1)');
|
|
37
|
+
});
|
|
38
|
+
it('strips inline event handlers (onerror)', function () {
|
|
39
|
+
var xss = '<img src="x" onerror="alert(1)">';
|
|
40
|
+
var out = sanitizeHtml(xss);
|
|
41
|
+
expect(out).not.toMatch(/onerror/i);
|
|
42
|
+
expect(out).not.toContain('alert(1)');
|
|
43
|
+
});
|
|
44
|
+
it('strips inline event handlers (onclick)', function () {
|
|
45
|
+
var xss = '<a href="#" onclick="alert(1)">click</a>';
|
|
46
|
+
var out = sanitizeHtml(xss);
|
|
47
|
+
expect(out).not.toMatch(/onclick/i);
|
|
48
|
+
});
|
|
49
|
+
it('strips inline event handlers (onload on svg)', function () {
|
|
50
|
+
var xss = '<svg onload="alert(1)"></svg>';
|
|
51
|
+
var out = sanitizeHtml(xss);
|
|
52
|
+
expect(out).not.toMatch(/onload/i);
|
|
53
|
+
expect(out).not.toContain('alert(1)');
|
|
54
|
+
});
|
|
55
|
+
it('strips javascript: URLs in href', function () {
|
|
56
|
+
// eslint-disable-next-line no-script-url
|
|
57
|
+
var xss = '<a href="javascript:alert(1)">x</a>';
|
|
58
|
+
var out = sanitizeHtml(xss);
|
|
59
|
+
expect(out).not.toMatch(/javascript:/i);
|
|
60
|
+
});
|
|
61
|
+
it('strips javascript: URLs in img src', function () {
|
|
62
|
+
// eslint-disable-next-line no-script-url
|
|
63
|
+
var xss = '<img src="javascript:alert(1)">';
|
|
64
|
+
var out = sanitizeHtml(xss);
|
|
65
|
+
expect(out).not.toMatch(/javascript:/i);
|
|
66
|
+
});
|
|
67
|
+
it('strips data: URLs that contain HTML/JS in iframe src', function () {
|
|
68
|
+
var xss = '<iframe src="data:text/html,<script>alert(1)</script>"></iframe>';
|
|
69
|
+
var out = sanitizeHtml(xss);
|
|
70
|
+
expect(out).not.toContain('alert(1)');
|
|
71
|
+
});
|
|
72
|
+
it('strips <object> tags', function () {
|
|
73
|
+
var xss = '<object data="evil.swf"></object>';
|
|
74
|
+
expect(sanitizeHtml(xss)).not.toContain('<object');
|
|
75
|
+
});
|
|
76
|
+
it('strips <embed> tags', function () {
|
|
77
|
+
var xss = '<embed src="evil.swf">';
|
|
78
|
+
expect(sanitizeHtml(xss)).not.toContain('<embed');
|
|
79
|
+
});
|
|
80
|
+
it('strips <form> tags (CSRF / phishing surface)', function () {
|
|
81
|
+
var xss = '<form action="https://evil.com"><input name=x></form>';
|
|
82
|
+
expect(sanitizeHtml(xss)).not.toContain('<form');
|
|
83
|
+
});
|
|
84
|
+
it('strips style tags (CSS-based exfil / clickjacking)', function () {
|
|
85
|
+
var xss = '<style>body{background:url(//evil.com/?c=)}</style>';
|
|
86
|
+
expect(sanitizeHtml(xss)).not.toContain('<style');
|
|
87
|
+
});
|
|
88
|
+
it('strips <meta http-equiv refresh> redirects', function () {
|
|
89
|
+
var xss = '<meta http-equiv="refresh" content="0;url=https://evil.com">';
|
|
90
|
+
expect(sanitizeHtml(xss)).not.toContain('<meta');
|
|
91
|
+
});
|
|
92
|
+
it('strips <base> tag (can rewrite all relative URLs)', function () {
|
|
93
|
+
var xss = '<base href="https://evil.com/">';
|
|
94
|
+
expect(sanitizeHtml(xss)).not.toContain('<base');
|
|
95
|
+
});
|
|
96
|
+
it('strips encoded onerror payloads', function () {
|
|
97
|
+
var xss = '<img src=x onerror=alert(1)>';
|
|
98
|
+
var out = sanitizeHtml(xss);
|
|
99
|
+
expect(out).not.toMatch(/onerror/i);
|
|
100
|
+
});
|
|
101
|
+
it('strips mixed-case obfuscated script tags', function () {
|
|
102
|
+
var xss = '<ScRiPt>alert(1)</sCrIpT>';
|
|
103
|
+
var out = sanitizeHtml(xss);
|
|
104
|
+
expect(out).not.toMatch(/<script/i);
|
|
105
|
+
expect(out).not.toContain('alert(1)');
|
|
106
|
+
});
|
|
107
|
+
});
|
|
108
|
+
describe('benign HTML (should be preserved)', function () {
|
|
109
|
+
it('preserves basic formatting tags', function () {
|
|
110
|
+
var html = '<p>Hello <strong>world</strong> <em>!</em></p>';
|
|
111
|
+
expect(sanitizeHtml(html)).toBe(html);
|
|
112
|
+
});
|
|
113
|
+
it('preserves links with safe http(s) hrefs', function () {
|
|
114
|
+
var html = '<a href="https://example.com">link</a>';
|
|
115
|
+
expect(sanitizeHtml(html)).toContain('href="https://example.com"');
|
|
116
|
+
});
|
|
117
|
+
it('preserves lists', function () {
|
|
118
|
+
var html = '<ul><li>a</li><li>b</li></ul>';
|
|
119
|
+
expect(sanitizeHtml(html)).toBe(html);
|
|
120
|
+
});
|
|
121
|
+
it('preserves Canvas RCE iframes (Studio / media embeds)', function () {
|
|
122
|
+
var html = '<iframe src="https://canvas.instructure.com/media_objects_iframe/123" ' + 'allowfullscreen="" allow="fullscreen" frameborder="0" ' + 'data-media-id="123" data-media-type="video"></iframe>';
|
|
123
|
+
var out = sanitizeHtml(html);
|
|
124
|
+
expect(out).toContain('<iframe');
|
|
125
|
+
expect(out).toContain('data-media-id="123"');
|
|
126
|
+
expect(out).toContain('data-media-type="video"');
|
|
127
|
+
expect(out).toContain('allowfullscreen');
|
|
128
|
+
});
|
|
129
|
+
});
|
|
130
|
+
describe('link hardening', function () {
|
|
131
|
+
it('adds rel="noopener noreferrer" to target=_blank links', function () {
|
|
132
|
+
var html = '<a href="https://example.com" target="_blank">x</a>';
|
|
133
|
+
var out = sanitizeHtml(html);
|
|
134
|
+
expect(out).toMatch(/rel=["'][^"']*noopener[^"']*["']/);
|
|
135
|
+
expect(out).toMatch(/rel=["'][^"']*noreferrer[^"']*["']/);
|
|
136
|
+
});
|
|
15
137
|
});
|
|
16
138
|
});
|
package/es/lib/sanitize.js
CHANGED
|
@@ -1,29 +1,25 @@
|
|
|
1
|
-
import
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
1
|
+
import DOMPurify from 'dompurify';
|
|
2
|
+
var CONFIG = {
|
|
3
|
+
ADD_TAGS: ['iframe'],
|
|
4
|
+
ADD_ATTR: ['allowfullscreen', 'allow', 'frameborder', 'sandbox', 'target', 'data-media-id', 'data-media-type'],
|
|
5
|
+
FORBID_TAGS: ['form', 'input', 'button', 'textarea', 'select', 'option']
|
|
6
|
+
};
|
|
7
|
+
|
|
8
|
+
// Rewrite Canvas equation-image relative URLs to absolute,
|
|
9
|
+
// preserving the previous behavior of this module.
|
|
10
|
+
DOMPurify.addHook('afterSanitizeAttributes', function (node) {
|
|
11
|
+
if (node.tagName === 'IMG') {
|
|
12
|
+
var src = node.getAttribute('src') || '';
|
|
13
|
+
if (src.indexOf('/equation_images') === 0) {
|
|
14
|
+
node.setAttribute('src', "https://canvas.instructure.com".concat(src));
|
|
15
|
+
node.setAttribute('style', 'vertical-align: middle');
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
// Harden links opened in a new tab against tab-nabbing.
|
|
19
|
+
if (node.tagName === 'A' && node.getAttribute('target') === '_blank') {
|
|
20
|
+
node.setAttribute('rel', 'noopener noreferrer');
|
|
15
21
|
}
|
|
16
|
-
|
|
17
|
-
tagName: tagName,
|
|
18
|
-
attribs: attribs
|
|
19
|
-
};
|
|
20
|
-
}
|
|
22
|
+
});
|
|
21
23
|
export function sanitizeHtml(html) {
|
|
22
|
-
return
|
|
23
|
-
allowedTags: false,
|
|
24
|
-
allowedAttributes: false,
|
|
25
|
-
transformTags: {
|
|
26
|
-
img: transformImage
|
|
27
|
-
}
|
|
28
|
-
});
|
|
24
|
+
return DOMPurify.sanitize(html == null ? '' : html, CONFIG);
|
|
29
25
|
}
|
package/es/translated/ar/components/Gradebook/popovers/StudentPopover/__tests__/index.test.js
CHANGED
|
@@ -254,80 +254,156 @@ describe('StudentPopover', function () {
|
|
|
254
254
|
}, _callee0);
|
|
255
255
|
})));
|
|
256
256
|
});
|
|
257
|
-
describe('
|
|
258
|
-
it('
|
|
259
|
-
var _t6;
|
|
257
|
+
describe('Security', function () {
|
|
258
|
+
it('does not render the mastery report link for a javascript: URI', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee1() {
|
|
260
259
|
return _regenerator().w(function (_context1) {
|
|
261
260
|
while (1) switch (_context1.n) {
|
|
262
261
|
case 0:
|
|
263
262
|
renderComponent({
|
|
264
|
-
|
|
263
|
+
studentGradesUrl: 'javascript:alert(document.cookie)'
|
|
265
264
|
});
|
|
266
265
|
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
267
|
-
_t6 = expect;
|
|
268
266
|
_context1.n = 1;
|
|
269
|
-
return screen.
|
|
267
|
+
return screen.findByText('Message');
|
|
270
268
|
case 1:
|
|
271
|
-
|
|
269
|
+
expect(screen.queryByText('View Mastery Report')).not.toBeInTheDocument();
|
|
272
270
|
case 2:
|
|
273
271
|
return _context1.a(2);
|
|
274
272
|
}
|
|
275
273
|
}, _callee1);
|
|
276
274
|
})));
|
|
277
|
-
it('does not
|
|
275
|
+
it('does not render the mastery report link for a data: URI', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee10() {
|
|
278
276
|
return _regenerator().w(function (_context10) {
|
|
279
277
|
while (1) switch (_context10.n) {
|
|
280
278
|
case 0:
|
|
281
279
|
renderComponent({
|
|
282
|
-
|
|
280
|
+
studentGradesUrl: 'data:text/html,<script>alert(1)</script>'
|
|
283
281
|
});
|
|
284
282
|
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
285
283
|
_context10.n = 1;
|
|
286
|
-
return screen.
|
|
284
|
+
return screen.findByText('Message');
|
|
287
285
|
case 1:
|
|
288
|
-
expect(screen.
|
|
286
|
+
expect(screen.queryByText('View Mastery Report')).not.toBeInTheDocument();
|
|
289
287
|
case 2:
|
|
290
288
|
return _context10.a(2);
|
|
291
289
|
}
|
|
292
290
|
}, _callee10);
|
|
293
291
|
})));
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
it('shows an error message when error prop is provided', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee11() {
|
|
297
|
-
var _t7;
|
|
292
|
+
it('renders the mastery report link for a safe https URL', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee11() {
|
|
293
|
+
var safeUrl, masteryLink;
|
|
298
294
|
return _regenerator().w(function (_context11) {
|
|
299
295
|
while (1) switch (_context11.n) {
|
|
300
296
|
case 0:
|
|
297
|
+
safeUrl = 'https://canvas.instructure.com/courses/123/grades/1';
|
|
301
298
|
renderComponent({
|
|
302
|
-
|
|
299
|
+
studentGradesUrl: safeUrl
|
|
303
300
|
});
|
|
304
301
|
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
305
|
-
_t7 = expect;
|
|
306
302
|
_context11.n = 1;
|
|
307
|
-
return screen.findByText('
|
|
303
|
+
return screen.findByText('View Mastery Report');
|
|
308
304
|
case 1:
|
|
309
|
-
|
|
305
|
+
masteryLink = _context11.v;
|
|
306
|
+
expect(masteryLink.closest('a')).toHaveAttribute('href', safeUrl);
|
|
310
307
|
case 2:
|
|
311
308
|
return _context11.a(2);
|
|
312
309
|
}
|
|
313
310
|
}, _callee11);
|
|
314
311
|
})));
|
|
315
|
-
it('
|
|
312
|
+
it('renders the mastery report link for a safe http URL', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee12() {
|
|
313
|
+
var safeUrl, masteryLink;
|
|
316
314
|
return _regenerator().w(function (_context12) {
|
|
317
315
|
while (1) switch (_context12.n) {
|
|
318
316
|
case 0:
|
|
317
|
+
safeUrl = 'http://canvas.instructure.com/courses/123/grades/1';
|
|
319
318
|
renderComponent({
|
|
320
|
-
|
|
319
|
+
studentGradesUrl: safeUrl
|
|
321
320
|
});
|
|
322
321
|
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
323
322
|
_context12.n = 1;
|
|
324
|
-
return screen.findByText('
|
|
323
|
+
return screen.findByText('View Mastery Report');
|
|
325
324
|
case 1:
|
|
326
|
-
|
|
325
|
+
masteryLink = _context12.v;
|
|
326
|
+
expect(masteryLink.closest('a')).toHaveAttribute('href', safeUrl);
|
|
327
327
|
case 2:
|
|
328
328
|
return _context12.a(2);
|
|
329
329
|
}
|
|
330
330
|
}, _callee12);
|
|
331
331
|
})));
|
|
332
332
|
});
|
|
333
|
+
describe('Loading State', function () {
|
|
334
|
+
it('shows a spinner when isLoading is true', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee13() {
|
|
335
|
+
var _t6;
|
|
336
|
+
return _regenerator().w(function (_context13) {
|
|
337
|
+
while (1) switch (_context13.n) {
|
|
338
|
+
case 0:
|
|
339
|
+
renderComponent({
|
|
340
|
+
isLoading: true
|
|
341
|
+
});
|
|
342
|
+
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
343
|
+
_t6 = expect;
|
|
344
|
+
_context13.n = 1;
|
|
345
|
+
return screen.findByTitle('Loading user details');
|
|
346
|
+
case 1:
|
|
347
|
+
_t6(_context13.v).toBeInTheDocument();
|
|
348
|
+
case 2:
|
|
349
|
+
return _context13.a(2);
|
|
350
|
+
}
|
|
351
|
+
}, _callee13);
|
|
352
|
+
})));
|
|
353
|
+
it('does not show student details when isLoading is true', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee14() {
|
|
354
|
+
return _regenerator().w(function (_context14) {
|
|
355
|
+
while (1) switch (_context14.n) {
|
|
356
|
+
case 0:
|
|
357
|
+
renderComponent({
|
|
358
|
+
isLoading: true
|
|
359
|
+
});
|
|
360
|
+
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
361
|
+
_context14.n = 1;
|
|
362
|
+
return screen.findByTitle('Loading user details');
|
|
363
|
+
case 1:
|
|
364
|
+
expect(screen.queryByTestId('lmgb-student-popover-avatar')).not.toBeInTheDocument();
|
|
365
|
+
case 2:
|
|
366
|
+
return _context14.a(2);
|
|
367
|
+
}
|
|
368
|
+
}, _callee14);
|
|
369
|
+
})));
|
|
370
|
+
});
|
|
371
|
+
describe('Error State', function () {
|
|
372
|
+
it('shows an error message when error prop is provided', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee15() {
|
|
373
|
+
var _t7;
|
|
374
|
+
return _regenerator().w(function (_context15) {
|
|
375
|
+
while (1) switch (_context15.n) {
|
|
376
|
+
case 0:
|
|
377
|
+
renderComponent({
|
|
378
|
+
error: 'Failed to load student details'
|
|
379
|
+
});
|
|
380
|
+
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
381
|
+
_t7 = expect;
|
|
382
|
+
_context15.n = 1;
|
|
383
|
+
return screen.findByText('Failed to load student details');
|
|
384
|
+
case 1:
|
|
385
|
+
_t7(_context15.v).toBeInTheDocument();
|
|
386
|
+
case 2:
|
|
387
|
+
return _context15.a(2);
|
|
388
|
+
}
|
|
389
|
+
}, _callee15);
|
|
390
|
+
})));
|
|
391
|
+
it('does not show student details when error is present', /*#__PURE__*/_asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee16() {
|
|
392
|
+
return _regenerator().w(function (_context16) {
|
|
393
|
+
while (1) switch (_context16.n) {
|
|
394
|
+
case 0:
|
|
395
|
+
renderComponent({
|
|
396
|
+
error: 'Something went wrong'
|
|
397
|
+
});
|
|
398
|
+
fireEvent.click(screen.getByTestId('student-cell-link'));
|
|
399
|
+
_context16.n = 1;
|
|
400
|
+
return screen.findByText('Something went wrong');
|
|
401
|
+
case 1:
|
|
402
|
+
expect(screen.queryByTestId('lmgb-student-popover-avatar')).not.toBeInTheDocument();
|
|
403
|
+
case 2:
|
|
404
|
+
return _context16.a(2);
|
|
405
|
+
}
|
|
406
|
+
}, _callee16);
|
|
407
|
+
})));
|
|
408
|
+
});
|
|
333
409
|
});
|
|
@@ -99,6 +99,9 @@ var MasteryScores = function MasteryScores(_ref2) {
|
|
|
99
99
|
}, bucket.count)));
|
|
100
100
|
}))));
|
|
101
101
|
};
|
|
102
|
+
var isSafeUrl = function isSafeUrl(url) {
|
|
103
|
+
return /^(https?:\/\/|\/)/i.test(url);
|
|
104
|
+
};
|
|
102
105
|
var Actions = function Actions(_ref3) {
|
|
103
106
|
var studentGradesUrl = _ref3.studentGradesUrl;
|
|
104
107
|
var _useState = useState(false),
|
|
@@ -121,7 +124,7 @@ var Actions = function Actions(_ref3) {
|
|
|
121
124
|
borderWidth: "none small none none",
|
|
122
125
|
width: "0px",
|
|
123
126
|
height: "1.4rem"
|
|
124
|
-
}), studentGradesUrl && /*#__PURE__*/React.createElement(Flex.Item, null, /*#__PURE__*/React.createElement(Link, {
|
|
127
|
+
}), studentGradesUrl && isSafeUrl(studentGradesUrl) && /*#__PURE__*/React.createElement(Flex.Item, null, /*#__PURE__*/React.createElement(Link, {
|
|
125
128
|
href: studentGradesUrl,
|
|
126
129
|
variant: "standalone"
|
|
127
130
|
}, /*#__PURE__*/React.createElement(Text, {
|