Skip to content

E
edx-platform
Commit 3d6fb38d by Sanford Student
Options

making video template safe

parent f0d8d48a
Showing with 16 additions and 7 deletions
common/lib/xmodule/xmodule/video_module/video_module.py
...@@ -108,6 +108,8 @@ class VideoModule(VideoFields, VideoTranscriptsMixin, VideoStudentViewHandlers, ...@@ -108,6 +108,8 @@ class VideoModule(VideoFields, VideoTranscriptsMixin, VideoStudentViewHandlers,
# To make sure that js files are called in proper order we use numerical # To make sure that js files are called in proper order we use numerical
# index. We do that to avoid issues that occurs in tests. # index. We do that to avoid issues that occurs in tests.
module = __name__.replace('.video_module', '', 2) module = __name__.replace('.video_module', '', 2)
#TODO: For each of the following, ensure that any generated html is properly escaped.
js = { js = {
'js': [ 'js': [
resource_string(module, 'js/src/video/00_component.js'), resource_string(module, 'js/src/video/00_component.js'),
......
lms/templates/video.html
<%! from django.utils.translation import ugettext as _ %> <%page expression_filter="h"/>
<%!
from django.utils.translation import ugettext as _
from openedx.core.djangolib.js_utils import js_escaped_string
%>
% if display_name is not UNDEFINED and display_name is not None: % if display_name is not UNDEFINED and display_name is not None:
<h3 class="hd hd-2">${display_name}</h3> <h3 class="hd hd-2">${display_name}</h3>
% endif % endif
...@@ -89,27 +93,29 @@ ...@@ -89,27 +93,29 @@
</div> </div>
% if cdn_eval: % if cdn_eval:
<script> <script>
//TODO: refactor this js into a separate file.
function sendPerformanceBeacon(id, expgroup, value, event_name) { function sendPerformanceBeacon(id, expgroup, value, event_name) {
var data = {event: event_name, id: id, expgroup: expgroup, value: value, page: "html5vid"}; var data = {event: event_name, id: id, expgroup: expgroup, value: value, page: "html5vid"};
$.ajax({method: "POST", url: "/performance", data: data}); $.ajax({method: "POST", url: "/performance", data: data});
} }
var cdnStartTime; var cdnStartTime;
var salt = Math.floor((1 + Math.random()) * 0x100000).toString(36); var salt = Math.floor((1 + Math.random()) * 0x100000).toString(36);
var id = "${id | n, js_escaped_string}";
function initializeCDNExperiment() { function initializeCDNExperiment() {
sendPerformanceBeacon("${id}_" + salt, ${cdn_exp_group}, "", "load"); sendPerformanceBeacon(id + "_" + salt, ${cdn_exp_group}, "", "load");
cdnStartTime = Date.now(); cdnStartTime = Date.now();
$.each(['loadstart', 'abort', 'error', 'stalled', 'loadedmetadata', $.each(['loadstart', 'abort', 'error', 'stalled', 'loadedmetadata',
'loadeddata', 'canplay', 'canplaythrough', 'seeked'], 'loadeddata', 'canplay', 'canplaythrough', 'seeked'],
function(index, eventName) { function(index, eventName) {
$("#video_${id}").bind("html5:" + eventName, null, function() { $("#video_" + id).bind("html5:" + eventName, null, function() {
timeElapsed = Date.now() - cdnStartTime; timeElapsed = Date.now() - cdnStartTime;
sendPerformanceBeacon("${id}_" + salt, ${cdn_exp_group}, timeElapsed, eventName); sendPerformanceBeacon(id + "_" + salt, ${cdn_exp_group}, timeElapsed, eventName);
}); });
}); });
} }
$("#video_${id}").bind("initialize", null, initializeCDNExperiment); $("#video_" + id).bind("initialize", null, initializeCDNExperiment);
if ($("#video_${id}").hasClass("is-initialized")) { if ($("#video_" + id).hasClass("is-initialized")) {
initializeCDNExperiment(); initializeCDNExperiment();
} }
</script> </script>
% endif; % endif;
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment