New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add UI Toolkit to the platform #11799
Conversation
PR Cover LetterThis adds the UI Toolkit to edx-platform, and then starts to convert the platform to use the new HtmlUtils class. I've primarily converted the Teams UI, along with the shared helper classes and Underscore templates that they depend upon. In addition, the static path for the Pattern Library has been made Note that this PR can't merge until Underscore.js has been upgraded by https://github.com/edx/edx-platform/pull/11631. SandboxTesting
ReviewersIf you've been tagged for review, please check your corresponding box once you've given the 👍.
FYI: @AlasdairSwan @dan-f @dsjen @bjacobel Post-review
|
5ce548c
to
1028dd1
Compare
Properly escape mixed content. text + html.
…t-shown render progress status while problem content rendering
The fork actually does include a commit that is not in the PyPI version. ECOM-3833
Reverted rfc6266 change
…gistration." This reverts commit 178f5a6.
Revert ECOM-2947.
Release Candidate rc/2016-03-16
580f4ec
to
8324a75
Compare
7c67d79
to
00d6963
Compare
f2278a3
to
b6da5c0
Compare
Merge release back to master.
This will leverage the nose attrib plugin to allow us to break tests apart on our build system to run in parallel on separate nodes.
'inProgress': '<i class="fa fa-spinner fa-pulse message-in-progress" aria-hidden="true"></i><span class="sr">' + gettext("In Progress") + '</span>', | ||
'success': '<i class="fa fa-check message-success" aria-hidden="true"></i><span class="sr">' + gettext("Success") + '</span>', | ||
'plus': '<i class="fa fa-plus placeholder" aria-hidden="true"></i><span class="sr">' + gettext("Placeholder")+ '</span>' | ||
'canEdit': HtmlUtils.HTML( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- interpolateHtml so the getText() is escaped.
- Rename
canEdit
tocanEditHtml
if possible, or move to a template.
Thanks for the thorough (and ongoing) review, @robrap and @cahrens. One theme that keeps coming up is why I used Reflecting on it more, we are saying that HTML fields will always allow raw strings to be passed, because the best practice says that templates will use a helper that will escape raw strings while passing HTML snippets through. Given this, I agree with you both that I should use The naming convention of I'll make a second pass through this PR once you guys complete your reviews. Thanks. |
@@ -183,13 +184,13 @@ | |||
|
|||
showUploadInProgressMessage: function () { | |||
this.$('.u-field-upload-button').css('opacity', 1); | |||
this.$('.upload-button-icon').html(this.iconProgress); | |||
this.$('.upload-button-icon').html(this.iconProgressHtml.toString()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Throwing out some ideas here:
this.$('.upload-button-icon').html(HtmlUtils.forJQuery(this.iconProgressHtml));
or
this.$('.upload-button-icon').html(HtmlUtils.for$(this.iconProgressHtml));
Again, these are just other alternative names for escape()
, but maybe you'll like them more and we can have something consistent for the linter. For example, this could still work with interpolateHtml() as such...
this.$('.upload-button-icon').html(HtmlUtils.for$(HtmlUtils.interpolateHtml(...)));
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another possibility is:
this.$('.upload-button-icon').html(HtmlUtils.$html(this.iconProgressHtml));
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this mean that the toString method does some sort of escaping? I'm confused.
@andy-armstrong I doubt we will ever be able to be strict about naming, because the linting rules would get too complex, but we should have best practices. It sounds like you are proposing we use the name titleHtml for a variable the could be either HTML or plain text. I think that's fair. Again, I'm not sure that we'll be able to be strict about it. |
Upgrade Underscore.js and Underscore.string.js
@andy-armstrong I'm done with my pass, but there are still some pretty fundamental things that I don't understand about when/how to escape HTML (that should be HTML). I think I will need some intervention on Monday. |
@andy-armstrong @cahrens @nedbat I put together a Confluence page because I wanted to collect my thoughts. We can discuss there as well, and adjust the page as necessary: |
dae215a
to
fd2421e
Compare
Closing in favor of a new PR against master. |
https://openedx.atlassian.net/browse/UITK-75