Open edX Developer's Guide
1. General Information
1.1. Read Me
1.2. Other edX Resources
1.2.1. Resources for edx.org Learners
1.2.2. The edX Partner Portal
1.2.3. The Open edX Portal
1.2.4. System Status
1.2.5. Resources for edx.org Course Teams
1.2.6. Resources for Researchers
1.2.7. Resources for Developers
1.2.8. Resources for Open edX
1.3. edX Browser Support
2. Open edX Architecture
2.1. Overview
2.2. Key Components
2.2.1. Learning Management System (LMS)
2.2.2. Studio
2.2.3. Discussions
2.2.4. Mobile Apps
2.2.5. Analytics
2.2.6. Background Work
2.2.7. Search
2.2.8. Other Components
3. Contributing to Open edX
3.1. Process for Contributing Code
3.1.1. Overview
3.1.2. General Guidelines
3.1.3. Roles
3.2. Contributor
3.2.1. Once A PR is Open
3.2.2. Further Information
3.3. Pull Request Cover Letter
3.3.1. Example Of A Good PR Cover Letter
3.4. Community Manager
3.5. Product Owner
3.6. Core Committer
3.6.1. Review Comments Terminology
3.7. Code Considerations
3.7.1. Operational Impact
3.7.2. Documentation/Training/Support
3.7.3. Development
3.7.4. Testing
3.7.5. Analytics
3.7.6. Collaboration
3.7.7. Open Source
3.7.8. UX/Design/Front End Development
3.7.9. Contributing to the Documentation for Your Open Source Feature
4. Extending the edX Platform
4.1. Options for Extending the edX Platform
4.2. Integrating XBlocks with edx-platform
4.2.1. LMS
4.2.2. Studio
4.2.3. Deploying Your XBlock
4.2.4. Rendering XBlocks with the XBlock URL
4.3. Custom JavaScript Applications
4.3.1. Overview
4.3.2. Grading Options for Custom JavaScript Applications
4.3.3. Use a JavaScript Application Without Grading
4.3.4. Use a JavaScript Application for a Summative Assessment
4.3.5. Grade the Student Response with Python
4.3.6. XML for Custom JavaScript Applications
4.4. The Custom JavaScript Display and Grading Example Template
4.4.1. Example getState() Function
4.4.2. Example setState() Function
4.4.3. Example getGrade() function
4.4.4. Grade the Student Response
4.4.5. XML Problem Structure
5. Testing
5.1. Jenkins
5.1.1. Kicking Off Builds
5.1.2. Failed Builds
5.1.3. Successful Builds
5.2. Code Coverage
5.3. Code Quality
5.3.1. Clean Code
5.3.2. Safe Code
5.4. Testing Open edX Features
5.4.1. Tests for the Open edX Platform
6. Analytics
6.1. Event Tracking
6.1.1. Emitting Events
6.1.2. Documenting Events
6.1.3. Request Context Middleware
6.1.4. Legacy Application Event Processor
6.2. Other Tracking Systems
6.2.1. Segment
6.2.2. Google Analytics
6.2.3. Deprecated APIs
7. Deploy a New Service
7.1. Intro
7.2. Considerations
7.2.1. What Does Your Service Do
7.2.2. Sizing and Resource Profile
7.2.3. Customers
7.2.4. Code
7.2.5. Settings
7.2.6. License
7.2.7. How does your service run
7.2.8. Persistence
7.2.9. Logging
7.2.10. Metrics
7.2.11. Messaging
7.2.12. Email
7.2.13. Access to Other Service
7.2.14. Service Monitoring
7.2.15. Fault Tolerance and Scalability
7.2.16. Network Access
7.2.17. Data Security
7.2.18. Testing
7.2.19. Additional Requirements
8. Writing Good Code
8.1. edX Accessibility Guidelines
8.1.1. Introduction
8.1.2. Accessibility Best Practices
8.1.3. Use semantic markup
8.1.4. Make images accessible
8.1.5. Avoid using CSS to add content
8.1.6. Include a descriptive
title
attribute for all
<iframe>
elements
8.1.7. Include link and control labels that make sense out of context
8.1.8. Make sure form elements have labels
8.1.9. Use WAI-ARIA to create accessible widgets or enhance native elements
8.1.10. Manage the focus for pop-ups
8.1.11. Inform users when content changes dynamically
8.1.12. Hide or expose content to targeted audiences
8.1.13. Choose colors that meet WCAG 2.1’s minimum contrast ratios
8.1.14. Test your code for accessibility
8.2. Django Good Practices
8.2.1. Imports
9. Writing Code for Internationalization
9.1. Internationalization Coding Guidelines
9.1.1. General Internationalization Rules
9.1.2. Editing Source Files
9.1.3. Coverage Testing
9.1.4. Style Guidelines
9.1.5. Additional Resources
9.2. Guidelines for Translating the Open edX Platform
10. Preventing Cross Site Scripting Vulnerabilities
10.1. Preventing Cross Site Scripting Vulnerabilities
10.1.1. Philosophy and General Rules
10.1.2. Types of Context and Escaping
10.1.3. Editing Template Files
10.1.4. Making Legacy Mako Templates Safe by Default
10.1.5. XSS Linter
10.1.6. Advanced Topics
10.1.7. Additional Resources
10.2. Preventing XSS by Stripping HTML Tags
10.2.1. Overview
10.2.2. Mako filters for bleaching
10.2.3. Strip all HTML tags
10.2.4. Strip all but safe HTML tags
10.3. Preventing XSS in Django Templates
10.3.1. HTML-escaping Translations in Django Templates
10.4. Preventing XSS in React
10.4.1. i18n and Translations
11. Language Style Guidelines
11.1. EdX JavaScript Style Guide
11.1.1. JavaScript Version
11.1.2. Code Style
11.1.3. Testing
11.1.4. Documentation
11.2. EdX Objective-C Style Guide
11.2.1. Principles
11.2.2. Syntax and Organization
11.2.3. Writing Tests
11.3. EdX Python Style Guide
11.3.1. Principles
11.3.2. Syntax and Organization
11.3.3. Pylint Guidelines and Practices
11.3.4. Docstrings
11.3.5. References
11.4. EdX Sass Style Guide
11.4.1. Code Style
11.4.2. Use Variables
12. Glossary
12.1. A
12.2. C
12.3. D
12.4. E
12.5. F
12.6. G
12.7. H
12.8. I
12.9. K
12.10. L
12.11. M
12.12. N
12.13. O
12.14. P
12.15. Q
12.16. R
12.17. S
12.18. T
12.19. U
12.20. V
12.21. W
12.22. XYZ
Open edX Developer's Guide
Table of Contents
»
10.
Preventing Cross Site Scripting Vulnerabilities
Get Help
or
Give Doc Feedback
Edit on GitHub
10.
Preventing Cross Site Scripting Vulnerabilities
¶
10.1. Preventing Cross Site Scripting Vulnerabilities
10.1.1. Philosophy and General Rules
10.1.2. Types of Context and Escaping
10.1.3. Editing Template Files
10.1.4. Making Legacy Mako Templates Safe by Default
10.1.5. XSS Linter
10.1.6. Advanced Topics
10.1.7. Additional Resources
10.2. Preventing XSS by Stripping HTML Tags
10.2.1. Overview
10.2.2. Mako filters for bleaching
10.2.3. Strip all HTML tags
10.2.4. Strip all but safe HTML tags
10.3. Preventing XSS in Django Templates
10.3.1. HTML-escaping Translations in Django Templates
10.4. Preventing XSS in React
10.4.1. i18n and Translations