Merge pull request #197 from bjc-edc/xss-fix

Fix Parsing of Course Parameters, middle-school redirect
beautyjoy · Apr 4, 2024 · 7cc661f · 7cc661f
2 parents 4fd4fa2 + bcd341b
commit 7cc661f
Show file tree

Hide file tree

Showing 8 changed files with 28 additions and 19 deletions.
diff --git a/llab/script/curriculum.js b/llab/script/curriculum.js
@@ -343,7 +343,7 @@ llab.setupTitle = function() {
   // Create the header section and nav buttons
   llab.createTitleNav();
 
-  var titleText = llab.getQueryParameter("title");
+  let titleText = llab.getQueryParameter("title");
   if (titleText !== '') {
     document.title = titleText;
   }

diff --git a/llab/script/library.js b/llab/script/library.js
@@ -397,7 +397,15 @@ llab.merge = function(objA, objB) {
 };
 
 llab.getURLParameters = function() {
-    return llab.QS.parse(location.search);
+    let stripHTML = (content) => $('<div/>').text(content).html();
+    if (!llab.safeURLParams) {
+        llab.safeURLParams = {};
+        const searchParams = new URLSearchParams(location.search);
+        for (const [param, value] of searchParams) {
+            llab.safeURLParams[param] = stripHTML(value);
+          }
+    }
+    return llab.safeURLParams;
 };
 
 llab.getAttributesForElement = function(elm) {

diff --git a/sparks/student-pages/U2/L2/07-planning-animation.html b/sparks/student-pages/U2/L2/07-planning-animation.html
@@ -17,7 +17,7 @@ <h2>Planning Your Animation</h2>
 						<li>
 							<div class="sidenoteBig">
 								You can create animation by changing costumes. <em>This sprite isn't moving</em>; it just has four costumes and is changing between them using this script:<br />
-								<img class="indent" src="/bjc-r/middle-school/img/U2/lab02/avery-walking-script.png" alt="forever {
+								<img class="indent" src="/bjc-r/sparks/img/U2/lab02/avery-walking-script.png" alt="forever {
 	next costume
 	wait (0.1) secs
 }" title="forever {
@@ -26,7 +26,7 @@ <h2>Planning Your Animation</h2>
 }" />
 							</div>
 							Will the sprite(s) ever change costumes?<br />
-							<img class="indent" data-gifffer="/bjc-r/middle-school/img/U2/lab02/avery-walking-animation.gif" alt="animation of a cartoon character walking that has been created by changing between four different costumes" title="animation of a cartoon character walking that has been created by changing between four different costumes" />
+							<img class="indent" data-gifffer="/bjc-r/sparks/img/U2/lab02/avery-walking-animation.gif" alt="animation of a cartoon character walking that has been created by changing between four different costumes" title="animation of a cartoon character walking that has been created by changing between four different costumes" />
 							<div class="endnote">There is a gray "play" button in the middle of the image above and also a few images below. If you click an image with a play button once, an animation will play. If you click it again, the animation will stop.</div>
 
 						</li>
@@ -36,7 +36,7 @@ <h2>Planning Your Animation</h2>
 						</li>
 						<li>
 							Will the sprite(s) say or think anything?<br />
-							<img class="indent" data-gifffer="/bjc-r/middle-school/img/U2/lab02/dee-talking-animation.gif" alt="animation of a cartoon character with a thought bubble thinking, 'Hmmm... we are out of bread,' and then with a speech bubble saying 'Hey, do you need anything from the store?'" title="animation of a cartoon character with a thought bubble thinking, 'Hmmm... we are out of bread,' and then with a speech bubble saying 'Hey, do you need anything from the store?'" />
+							<img class="indent" data-gifffer="/bjc-r/sparks/img/U2/lab02/dee-talking-animation.gif" alt="animation of a cartoon character with a thought bubble thinking, 'Hmmm... we are out of bread,' and then with a speech bubble saying 'Hey, do you need anything from the store?'" title="animation of a cartoon character with a thought bubble thinking, 'Hmmm... we are out of bread,' and then with a speech bubble saying 'Hey, do you need anything from the store?'" />
 						</li>
 						<li>
 							Will there be any special effects (such as fading out or changing color)?

diff --git a/sparks/student-pages/U3/L2/03-adding-interactivity.html b/sparks/student-pages/U3/L2/03-adding-interactivity.html
@@ -24,7 +24,7 @@ <h3>Collect Materials</h3>
 
 		<p>To make your pet interactive, you will need to use at least two different <strong>inputs</strong> that cause at least two different <strong>outputs</strong>. Consider the following inputs and decide which one to use to enhance your pet’s personality or story.</p>
         <ul>
-            <li><code>light level</code> (like from <a href="../../../../middle-school/student-pages/U3/L2/bjc-r/sparks/student-pages/U3/L2/01-designing-pet.html">Lab 1</a>)</li>
+            <li><code>light level</code> (like from <a href="../../../../sparks/student-pages/U3/L2/bjc-r/sparks/student-pages/U3/L2/01-designing-pet.html">Lab 1</a>)</li>
             <li><code>button A</code> or <code>button B</code></li>
             <li><code>tilt x</code> or <code>tilt y</code> or <code>tilt z</code></li>
         </ul>

diff --git a/sparks/student-pages/U3/L4/01-make-it-move.html b/sparks/student-pages/U3/L4/01-make-it-move.html
@@ -21,7 +21,7 @@ <h3>Collect Materials</h3>
 						<li>Crazy Circuits Bit Board</li>
 						<li>Servo motor</li>
 						<li>Craft supplies (see <a href="/bjc-r/sparks/student-pages/U3/L2/02-building-your-pet.html?topic=sparks%2F3-hardware.topic&course=middle-school.html" title="Lab 2 Activity 2: Building Your Pet">Lab 2 Activity 2: Building Your Pet)</a></li>
-						<!-- <div class="endnote">For a list of craft supplies you may find helpful, see <a href="/bjc-r/middle-school/student-pages/U3/L2/02-building-your-pet.html?topic=sparks%2F3-hardware.topic&course=middle-school.html" title="Lab 2 Activity 2: Building Your Pet">Lab 2 Activity 2: Building Your Pet</a>.</div> -->
+						<!-- <div class="endnote">For a list of craft supplies you may find helpful, see <a href="/bjc-r/sparks/student-pages/U3/L2/02-building-your-pet.html?topic=sparks%2F3-hardware.topic&course=middle-school.html" title="Lab 2 Activity 2: Building Your Pet">Lab 2 Activity 2: Building Your Pet</a>.</div> -->
 					</ul>
 				</li>
 			</ol>

diff --git a/sparks/teaching-guide/U2/02-graphics-animation.html b/sparks/teaching-guide/U2/02-graphics-animation.html
@@ -11,7 +11,7 @@ <h2>Lab 2: Graphics and Animation</h2>
 		<div class="todo">I moved the "Learning Goals" section before "Prepare" so that teachers know what they are preparing for. Need to go back and do this to prior labs. --MF, 10/23/23</div>
 
 		<p>After experimenting with song writing as an introduction to sequencing and looping commands, students explore the graphical aspects of  Snap<em>!</em> programing, including sprite movement and costumes as well as events such as clicking a sprite or a specific area on the  Snap<em>!</em>. stage. One goal is for students to create a fun and/or useful object of their own design such as an animated greeting card to share with others or an interactive poster for a presentation topic in another class. Another goal is for students to consider the user experience and solicit feedback before and after coding the project.</p>
-		
+
 		<div class="endnote">
 			<p>In response to teacher requests for shorter lab pages and more opportunities for differentiation, Unit 2 Lab 2 offers a greater number of shorter lab pages, some of which are entirely optional. To further shorten the appearance of the student-facing pages (both to present more manageable-looking content and to facilitate navigation), more of the text has been hidden behind links that open additional information available on the page.</p>
 			<p>As the teacher, you may choose which of these optional pages to include (suggestions on how to decide below) based on your teaching context. Please provide us with your feedback on this new model as we consider whether to design/redesign other BJC Sparks labs with these formatting changes.</p>
@@ -88,7 +88,7 @@ <h3>Activity 1: Sprite Costumes and Stage Backgrounds.<a name="A1" class="anchor
 				</li>-->
 			</ul>
 		</div>
-	
+
 		<a class="back-to-top" href="#top">&uarr; Back to Top</a>
 		<h3>Activity 2: Planning Your Interactive Project<a name="A2" class="anchor">&nbsp;</a></h3>
 		<div>
@@ -382,7 +382,7 @@ <h3>Activity 8: Creating an Animation<a name="A8" class="anchor">&nbsp;</a></h3>
 		<div>
 			<ul>
 				<li><strong>Materials:</strong> <a href="/bjc-r/sparks/student-pages/U2/L2/08-creating-animation.html?topic=sparks%2F2-sequencing-iteration.topic&course=middle-school.html" title="Activity 8: Creating an Animation" target="_blank">Creating an Animation</a> student page </li>
-				<img class="imageRight" data-gifffer="/bjc-r/middle-school/img/U2/lab02/avery-walking-animation.gif" alt="animation of a cartoon character walking that has been created by changing between four different costumes" title="animation of a cartoon character walking that has been created by changing between four different costumes" />
+				<img class="imageRight" data-gifffer="/bjc-r/sparks/img/U2/lab02/avery-walking-animation.gif" alt="animation of a cartoon character walking that has been created by changing between four different costumes" title="animation of a cartoon character walking that has been created by changing between four different costumes" />
 				<li>
 					<strong>Learning Goals:</strong>
 					<ul>
@@ -416,7 +416,7 @@ <h3>Activity 8: Creating an Animation<a name="A8" class="anchor">&nbsp;</a></h3>
 				</li>-->
 			</ul>
 		</div>
-		
+
 		<a class="back-to-top" href="#top">&uarr; Back to Top</a>
 		<h3>Activity 9: Responding to Events<a name="A9" class="anchor">&nbsp;</a></h3>
 		<div>
@@ -461,7 +461,7 @@ <h3>Activity 9: Responding to Events<a name="A9" class="anchor">&nbsp;</a></h3>
 				</li>-->
 			</ul>
 		</div>
-	
+
 		<a class="back-to-top" href="#top">&uarr; Back to Top</a>
 		<h3>Activity 10: Importing Code<a name="A10" class="anchor">&nbsp;</a></h3>
 		<div>
@@ -505,7 +505,7 @@ <h3>Activity 10: Importing Code<a name="A10" class="anchor">&nbsp;</a></h3>
 				</li>
 			</ul>
 		</div>
-		
+
 		<a class="back-to-top" href="#top">&uarr; Back to Top</a>
 		<h3>Activity 11: Adding Sounds<a name="A11" class="anchor">&nbsp;</a></h3>
 		<div>
@@ -549,7 +549,7 @@ <h3>Activity 11: Adding Sounds<a name="A11" class="anchor">&nbsp;</a></h3>
 				</li>
 			</ul>
 		</div>
-		
+
 		<a class="back-to-top" href="#top">&uarr; Back to Top</a>
 		<h3>Activity 12: Choosing Your Click Areas<a name="A12" class="anchor">&nbsp;</a></h3>
 		<div>
@@ -597,7 +597,7 @@ <h3>Activity 12: Choosing Your Click Areas<a name="A12" class="anchor">&nbsp;</a
 				</li>-->
 			</ul>
 		</div>
-		
+
 		<a class="back-to-top" href="#top">&uarr; Back to Top</a>
 		<h3>Activity 13: Setting Up Your Click Areas<a name="A13" class="anchor">&nbsp;</a></h3>
 		<div>
@@ -637,7 +637,7 @@ <h3>Activity 13: Setting Up Your Click Areas<a name="A13" class="anchor">&nbsp;<
 				</li>-->
 			</ul>
 		</div>
-		
+
 		<a class="back-to-top" href="#top">&uarr; Back to Top</a>
 		<h3>Activity 14: Broadcasting a Click Message<a name="A14" class="anchor">&nbsp;</a></h3>
 		<div>
@@ -681,7 +681,7 @@ <h3>Activity 14: Broadcasting a Click Message<a name="A14" class="anchor">&nbsp;
 				</li>-->
 			</ul>
 		</div>
-		
+
 		<a class="back-to-top" href="#top">&uarr; Back to Top</a>
 		<h3>Activity 15: Testing and Improving Your Interactive Project<a name="A15" class="anchor">&nbsp;</a></h3>
 		<div>
@@ -735,7 +735,7 @@ <h3>Activity 15: Testing and Improving Your Interactive Project<a name="A15" cla
 				</li>
 			</ul>
 		</div>
-		
+
 		<a class="back-to-top" href="#top">&uarr; Back to Top</a>
 		<h3>Correlation with CSTA Standards<a name="Standards" class="anchor">&nbsp;</a></h3>
 		<div class="Standards">

diff --git a/topic/middle-school b/topic/middle-school
@@ -0,0 +1 @@
+sparks
diff --git a/topic/sparks/3-teaching-guide.topic b/topic/sparks/3-teaching-guide.topic
@@ -13,7 +13,7 @@ h3: CSTA Standards:
 		raw-html:<li><strong>2-CS-01:</strong> Recommend improvements to the design of computing devices, based on an analysis of how users interact with the devices.</li>
 		raw-html:<li><strong>2-CS-02:</strong> Design projects that combine hardware and software components to collect and exchange data.</li>
 		raw-html:<li><strong>2-CS-03:</strong> Systematically identify and fix problems with computing devices and their components.</li>
-		raw-html:<div class="comment">2-AP-13 and 2-AP-13 are also covered in <a href="/bjc-r/topic/topic.html?topic=middle-school/1-teaching-guide.topic&course=middle-school-teacher.html&novideo&noassignment">U1</a>, and these are planned for <a href="/bjc-r/topic/topic.html?topic=middle-school/2-teaching-guide.topic&course=middle-school-teacher.html&novideo&noassignment">U2</a>: <ul><li>2-AP-10</li><li>2-AP-11</li><li>2-AP-12</li><li>2-AP-13</li><li>2-AP-14</li><li>2-AP-16</li><li>2-AP-17</li></ul></div>
+		raw-html:<div class="comment">2-AP-13 and 2-AP-13 are also covered in <a href="/bjc-r/topic/topic.html?topic=sparks/1-teaching-guide.topic&course=sparks-teacher.html&novideo&noassignment">U1</a>, and these are planned for <a href="/bjc-r/topic/topic.html?topic=sparks/2-teaching-guide.topic&course=sparks-teacher.html&novideo&noassignment">U2</a>: <ul><li>2-AP-10</li><li>2-AP-11</li><li>2-AP-12</li><li>2-AP-13</li><li>2-AP-14</li><li>2-AP-16</li><li>2-AP-17</li></ul></div>
 		raw-html:<li><strong>2-AP-10: </strong> Use flowcharts and/or pseudocode to address complex problems as algorithms.</li>
 		raw-html:<li><strong>2-AP-11:</strong> Create clearly named variables that represent different data types and perform operations on their values.</li>
 		raw-html:<li><strong>2-AP-12:</strong> Design and iteratively develop programs that combine control structures, including nested loops and compound conditionals.</li>