Merge branch 'master' into payload_size_limit

Author: yiwen101

package.json

@@ -47,6 +47,7 @@
     "array-move": "^4.0.0",
     "browserfs": "^1.4.3",
     "classnames": "^2.3.2",
+    "dompurify": "^3.1.6",
     "flexboxgrid": "^6.3.1",
     "flexboxgrid-helpers": "^1.1.3",
     "hastscript": "^9.0.0",
@@ -109,6 +110,7 @@
     "@testing-library/jest-dom": "^6.0.0",
     "@testing-library/react": "^14.0.0",
     "@testing-library/user-event": "^14.4.3",
+    "@types/dompurify": "^3.0.5",
     "@types/estree": "^1.0.5",
     "@types/gapi": "^0.0.44",
     "@types/gapi.auth2": "^0.0.57",

src/commons/Markdown.tsx

@@ -1,5 +1,6 @@
 import { Classes } from '@blueprintjs/core';
 import classNames from 'classnames';
+import DOMPurify from 'dompurify';
 import React from 'react';
 import { Converter } from 'showdown';
 
@@ -24,7 +25,12 @@ const Markdown: React.FC<Props> = props => {
   return (
     <div
       className={classNames(props.className ? props.className : 'md', Classes.RUNNING_TEXT)}
-      dangerouslySetInnerHTML={{ __html: converter.makeHtml(props.content) }}
+      dangerouslySetInnerHTML={{
+        __html: DOMPurify.sanitize(converter.makeHtml(props.content), {
+          USE_PROFILES: { html: true },
+          ADD_ATTR: ['target']
+        })
+      }}
     />
   );
 };

src/commons/__tests__/__snapshots__/Markdown.tsx.snap

@@ -6,10 +6,10 @@ exports[`Markdown page renders correctly 1`] = `
   dangerouslySetInnerHTML={
     Object {
       "__html": "<p>Welcome to the Source Academy playground!</p>
-<p>The book <a href=\\"https://sourceacademy.org/sicpjs/\\" rel=\\"noopener noreferrer\\" target=\\"_blank\\"><em>Structure and Interpretation of Computer Programs, JavaScript Edition</em></a>
-uses JavaScript sublanguages that we call <a href=\\"https://docs.sourceacademy.org/\\" rel=\\"noopener noreferrer\\" target=\\"_blank\\"><em>Source</em></a>. You have chosen the sublanguage <a href=\\"https://docs.sourceacademy.org/source_1/\\" rel=\\"noopener noreferrer\\" target=\\"_blank\\"><em>Source §1</em></a>.</p>
-<p>In the editor on the left, you can use the <a href=\\"https://github.com/ajaxorg/ace/wiki/Default-Keyboard-Shortcuts\\" rel=\\"noopener noreferrer\\" target=\\"_blank\\"><em>Ace keyboard shortcuts</em></a> 
-and also the <a href=\\"https://github.com/source-academy/frontend/wiki/Source-Academy-Keyboard-Shortcuts\\" rel=\\"noopener noreferrer\\" target=\\"_blank\\"><em>Source Academy keyboard shortcuts</em></a>.</p>",
+<p>The book <a target=\\"_blank\\" rel=\\"noopener noreferrer\\" href=\\"https://sourceacademy.org/sicpjs/\\"><em>Structure and Interpretation of Computer Programs, JavaScript Edition</em></a>
+uses JavaScript sublanguages that we call <a target=\\"_blank\\" rel=\\"noopener noreferrer\\" href=\\"https://docs.sourceacademy.org/\\"><em>Source</em></a>. You have chosen the sublanguage <a target=\\"_blank\\" rel=\\"noopener noreferrer\\" href=\\"https://docs.sourceacademy.org/source_1/\\"><em>Source §1</em></a>.</p>
+<p>In the editor on the left, you can use the <a target=\\"_blank\\" rel=\\"noopener noreferrer\\" href=\\"https://github.com/ajaxorg/ace/wiki/Default-Keyboard-Shortcuts\\"><em>Ace keyboard shortcuts</em></a> 
+and also the <a target=\\"_blank\\" rel=\\"noopener noreferrer\\" href=\\"https://github.com/source-academy/frontend/wiki/Source-Academy-Keyboard-Shortcuts\\"><em>Source Academy keyboard shortcuts</em></a>.</p>",
     }
   }
 />

src/commons/assessment/__tests__/Assessment.tsx

@@ -1,5 +1,6 @@
 import { Store } from '@reduxjs/toolkit';
-import { act, render, screen } from '@testing-library/react';
+import { render, screen } from '@testing-library/react';
+import { act } from 'react';
 import { Provider } from 'react-redux';
 import { createMemoryRouter, RouterProvider } from 'react-router';
 import { OverallState, Role } from 'src/commons/application/ApplicationTypes';

src/commons/assessmentWorkspace/__tests__/AssessmentWorkspace.tsx

@@ -1,4 +1,5 @@
-import { act, render, screen } from '@testing-library/react';
+import { render, screen } from '@testing-library/react';
+import { act } from 'react';
 import { Provider } from 'react-redux';
 import { createMemoryRouter, RouterProvider } from 'react-router';
 import { mockInitialStore } from 'src/commons/mocks/StoreMocks';

src/commons/gitHubOverlay/__tests__/FileExplorerDialog.tsx

@@ -1,5 +1,6 @@
 import { Octokit } from '@octokit/rest';
-import { act, fireEvent, render, screen, waitFor } from '@testing-library/react';
+import { fireEvent, render, screen, waitFor } from '@testing-library/react';
+import { act } from 'react';
 
 import * as GitHubUtils from '../../../features/github/GitHubUtils';
 import FileExplorerDialog from '../FileExplorerDialog';

src/commons/gitHubOverlay/__tests__/RepositoryDialog.tsx

@@ -1,4 +1,5 @@
-import { act, fireEvent, render, screen } from '@testing-library/react';
+import { fireEvent, render, screen } from '@testing-library/react';
+import { act } from 'react';
 
 import * as NotificationHelper from '../../utils/notifications/NotificationsHelper';
 import RepositoryDialog from '../RepositoryDialog';

src/commons/navigationBar/subcomponents/AcademyNavigationBar.tsx

@@ -91,7 +91,7 @@ const getStaffNavlinkInfo = ({
       to: `/courses/${courseId}/groundcontrol`,
       icon: IconNames.SATELLITE,
       text: 'Ground Control',
-      disabled: !isStaffOrAdmin,
+      disabled: !isAdmin,
       hiddenInBreakpoints: ['xs', 'sm']
     },
     {

src/commons/navigationBar/subcomponents/__tests__/AcademyNavigationBar.tsx

@@ -11,15 +11,8 @@ jest.mock('react-redux', () => ({
 const useSelectorMock = useTypedSelector as jest.Mock;
 
 const assessmentTypes = ['Missions', 'Quests', 'Paths', 'Contests', 'Others'];
-const staffRoutes = [
-  'grading',
-  'groundcontrol',
-  'sourcereel',
-  'gamesimulator',
-  'dashboard',
-  'teamformation'
-];
-const adminRoutes = ['adminpanel'];
+const staffRoutes = ['grading', 'sourcereel', 'gamesimulator', 'dashboard', 'teamformation'];
+const adminRoutes = ['groundcontrol', 'adminpanel'];
 const courseId = 0;
 const createCoursePath = (path: string) => `/courses/${courseId}/${path}`;
 

src/commons/navigationBar/subcomponents/__tests__/__snapshots__/AcademyNavigationBar.tsx.snap

@@ -419,7 +419,7 @@ exports[`MissionControl, GroundControl, Sourcereel, GameSimulator, Dashboard, Te
     align="right"
   >
     <DesktopNavLink
-      disabled={false}
+      disabled={true}
       hiddenInBreakpoints={
         Array [
           "xs",