Re-examine xss-linter exceptions in some converted CoffeeScript code

Description

I've made a PR to drop CoffeeScript from edx-platform. As part of that work, I noticed that some of the CoffeeScript files were getting a blanket exception from xss-lint.

I kept excluding the converted files from the xss-linter, with manual line disables. I didn't want to balloon the complexity of the conversion, and I wasn't making any actual changes in xss-linter coverage.

But I'm filing this ticket for someone go back and re-examine these long-ignored files and fix what we can or continue to exclude what we don't want to.

You should be able to search for the files I did this for by looking for the string "TODO: Examine all of the xss-lint exceptions". At the time of writing, it is these four files:

common/lib/xmodule/xmodule/js/src/annotatable/display.js
lms/static/js/modules/tab.js
lms/static/js/mathjax_delay_renderer.js
lms/static/js/customwmd.js

(Those paths pulled from my landing-soon PR.)

Steps to Reproduce

None

Current Behavior

None

Expected Behavior

None

Reason for Variance

None

Release Notes

None

User Impact Summary

None

Assignee

Unassigned

Reporter

Michael Terry

Labels

Reach

None

Impact

None

Platform Area

None

Customer

None

Partner Manager

None

URL

None

Contributor Name

None

Groups with Read-Only Access

None

Actual Points

None

Category of Work

None

Platform Map Area (Levels 1 & 2)

None

Platform Map Area (Levels 3 & 4)

None

Priority

Unset
Configure