Skip to content

Reveal teacher content via core ?exe-teacher URL params, drop CSS/JS injection#58

Merged
erseco merged 3 commits into
mainfrom
fix/teacher-mode-url-param
Jun 26, 2026
Merged

Reveal teacher content via core ?exe-teacher URL params, drop CSS/JS injection#58
erseco merged 3 commits into
mainfrom
fix/teacher-mode-url-param

Conversation

@erseco

@erseco erseco commented Jun 18, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Do not merge until exelearning/exelearning#1972 is merged. This PR depends on the core ?exe-teacher=1 contract introduced there; merging earlier would break teacher-mode reveal in the embed.

Why this simplifies the plugin (and where it's heading). Teacher-mode visibility is now driven purely by the package's own ?exe-teacher=1 URL parameter, so the host plugin no longer injects CSS/JS into the embedded package to control it. Beyond removing that injection, this advances the longer-term goal of isolating embedded resource content from the host: because the host no longer reaches into the package DOM, the resource can later be sandboxed / served cross-origin without losing teacher-mode control.

Summary

eXeLearning core hides teacher-only content by default and exposes an in-page "teacher layer" selector to reveal it via the ?exe-teacher=1 URL parameter (see exelearning/exelearning#1972, fixes exelearning/exelearning#1772). This plugin now appends that parameter to the embed instead of injecting CSS/JS into the package.

Base branch: main.

Core URL-param contract

  • ?exe-teacher=1 makes the in-package teacher-layer selector available. It is shown but stays OFF until the viewer turns it on — the parameter never reveals content on its own.
  • No parameter: student view, teacher content hidden, no selector.

Changes

  • Shortcode (public/class-shortcodes.php): append ?exe-teacher=1 to the iframe src when teacher_mode or teacher_mode_visible is on; removed the toggler-hiding and activate-on-load inline <script>s from render_preview_script() (it now only wires the poster/fullscreen behavior).
  • Block (includes/class-elp-upload-block.php): append ?exe-teacher=1 in build_preview_url() when teacherModeVisible is on; removed teacher_mode_hide_script() and its call.
  • Homogenized the user-facing wording to "Show teacher layer selector" (block control + admin shortcode reference) with a consistent help string; updated docs/SHORTCODES.md and readme.txt. The teacher_mode attribute is kept for back-compat but no longer auto-reveals on load (it offers the selector; the viewer activates it).
  • i18n: translated the three changed strings in all 10 locale catalogs and rebuilt the .mo + the elp-upload.js .json, so make check-untranslated passes.

Notes

  • Presentation mode, not access control. The per-embed setting alone controls the selector — no role/capability gate; when on, the selector is offered to every viewer.
  • The shortcode attributes (teacher_mode, teacher_mode_visible) and the block attribute (teacherModeVisible) are unchanged; only the internal mechanism (URL param vs. CSS/JS injection) and the wording changed.
  • The catalog diff is intentionally minimal (only the three changed strings); the #: reference churn that wp i18n update-po would add is regenerated by CI and left out of the commit.

Testing

  • PHPUnit (wp-env): ShortcodesTest and ElpUploadBlockTest pass (29 tests); full suite green except one pre-existing, environment-dependent StaticEditorInstallerTest failure unrelated to this change.
  • phpcs --standard=.phpcs.xml.dist: clean on the changed PHP.
  • make check-untranslated: passes — after make-pot + update-po, all 10 .po report 0 untranslated.

@github-actions

github-actions Bot commented Jun 18, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Test in WordPress Playground

Test the plugin with the code from this branch:

Preview in WordPress Playground

ℹ️ The eXeLearning editor is fetched from the shared release and unpacked into the plugin when the playground boots, so the first load may take a few extra seconds. ELP upload, shortcode, Gutenberg block and preview work normally.

@erseco
fix(teacher-mode): reveal via core ?exe-teacher URL param, drop CSS/J…
f8be520 
…S injection

eXeLearning packages hide teacher-only content by default and expose an in-page
"teacher layer" selector through the ?exe-teacher=1 URL parameter (upstream
exelearning/exelearning#1972, fixes exelearning/exelearning#1772). The plugin now
appends that parameter to the embed instead of injecting CSS/JS into the package.

- Shortcode (public/class-shortcodes.php): append ?exe-teacher=1 when teacher_mode
  or teacher_mode_visible is on; drop the toggler-hiding and activate-on-load
  inline scripts from render_preview_script.
- Block (includes/class-elp-upload-block.php): append ?exe-teacher=1 in
  build_preview_url when teacherModeVisible is on; remove teacher_mode_hide_script.
- Relabel the block control to "Show teacher layer selector" with homogeneous
  help; refresh the admin shortcode reference, SHORTCODES.md and readme.txt.
- i18n: translate the three changed strings across all 10 catalogs; rebuild .mo
  and the elp-upload.js .json.
- Tests: rewrite the teacher-mode shortcode/block tests for the URL-param model.
@erseco erseco force-pushed the fix/teacher-mode-url-param branch from 636e7d1 to f8be520 Compare June 19, 2026 12:24
@erseco erseco changed the base branch from feature/secure-iframe-sandbox to main June 19, 2026 12:24
@erseco erseco merged commit eacda6f into main Jun 26, 2026
4 checks passed
@erseco erseco deleted the fix/teacher-mode-url-param branch June 26, 2026 12:07
erseco added a commit that referenced this pull request Jun 26, 2026
@erseco
Merge branch 'main' into feature/secure-iframe-sandbox
1db0efc 
Reconcile teacher-mode handling with main (#58). main retired host-side CSS/JS
injection in favour of the package's own ?exe-teacher=1 URL parameter, so the
secure-iframe branch is aligned to the same contract:

- public/class-shortcodes.php, includes/class-elp-upload-block.php: keep the
  secure-mode embed-relay enqueue and opaque-iframe rendering, but drop the
  legacy teacher injection. The selector is offered by appending ?exe-teacher=1
  to the iframe src when teacher_mode_visible (or the legacy teacher_mode attr)
  is on. This rides through the secure-mode content proxy too: the package reads
  its own location.search even under the opaque origin, so no host injection is
  needed.
- includes/class-content-proxy.php: retire inject_teacher_mode() and the
  exe-teacher-toggler / exe-teacher server-side rewriting. It injected the exact
  #teacher-mode-toggler-wrapper CSS that #58 retired and, worse, auto-activated
  mode-teacher on ?exe-teacher=1 — which contradicts core (the parameter only
  offers the selector, it never auto-reveals). Keep inject_embed_shim().
- Tests: update ShortcodesTest / ElpUploadBlockTest secure-mode cases to assert
  the param-based contract (exe-teacher=1, no exe-teacher-toggler, no
  contentDocument) and drop the ContentProxyTest inject_teacher_mode cases.

Other conflicts:
- package.json: union — main's @playwright/test and @wordpress/env bumps plus
  the branch's vitest + happy-dom (used by tests/js). Lockfile regenerated.
- languages: msgcat union of both sides (main's strings authoritative, the
  branch's secure-mode admin strings preserved), .mo recompiled, JED .json taken
  from main (elp-upload.js is byte-identical to main), .pot unioned. CI
  regenerates references.

The admin block-editor live preview (assets/js/elp-upload.js) keeps main's
same-origin preview behaviour unchanged.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Invert Teacher Mode default in exports: hidden by default, opt-in to reveal

1 participant

@erseco