Miscellaneous fixes for things flagged by automated code scan

[rtibbles]

Summary

• Gets rid of custom function for JS query parameter parsing in favour of built in web API
• Use endswith checking for more robust filename extension checks now that we can use it in every browser we support
• Limits which file paths the freespace view can access based on the query parameter
• Set isEvalSupported to false for PDFJS usage to prevent arbitrary JS execution from a PDF
• Don't persist the auth_token sent to the initialize endpoint if it hasn't returned a valid user

Reviewer guidance

The net result here should be minimal.

Should test redirect after login using the next parameter.
Make sure that H5P apps run properly.
Ensure that free space checking during file import is working as intended.
Make sure PDFs still render properly.
Check that autologin is functioning as intended in the Android app.

---

Testing checklist

• Contributor has fully tested the PR manually
• If there are any front-end changes, before/after screenshots are included
• Critical user journeys are covered by Gherkin stories
• Critical and brittle code paths are covered by unit tests

PR process

• PR has the correct target branch and milestone
• PR has 'needs review' or 'work-in-progress' label
• If PR is ready for review, a reviewer has been added. (Don't use 'Assignees')
• If this is an important user-facing change, PR or related issue has a 'changelog' label
• If this includes an internal dependency change, a link to the diff is provided

Reviewer checklist

• PR is fully functional
• PR has been tested for accessibility regressions
• External dependency files were updated if necessary (yarn and pip)
• Documentation is updated
• Contributor is in AUTHORS.md

[github-actions]

Build Artifacts

Asset type	Download link
PEX file	kolibri-0.18.0.dev0_git.20241106015408.pex
Windows Installer (EXE)	kolibri-0.18.0.dev0+git.20241106015408-windows-setup-unsigned.exe
Debian Package	kolibri_0.18.0.dev0+git.20241106015408-0ubuntu1_all.deb
Mac Installer (DMG)	kolibri-0.18.0.dev0+git.20241106015408.dmg
Android Package (APK)	kolibri-0.18.0.dev0+git.20241106015408-0.1.4-debug.apk
TAR file	kolibri-0.18.0.dev0+git.20241106015408.tar.gz
WHL file	kolibri-0.18.0.dev0+git.20241106015408-py2.py3-none-any.whl

[pcenov]

Hi @rtibbles, in terms of manual QA I confirm that the following points are working correctly:

• Make sure that H5P apps run properly.
• Ensure that free space checking during file import is working as intended.
• Make sure PDFs still render properly.
• Check that autologin is functioning as intended in the Android app.

[marcellamaki]

after chatting through some of the changes with @rtibbles, and this passing manual QA, I think this is good to go