Skip to content

E
edx-platform
Commit 060b5bf9 by Brian Jacobel
Options

Update escaping and safe-templating usage

parent ac37c12b
Showing with 37 additions and 15 deletions
lms/templates/provider/authorize.html
## mako ## mako
<%page expression_filter="h"/>
<%! <%!
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from provider.templatetags.scope import scopes from provider.templatetags.scope import scopes
from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse
from openedx.core.djangolib.markup import Text, HTML
%> %>
<%inherit file="../main.html"/> <%inherit file="../main.html"/>
...@@ -14,9 +17,11 @@ from django.core.urlresolvers import reverse ...@@ -14,9 +17,11 @@ from django.core.urlresolvers import reverse
<div class="authorization-confirmation"> <div class="authorization-confirmation">
% if not error: % if not error:
<p> <p>
${_("\n <strong>{application_name}</strong> would like to access your data with the following permissions:\n ".format( ${Text(_("{start_strong}{application_name}{end_strong} would like to access your data with the following permissions:")).format(
application_name=client.name start_strong=HTML("<strong>"),
))} application_name=client.name,
end_strong=HTML("</strong>")
)}
</p> </p>
<ul> <ul>
% for permission in scopes(oauth_data['scope']): % for permission in scopes(oauth_data['scope']):
...@@ -34,7 +39,7 @@ from django.core.urlresolvers import reverse ...@@ -34,7 +39,7 @@ from django.core.urlresolvers import reverse
% elif permission == "permissions": % elif permission == "permissions":
${_("To see if you are a global staff user")} ${_("To see if you are a global staff user")}
% else: % else:
${_("Manage your data: {permission}".format(permission=permission))} ${_("Manage your data: {permission}").format(permission=permission)}
% endif % endif
</li> </li>
% endfor % endfor
......
lms/templates/registration/password_reset_complete.html
## mako ## mako
<%! from django.utils.translation import ugettext as _ %> <%page expression_filter="h"/>
<%!
from django.utils.translation import ugettext as _
from openedx.core.djangolib.markup import Text, HTML
%>
<%inherit file="../main.html"/> <%inherit file="../main.html"/>
...@@ -27,9 +32,9 @@ ...@@ -27,9 +32,9 @@
<div class="status submission-success" aria-live="polite"> <div class="status submission-success" aria-live="polite">
<h4 class="message-title">${_("Password Reset Complete")}</h4> <h4 class="message-title">${_("Password Reset Complete")}</h4>
<ul class="message-copy"> <ul class="message-copy">
${_( ${Text(_("Your password has been reset. {start_link}Sign-in to your account.{end_link}")).format(
"Your password has been reset. {start_link}Sign-in to your account.{end_link}" start_link=HTML('<a href="/login">'),
.format(start_link='<a href="/login">', end_link='</a>') end_link=HTML('</a>')
)} )}
</ul> </ul>
</div> </div>
......
lms/templates/registration/password_reset_confirm.html
## mako ## mako
<%! from django.utils.translation import ugettext as _ %> <%page expression_filter="h"/>
<%!
from django.utils.translation import ugettext as _
from openedx.core.djangolib.markup import Text, HTML
%>
<%inherit file="../main.html"/> <%inherit file="../main.html"/>
<%block name="title"> <%block name="title">
<title>${_("Reset Your {platform_name} Password".format(platform_name=platform_name))}</title> <title>${_("Reset Your {platform_name} Password").format(platform_name=platform_name)}</title>
</%block> </%block>
<%block name="bodyextra"> <%block name="bodyextra">
...@@ -18,7 +23,7 @@ ...@@ -18,7 +23,7 @@
<div id="password-reset-confirm-container" class="login-register"> <div id="password-reset-confirm-container" class="login-register">
<section id="password-reset-confirm-anchor" class="form-type"> <section id="password-reset-confirm-anchor" class="form-type">
<div id="password-reset-confirm-form" class="form-wrapper" aria-live="polite"> <div id="password-reset-confirm-form" class="form-wrapper" aria-live="polite">
<div class="status submission-error ${'hidden' if err_msg is None else ''}"> <div class="status submission-error ${'hidden' if not err_msg else ''}">
<h4 class="message-title">${_("Error Resetting Password")}</h4> <h4 class="message-title">${_("Error Resetting Password")}</h4>
<ul class="message-copy"> <ul class="message-copy">
% if err_msg: % if err_msg:
...@@ -61,11 +66,16 @@ ...@@ -61,11 +66,16 @@
<div class="status submission-error"> <div class="status submission-error">
<h4 class="message-title">${_("Invalid Password Reset Link")}</h4> <h4 class="message-title">${_("Invalid Password Reset Link")}</h4>
<ul class="message-copy"> <ul class="message-copy">
${_(( ${Text(_((
"This password reset link is invalid. It may have been used already. To reset your password, " "This password reset link is invalid. It may have been used already. To reset your password, "
"go to the {start_link}sign-in{end_link} page and select <strong>Forgot password</strong>." "go to the {start_link}sign-in{end_link} page and select {start_strong}Forgot password{end_strong}."
).format(start_link='<a href="/login">', end_link='</a>') ))).format(
)} start_link=HTML('<a href="/login">'),
end_link=HTML('</a>'),
start_strong=HTML('<strong>'),
end_strong=HTML('</strong>')
)
}
</ul> </ul>
</div> </div>
% endif % endif
......
lms/templates/support/refund.html
## mako ## mako
<%page expression_filter="h"/>
<%! <%!
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from django.utils.html import escape from django.utils.html import escape
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment