Skip to content

E
edx-platform
Commit 183e0410 by Calen Pennington
Options

Merge pull request #5392 from cpennington/escape-course-ids-in-html 

Properly escape CourseKeys and UsageKeys in html templates
parents d9b9630c 77a04daa
Showing with 107 additions and 95 deletions
cms/templates/base.html
## -*- coding: utf-8 -*- ## -*- coding: utf-8 -*-
<%! from django.utils.translation import ugettext as _ %> <%! from django.utils.translation import ugettext as _ %>
<%! from django.template.defaultfilters import escapejs %>
<%namespace name='static' file='static_content.html'/> <%namespace name='static' file='static_content.html'/>
<!doctype html> <!doctype html>
...@@ -14,7 +15,7 @@ ...@@ -14,7 +15,7 @@
<%block name="title"></%block> | <%block name="title"></%block> |
% if context_course: % if context_course:
<% ctx_loc = context_course.location %> <% ctx_loc = context_course.location %>
${context_course.display_name_with_default} | ${context_course.display_name_with_default | h} |
% endif % endif
edX Studio edX Studio
</title> </title>
...@@ -329,7 +330,7 @@ ...@@ -329,7 +330,7 @@
<script type="text/javascript"> <script type="text/javascript">
require(['js/models/course'], function(Course) { require(['js/models/course'], function(Course) {
window.course = new Course({ window.course = new Course({
id: "${context_course.id}", id: "${context_course.id | escapejs}",
name: "${context_course.display_name_with_default | h}", name: "${context_course.display_name_with_default | h}",
url_name: "${context_course.location.name | h}", url_name: "${context_course.location.name | h}",
org: "${context_course.location.org | h}", org: "${context_course.location.org | h}",
......
cms/templates/container.html
...@@ -115,7 +115,7 @@ templates = ["basic-modal", "modal-button", "edit-xblock-modal", ...@@ -115,7 +115,7 @@ templates = ["basic-modal", "modal-button", "edit-xblock-modal",
<article class="content-primary"> <article class="content-primary">
<div class="container-message wrapper-message"></div> <div class="container-message wrapper-message"></div>
<section class="wrapper-xblock level-page is-hidden studio-xblock-wrapper" data-locator="${xblock_locator}" data-course-key="${xblock_locator.course_key}"> <section class="wrapper-xblock level-page is-hidden studio-xblock-wrapper" data-locator="${xblock_locator | h}" data-course-key="${xblock_locator.course_key | h}">
</section> </section>
<div class="ui-loading"> <div class="ui-loading">
<p><span class="spin"><i class="icon-refresh"></i></span> <span class="copy">${_("Loading...")}</span></p> <p><span class="spin"><i class="icon-refresh"></i></span> <span class="copy">${_("Loading...")}</span></p>
...@@ -147,7 +147,7 @@ templates = ["basic-modal", "modal-button", "edit-xblock-modal", ...@@ -147,7 +147,7 @@ templates = ["basic-modal", "modal-button", "edit-xblock-modal",
<div class="wrapper-unit-id bar-mod-content"> <div class="wrapper-unit-id bar-mod-content">
<h5 class="title">${_("Location ID")}</h5> <h5 class="title">${_("Location ID")}</h5>
<p class="unit-id"> <p class="unit-id">
<span class="unit-id-value" id="unit-location-id-input">${unit.location.name}</span> <span class="unit-id-value" id="unit-location-id-input">${unit.location.name | h}</span>
<span class="tip"><span class="sr">Tip: </span>${_("Use this ID when you create links to this unit from other course content. You enter the ID in the URL field.")}</span> <span class="tip"><span class="sr">Tip: </span>${_("Use this ID when you create links to this unit from other course content. You enter the ID in the URL field.")}</span>
</p> </p>
</div> </div>
......
cms/templates/course-create-rerun.html
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
<%def name="online_help_token()"><% return "course_rerun" %></%def> <%def name="online_help_token()"><% return "course_rerun" %></%def>
<%! from django.utils.translation import ugettext as _ %> <%! from django.utils.translation import ugettext as _ %>
<%! from django.core.urlresolvers import reverse %> <%! from django.core.urlresolvers import reverse %>
<%! from django.template.defaultfilters import escapejs %>
<%block name="title">${_("Create a Course Rerun of:")}</%block> <%block name="title">${_("Create a Course Rerun of:")}</%block>
<%block name="bodyclass">is-signedin view-course-create view-course-create-rerun</%block> <%block name="bodyclass">is-signedin view-course-create view-course-create-rerun</%block>
...@@ -13,7 +14,7 @@ require(["domReady!", "jquery", "jquery.form", "js/views/course_rerun"], functio ...@@ -13,7 +14,7 @@ require(["domReady!", "jquery", "jquery.form", "js/views/course_rerun"], functio
}); });
</script> </script>
<script type="text/javascript"> <script type="text/javascript">
var source_course_key = "${source_course_key}" var source_course_key = "${source_course_key | escapejs}"
</script> </script>
</%block> </%block>
...@@ -37,7 +38,7 @@ require(["domReady!", "jquery", "jquery.form", "js/views/course_rerun"], functio ...@@ -37,7 +38,7 @@ require(["domReady!", "jquery", "jquery.form", "js/views/course_rerun"], functio
<h2 class="page-header-super course-original"> <h2 class="page-header-super course-original">
<span class="sr">${_("You are creating a re-run from:")}</span> <span class="sr">${_("You are creating a re-run from:")}</span>
<span class="course-original-title-id">${source_course_key.org} ${source_course_key.course} ${source_course_key.run}</span> <span class="course-original-title-id">${source_course_key.org | h} ${source_course_key.course | h} ${source_course_key.run | h}</span>
<span class="course-original-title">${display_name}</span> <span class="course-original-title">${display_name}</span>
</h2> </h2>
</header> </header>
...@@ -79,7 +80,7 @@ require(["domReady!", "jquery", "jquery.form", "js/views/course_rerun"], functio ...@@ -79,7 +80,7 @@ require(["domReady!", "jquery", "jquery.form", "js/views/course_rerun"], functio
</li> </li>
<li class="field text required" id="field-organization"> <li class="field text required" id="field-organization">
<label for="rerun-course-org">${_("Organization")}</label> <label for="rerun-course-org">${_("Organization")}</label>
<input class="rerun-course-org" id="rerun-course-org" type="text" name="rerun-course-org" aria-required="true" value="${source_course_key.org}" placeholder="${_('e.g. UniversityX or OrganizationX')}" /> <input class="rerun-course-org" id="rerun-course-org" type="text" name="rerun-course-org" aria-required="true" value="${source_course_key.org | h}" placeholder="${_('e.g. UniversityX or OrganizationX')}" />
<span class="tip"> <span class="tip">
${_("The name of the organization sponsoring the new course. (This name is often the same as the original organization name.)")} ${_("The name of the organization sponsoring the new course. (This name is often the same as the original organization name.)")}
<strong class="tip-note" class="tip-note">${_("Note: No spaces or special characters are allowed.")}</strong> <strong class="tip-note" class="tip-note">${_("Note: No spaces or special characters are allowed.")}</strong>
...@@ -90,7 +91,7 @@ require(["domReady!", "jquery", "jquery.form", "js/views/course_rerun"], functio ...@@ -90,7 +91,7 @@ require(["domReady!", "jquery", "jquery.form", "js/views/course_rerun"], functio
<li class="row"> <li class="row">
<div class="column field text required" id="field-course-number"> <div class="column field text required" id="field-course-number">
<label for="rerun-course-number">${_("Course Number")}</label> <label for="rerun-course-number">${_("Course Number")}</label>
<input class="rerun-course-number" id="rerun-course-number" type="text" name="rerun-course-number" aria-required="true" value="${source_course_key.course}" placeholder="${_('e.g. CS101')}" /> <input class="rerun-course-number" id="rerun-course-number" type="text" name="rerun-course-number" aria-required="true" value="${source_course_key.course | h}" placeholder="${_('e.g. CS101')}" />
<span class="tip"> <span class="tip">
${_("The unique number that identifies the new course within the organization. (This number is often the same as the original course number.)")} ${_("The unique number that identifies the new course within the organization. (This number is often the same as the original course number.)")}
<strong class="tip-note" class="tip-note">${_("Note: No spaces or special characters are allowed.")}</strong> <strong class="tip-note" class="tip-note">${_("Note: No spaces or special characters are allowed.")}</strong>
......
cms/templates/course_info.html
<%! <%!
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from django.template.defaultfilters import escapejs
%> %>
<%inherit file="base.html" /> <%inherit file="base.html" />
<%def name="online_help_token()"><% return "updates" %></%def> <%def name="online_help_token()"><% return "updates" %></%def>
...@@ -20,7 +21,7 @@ ...@@ -20,7 +21,7 @@
<%block name="jsextra"> <%block name="jsextra">
<script type="text/javascript" charset="utf-8"> <script type="text/javascript" charset="utf-8">
require(["domReady!", "jquery", "js/collections/course_update", "js/models/module_info", "js/models/course_info", "js/views/course_info_edit"], require(["domReady!", "jquery", "js/collections/course_update", "js/models/module_info", "js/models/course_info", "js/views/course_info_edit"],
function(doc, $, CourseUpdateCollection, ModuleInfoModel, CourseInfoModel, CourseInfoEditView) { function(doc, $, CourseUpdateCollection, ModuleInfoModel, CourseInfoModel, CourseInfoEditView) {
var course_updates = new CourseUpdateCollection(); var course_updates = new CourseUpdateCollection();
...@@ -28,7 +29,7 @@ require(["domReady!", "jquery", "js/collections/course_update", "js/models/modul ...@@ -28,7 +29,7 @@ require(["domReady!", "jquery", "js/collections/course_update", "js/models/modul
course_updates.fetch({reset: true}); course_updates.fetch({reset: true});
var course_handouts = new ModuleInfoModel({ var course_handouts = new ModuleInfoModel({
id: '${handouts_locator}' id: '${handouts_locator | escapejs}'
}); });
var editor = new CourseInfoEditView({ var editor = new CourseInfoEditView({
......
cms/templates/course_outline.html
...@@ -73,7 +73,7 @@ from contentstore.utils import reverse_usage_url ...@@ -73,7 +73,7 @@ from contentstore.utils import reverse_usage_url
<h3 class="sr">${_("Page Actions")}</h3> <h3 class="sr">${_("Page Actions")}</h3>
<ul> <ul>
<li class="nav-item"> <li class="nav-item">
<a href="#" class="button button-new" data-category="chapter" data-parent="${context_course.location}" data-default-name="${_('Section')}" title="${_('Click to add a new section')}"> <a href="#" class="button button-new" data-category="chapter" data-parent="${context_course.location | h}" data-default-name="${_('Section')}" title="${_('Click to add a new section')}">
<i class="icon-plus"></i>${_('New Section')} <i class="icon-plus"></i>${_('New Section')}
</a> </a>
</li> </li>
...@@ -116,7 +116,7 @@ from contentstore.utils import reverse_usage_url ...@@ -116,7 +116,7 @@ from contentstore.utils import reverse_usage_url
course_locator = context_course.location course_locator = context_course.location
%> %>
<h2 class="sr">${_("Course Outline")}</h2> <h2 class="sr">${_("Course Outline")}</h2>
<article class="outline outline-complex outline-course" data-locator="${course_locator}" data-course-key="${course_locator.course_key}"> <article class="outline outline-complex outline-course" data-locator="${course_locator | h}" data-course-key="${course_locator.course_key | h}">
</article> </article>
</div> </div>
<div class="ui-loading"> <div class="ui-loading">
...@@ -139,7 +139,7 @@ from contentstore.utils import reverse_usage_url ...@@ -139,7 +139,7 @@ from contentstore.utils import reverse_usage_url
<div class="bit external-help"> <div class="bit external-help">
<a href="${get_online_help_info(online_help_token())['doc_url']}" target="_blank" class="button external-help-button">${_("Learn more about the course outline")}</a> <a href="${get_online_help_info(online_help_token())['doc_url']}" target="_blank" class="button external-help-button">${_("Learn more about the course outline")}</a>
</div> </div>
</aside> </aside>
</section> </section>
</div> </div>
......
cms/templates/edit-tabs.html
...@@ -5,6 +5,7 @@ ...@@ -5,6 +5,7 @@
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse
from xmodule.tabs import StaticTab from xmodule.tabs import StaticTab
from django.template.defaultfilters import escapejs
%> %>
<%block name="title">${_("Pages")}</%block> <%block name="title">${_("Pages")}</%block>
<%block name="bodyclass">is-signedin course view-static-pages</%block> <%block name="bodyclass">is-signedin course view-static-pages</%block>
...@@ -24,7 +25,7 @@ ...@@ -24,7 +25,7 @@
function (TabsModel, TabsEditView, xmoduleLoader) { function (TabsModel, TabsEditView, xmoduleLoader) {
xmoduleLoader.done(function () { xmoduleLoader.done(function () {
var model = new TabsModel({ var model = new TabsModel({
id: "${context_course.location}", id: "${context_course.location | escapejs}",
explicit_url: "${reverse('contentstore.views.tabs_handler', kwargs={'course_key_string': context_course.id})}" explicit_url: "${reverse('contentstore.views.tabs_handler', kwargs={'course_key_string': context_course.id})}"
}); });
...@@ -86,7 +87,7 @@ ...@@ -86,7 +87,7 @@
%> %>
% if isinstance(tab, StaticTab): % if isinstance(tab, StaticTab):
<li class="component ${css_class}" data-locator="${tab.locator}" data-tab-id="${tab.tab_id}"></li> <li class="component ${css_class}" data-locator="${tab.locator | h}" data-tab-id="${tab.tab_id | h}"></li>
% else: % else:
<li class="course-nav-item ${css_class}" data-tab-id="${tab.tab_id}"> <li class="course-nav-item ${css_class}" data-tab-id="${tab.tab_id}">
......
cms/templates/export_git.html
...@@ -60,7 +60,7 @@ ...@@ -60,7 +60,7 @@
<aside class="content-supplementary" role="complimentary"> <aside class="content-supplementary" role="complimentary">
<dl class="export-git-info-block"> <dl class="export-git-info-block">
<dt>${_("Your course:")}</dt> <dt>${_("Your course:")}</dt>
<dd class="course_text">${context_course.id}</dd> <dd class="course_text">${context_course.id | h}</dd>
<dt>${_("Course git url:")}</dt> <dt>${_("Course git url:")}</dt>
<dd class="giturl_text">${context_course.giturl}</dd> <dd class="giturl_text">${context_course.giturl}</dd>
</dl> </dl>
......
cms/templates/index.html
...@@ -140,7 +140,7 @@ require(["domReady!", "jquery", "jquery.form", "js/index"], function(doc, $) { ...@@ -140,7 +140,7 @@ require(["domReady!", "jquery", "jquery.form", "js/index"], function(doc, $) {
%for course_info in sorted(in_process_course_actions, key=lambda s: s['display_name'].lower() if s['display_name'] is not None else ''): %for course_info in sorted(in_process_course_actions, key=lambda s: s['display_name'].lower() if s['display_name'] is not None else ''):
<!-- STATE: re-run is processing --> <!-- STATE: re-run is processing -->
%if course_info['is_in_progress']: %if course_info['is_in_progress']:
<li class="wrapper-course has-status" data-course-key="${course_info['course_key']}"> <li class="wrapper-course has-status" data-course-key="${course_info['course_key'] | h}">
<div class="course-item course-rerun is-processing"> <div class="course-item course-rerun is-processing">
<div class="course-details" href="#"> <div class="course-details" href="#">
<h3 class="course-title">${course_info['display_name']}</h3> <h3 class="course-title">${course_info['display_name']}</h3>
...@@ -178,7 +178,7 @@ require(["domReady!", "jquery", "jquery.form", "js/index"], function(doc, $) { ...@@ -178,7 +178,7 @@ require(["domReady!", "jquery", "jquery.form", "js/index"], function(doc, $) {
<!-- STATE: re-run has error --> <!-- STATE: re-run has error -->
%if course_info['is_failed']: %if course_info['is_failed']:
<li class="wrapper-course has-status" data-course-key="${course_info['course_key']}"> <li class="wrapper-course has-status" data-course-key="${course_info['course_key'] | h}">
<div class="course-item course-rerun has-error"> <div class="course-item course-rerun has-error">
<div class="course-details" href="#"> <div class="course-details" href="#">
<h3 class="course-title">${course_info['display_name']}</h3> <h3 class="course-title">${course_info['display_name']}</h3>
...@@ -229,7 +229,7 @@ require(["domReady!", "jquery", "jquery.form", "js/index"], function(doc, $) { ...@@ -229,7 +229,7 @@ require(["domReady!", "jquery", "jquery.form", "js/index"], function(doc, $) {
<div class="courses"> <div class="courses">
<ul class="list-courses"> <ul class="list-courses">
%for course_info in sorted(courses, key=lambda s: s['display_name'].lower() if s['display_name'] is not None else ''): %for course_info in sorted(courses, key=lambda s: s['display_name'].lower() if s['display_name'] is not None else ''):
<li class="course-item" data-course-key="${course_info['course_key']}"> <li class="course-item" data-course-key="${course_info['course_key'] | h}">
<a class="course-link" href="${course_info['url']}"> <a class="course-link" href="${course_info['url']}">
<h3 class="course-title">${course_info['display_name']}</h3> <h3 class="course-title">${course_info['display_name']}</h3>
......
cms/templates/studio_xblock_wrapper.html
...@@ -13,9 +13,9 @@ label = xblock.display_name or xblock.scope_ids.block_type ...@@ -13,9 +13,9 @@ label = xblock.display_name or xblock.scope_ids.block_type
% if not is_root: % if not is_root:
% if is_reorderable: % if is_reorderable:
<li class="studio-xblock-wrapper is-draggable" data-locator="${xblock.location}" data-course-key="${xblock.location.course_key}"> <li class="studio-xblock-wrapper is-draggable" data-locator="${xblock.location | h}" data-course-key="${xblock.location.course_key | h}">
% else: % else:
<div class="studio-xblock-wrapper" data-locator="${xblock.location}" data-course-key="${xblock.location.course_key}"> <div class="studio-xblock-wrapper" data-locator="${xblock.location | h}" data-course-key="${xblock.location.course_key | h}">
% endif % endif
<section class="wrapper-xblock ${section_class} ${collapsible_class}"> <section class="wrapper-xblock ${section_class} ${collapsible_class}">
......
cms/templates/widgets/segment-io.html
<%! from django.template.defaultfilters import escapejs %>
% if context_course: % if context_course:
<% <%
locator = context_course.id locator = context_course.id
...@@ -9,7 +11,7 @@ ...@@ -9,7 +11,7 @@
<script type="text/javascript"> <script type="text/javascript">
// if inside course, inject the course location into the JS namespace // if inside course, inject the course location into the JS namespace
%if context_course: %if context_course:
var course_location_analytics = "${locator}"; var course_location_analytics = "${locator | escapejs}";
%endif %endif
var analytics=analytics||[];analytics.load=function(e){var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=("https:"===document.location.protocol?"https://":"http://")+"d2dq2ahtl5zl1z.cloudfront.net/analytics.js/v1/"+e+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(t,n);var r=function(e){return function(){analytics.push([e].concat(Array.prototype.slice.call(arguments,0)))}},i=["identify","track","trackLink","trackForm","trackClick","trackSubmit","pageview","ab","alias","ready"];for(var s=0;s<i.length;s++)analytics[i[s]]=r(i[s])}; var analytics=analytics||[];analytics.load=function(e){var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=("https:"===document.location.protocol?"https://":"http://")+"d2dq2ahtl5zl1z.cloudfront.net/analytics.js/v1/"+e+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(t,n);var r=function(e){return function(){analytics.push([e].concat(Array.prototype.slice.call(arguments,0)))}},i=["identify","track","trackLink","trackForm","trackClick","trackSubmit","pageview","ab","alias","ready"];for(var s=0;s<i.length;s++)analytics[i[s]]=r(i[s])};
...@@ -28,7 +30,7 @@ ...@@ -28,7 +30,7 @@
<!-- dummy segment.io --> <!-- dummy segment.io -->
<script type="text/javascript"> <script type="text/javascript">
%if context_course: %if context_course:
var course_location_analytics = "${locator}"; var course_location_analytics = "${locator | escapejs}";
%endif %endif
var analytics = { var analytics = {
"track": function() {} "track": function() {}
......
lms/templates/course.html
...@@ -5,7 +5,7 @@ from django.core.urlresolvers import reverse ...@@ -5,7 +5,7 @@ from django.core.urlresolvers import reverse
from courseware.courses import course_image_url, get_course_about_section from courseware.courses import course_image_url, get_course_about_section
%> %>
<%page args="course" /> <%page args="course" />
<article id="${course.id.to_deprecated_string()}" class="course"> <article id="${course.id | h}" class="course">
%if course.is_newish: %if course.is_newish:
<span class="status">${_("New")}</span> <span class="status">${_("New")}</span>
%endif %endif
......
lms/templates/courseware/course_about.html
...@@ -81,7 +81,7 @@ ...@@ -81,7 +81,7 @@
if(xhr.status == 200) { if(xhr.status == 200) {
location.href = "${reverse('dashboard')}"; location.href = "${reverse('dashboard')}";
} else if (xhr.status == 403) { } else if (xhr.status == 403) {
location.href = "${reverse('course-specific-register', args=[course.id.to_deprecated_string()])}?course_id=${course.id.to_deprecated_string()}&enrollment_action=enroll"; location.href = "${reverse('course-specific-register', args=[course.id.to_deprecated_string()])}?course_id=${course.id | u}&enrollment_action=enroll";
} else if (xhr.status == 400) { //This means the user did not have permission } else if (xhr.status == 400) { //This means the user did not have permission
$('#register_error').html("${perms_error}").css("display", "block"); $('#register_error').html("${perms_error}").css("display", "block");
} else { } else {
...@@ -348,7 +348,7 @@ ...@@ -348,7 +348,7 @@
<div style="display: none;"> <div style="display: none;">
<form id="class_enroll_form" method="post" data-remote="true" action="${reverse('change_enrollment')}"> <form id="class_enroll_form" method="post" data-remote="true" action="${reverse('change_enrollment')}">
<fieldset class="enroll_fieldset"> <fieldset class="enroll_fieldset">
<input name="course_id" type="hidden" value="${course.id.to_deprecated_string()}"> <input name="course_id" type="hidden" value="${course.id | h}">
<input name="enrollment_action" type="hidden" value="enroll"> <input name="enrollment_action" type="hidden" value="enroll">
</fieldset> </fieldset>
<div class="submit"> <div class="submit">
......
lms/templates/courseware/courseware.html
<%! from django.utils.translation import ugettext as _ %> <%! from django.utils.translation import ugettext as _ %>
<%! from django.template.defaultfilters import escapejs %>
<%! from microsite_configuration import page_title_breadcrumbs %> <%! from microsite_configuration import page_title_breadcrumbs %>
<%inherit file="/main.html" /> <%inherit file="/main.html" />
<%namespace name='static' file='/static_content.html'/> <%namespace name='static' file='/static_content.html'/>
...@@ -58,7 +59,7 @@ ${page_title_breadcrumbs(course_name())} ...@@ -58,7 +59,7 @@ ${page_title_breadcrumbs(course_name())}
% endif % endif
<script type="text/javascript"> <script type="text/javascript">
var $$course_id = "${course.id.to_deprecated_string()}"; var $$course_id = "${course.id | escapejs}";
$(function(){ $(function(){
$(".ui-accordion-header a, .ui-accordion-content .subtitle").each(function() { $(".ui-accordion-header a, .ui-accordion-content .subtitle").each(function() {
......
lms/templates/courseware/mktg_coming_soon.html
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
<%inherit file="../mktg_iframe.html" /> <%inherit file="../mktg_iframe.html" />
<%block name="pagetitle">${_("About {course_id}").format(course_id=course_id)}</%block> <%block name="pagetitle">${_("About {course_id}").format(course_id=course_id) | h}</%block>
<%block name="bodyclass">view-iframe-content view-partial-mktgregister</%block> <%block name="bodyclass">view-iframe-content view-partial-mktgregister</%block>
......
lms/templates/courseware/mktg_course_about.html
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
window.top.location.href = "${reverse('dashboard')}"; window.top.location.href = "${reverse('dashboard')}";
} }
} else if (xhr.status == 403) { } else if (xhr.status == 403) {
window.top.location.href = "${reverse('register_user')}?course_id=${course.id.to_deprecated_string()}&enrollment_action=enroll"; window.top.location.href = "${reverse('register_user')}?course_id=${course.id | u}&enrollment_action=enroll";
} else { } else {
$('#register_error').html( $('#register_error').html(
(xhr.responseText ? xhr.responseText : "${_("An error occurred. Please try again later.")}") (xhr.responseText ? xhr.responseText : "${_("An error occurred. Please try again later.")}")
...@@ -77,7 +77,7 @@ ...@@ -77,7 +77,7 @@
<div style="display: none;"> <div style="display: none;">
<form id="class_enroll_form" method="post" data-remote="true" action="${reverse('change_enrollment')}"> <form id="class_enroll_form" method="post" data-remote="true" action="${reverse('change_enrollment')}">
<fieldset class="enroll_fieldset"> <fieldset class="enroll_fieldset">
<input name="course_id" type="hidden" value="${course.id.to_deprecated_string()}"> <input name="course_id" type="hidden" value="${course.id | h}">
<input name="enrollment_action" type="hidden" value="enroll"> <input name="enrollment_action" type="hidden" value="enroll">
<input type="hidden" name="csrfmiddlewaretoken" value="${ csrf_token }"> <input type="hidden" name="csrfmiddlewaretoken" value="${ csrf_token }">
</fieldset> </fieldset>
......
lms/templates/courseware/progress.html
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
<%inherit file="/main.html" /> <%inherit file="/main.html" />
<%namespace name='static' file='/static_content.html'/> <%namespace name='static' file='/static_content.html'/>
<%block name="headextra"> <%block name="headextra">
<%static:css group='style-course-vendor'/> <%static:css group='style-course-vendor'/>
<%static:css group='style-course'/> <%static:css group='style-course'/>
...@@ -19,6 +20,7 @@ ...@@ -19,6 +20,7 @@
<%! <%!
from util.date_utils import get_time_display from util.date_utils import get_time_display
from django.conf import settings from django.conf import settings
from django.utils.http import urlquote_plus
%> %>
<%block name="js_extra"> <%block name="js_extra">
...@@ -51,7 +53,9 @@ from django.conf import settings ...@@ -51,7 +53,9 @@ from django.conf import settings
%if settings.FEATURES.get("SHOW_PROGRESS_SUCCESS_BUTTON"): %if settings.FEATURES.get("SHOW_PROGRESS_SUCCESS_BUTTON"):
<% <%
SUCCESS_BUTTON_URL = settings.PROGRESS_SUCCESS_BUTTON_URL.format( SUCCESS_BUTTON_URL = settings.PROGRESS_SUCCESS_BUTTON_URL.format(
course_id=course.id.to_deprecated_string(), student_id=student.id) course_id=urlquote_plus(unicode(course.id)),
student_id=urlquote_plus(student.id)
)
nonzero_cutoffs = [cutoff for cutoff in course.grade_cutoffs.values() if cutoff > 0] nonzero_cutoffs = [cutoff for cutoff in course.grade_cutoffs.values() if cutoff > 0]
success_cutoff = min(nonzero_cutoffs) if nonzero_cutoffs else None success_cutoff = min(nonzero_cutoffs) if nonzero_cutoffs else None
%> %>
......
lms/templates/courseware/xqa_interface.html
...@@ -5,18 +5,18 @@ ...@@ -5,18 +5,18 @@
<script type="text/javascript"> <script type="text/javascript">
function setup_debug(element_id, edit_link, staff_context){ function setup_debug(element_id, edit_link, staff_context){
$('#' + element_id + '_trig').leanModal(); $('#' + element_id + '_trig').leanModal();
$('#' + element_id + '_xqa_log').leanModal(); $('#' + element_id + '_xqa_log').leanModal();
$('#' + element_id + '_xqa_form').submit(function () {sendlog(element_id, edit_link, staff_context);}); $('#' + element_id + '_xqa_form').submit(function () {sendlog(element_id, edit_link, staff_context);});
$("#" + element_id + "_history_trig").leanModal(); $("#" + element_id + "_history_trig").leanModal();
$('#' + element_id + '_history_form').submit( $('#' + element_id + '_history_form').submit(
function () { function () {
var username = $("#" + element_id + "_history_student_username").val(); var username = $("#" + element_id + "_history_student_username").val();
var location = $("#" + element_id + "_history_location").val(); var location = $("#" + element_id + "_history_location").val();
$("#" + element_id + "_history_text").load('/courses/' + "${unicode(course.id)}" + $("#" + element_id + "_history_text").load('/courses/' + "${unicode(course.id) | u}" +
"/submission_history/" + username + "/" + location); "/submission_history/" + username + "/" + location);
return false; return false;
} }
...@@ -36,7 +36,7 @@ function sendlog(element_id, edit_link, staff_context){ ...@@ -36,7 +36,7 @@ function sendlog(element_id, edit_link, staff_context){
tag:$('#' + element_id + '_xqa_tag').val(), tag:$('#' + element_id + '_xqa_tag').val(),
entry: $('#' + element_id + '_xqa_entry').val() entry: $('#' + element_id + '_xqa_entry').val()
}; };
$.ajax({ $.ajax({
url: '${xqa_server}/log', url: '${xqa_server}/log',
type: 'GET', type: 'GET',
...@@ -44,7 +44,7 @@ function sendlog(element_id, edit_link, staff_context){ ...@@ -44,7 +44,7 @@ function sendlog(element_id, edit_link, staff_context){
data: JSON.stringify(xqaLog), data: JSON.stringify(xqaLog),
crossDomain: true, crossDomain: true,
dataType: 'jsonp', dataType: 'jsonp',
beforeSend: function (xhr) { beforeSend: function (xhr) {
xhr.setRequestHeader ("Authorization", "Basic eHFhOmFnYXJ3YWw="); }, xhr.setRequestHeader ("Authorization", "Basic eHFhOmFnYXJ3YWw="); },
timeout : 1000, timeout : 1000,
success: function(result) { success: function(result) {
......
lms/templates/dashboard.html
...@@ -70,7 +70,7 @@ ...@@ -70,7 +70,7 @@
location.href = "${reverse('dashboard')}"; location.href = "${reverse('dashboard')}";
} else if (xhr.status == 403) { } else if (xhr.status == 403) {
location.href = "${reverse('signin_user')}?course_id=" + location.href = "${reverse('signin_user')}?course_id=" +
$("#unenroll_course_id").val() + "&enrollment_action=unenroll"; encodeURIComponont($("#unenroll_course_id").val()) + "&enrollment_action=unenroll";
} else { } else {
$('#unenroll_error').html( $('#unenroll_error').html(
xhr.responseText ? xhr.responseText : "${_("An error occurred. Please try again later.")}" xhr.responseText ? xhr.responseText : "${_("An error occurred. Please try again later.")}"
......
lms/templates/dashboard/_dashboard_refund.html
...@@ -37,7 +37,7 @@ strong { ...@@ -37,7 +37,7 @@ strong {
{% csrf_token %} {% csrf_token %}
{{form.as_p}} {{form.as_p}}
<p> <p>
<input type="button" value="Cancel" onclick="javascript:location=location"/> <input type="submit" value="{% if cert %}Refund{% else %}Confirm{% endif %}" /> <input type="button" value="Cancel" onclick="javascript:location=location"/> <input type="submit" value="{% if cert %}Refund{% else %}Confirm{% endif %}" />
</p> </p>
</form> </form>
{% if cert %} {% if cert %}
...@@ -49,7 +49,7 @@ strong { ...@@ -49,7 +49,7 @@ strong {
<strong>{% trans "Order Id:" %}</strong> {{cert.order.id}} <strong>{% trans "Order Id:" %}</strong> {{cert.order.id}}
</p> </p>
<p> <p>
<strong>{% trans "Enrollment:" %}</strong> {{enrollment.course_id}} {{enrollment.mode}} ({% if enrollment.is_active %}{% trans "enrolled" %}{% else %}{% trans "unenrolled" %}{% endif %}) <strong>{% trans "Enrollment:" %}</strong> {{enrollment.course_id|escape}} {{enrollment.mode}} ({% if enrollment.is_active %}{% trans "enrolled" %}{% else %}{% trans "unenrolled" %}{% endif %})
</p> </p>
<p> <p>
<strong>{% trans "Cost:" %}</strong> {{cert.unit_cost}} {{cert.currency}} <strong>{% trans "Cost:" %}</strong> {{cert.unit_cost}} {{cert.currency}}
......
lms/templates/discussion/index.html
...@@ -25,7 +25,7 @@ ...@@ -25,7 +25,7 @@
<section class="discussion container" id="discussion-container" <section class="discussion container" id="discussion-container"
data-roles="${roles}" data-roles="${roles}"
data-course-id="${course_id}" data-course-id="${course_id | h}"
data-user-info="${user_info}" data-user-info="${user_info}"
data-threads="${threads}" data-threads="${threads}"
data-thread-pages="${thread_pages}" data-thread-pages="${thread_pages}"
......
lms/templates/discussion/user_profile.html
...@@ -32,7 +32,7 @@ ...@@ -32,7 +32,7 @@
</nav> </nav>
</section> </section>
<section class="course-content container discussion-user-threads" data-course-id="${course.id.to_deprecated_string() | h}" data-threads="${threads}" data-user-info="${user_info}" data-page="${page}" data-num-pages="${num_pages}"/> <section class="course-content container discussion-user-threads" data-course-id="${course.id | h}" data-threads="${threads}" data-user-info="${user_info}" data-page="${page}" data-num-pages="${num_pages}"/>
</div> </div>
</section> </section>
......
lms/templates/instructor/instructor_dashboard_2/add_coupon_modal.html
...@@ -46,7 +46,7 @@ ...@@ -46,7 +46,7 @@
<li class="field" id="add-coupon-modal-field-course_id"> <li class="field" id="add-coupon-modal-field-course_id">
<label for="coupon_course_id">${_("Course ID")}</label> <label for="coupon_course_id">${_("Course ID")}</label>
<input class="field readonly" id="coupon_course_id" type="text" name="course_id" value="${section_data['course_id']}" <input class="field readonly" id="coupon_course_id" type="text" name="course_id" value="${section_data['course_id'] | h}"
readonly aria-required="true"/> readonly aria-required="true"/>
</li> </li>
......
lms/templates/instructor/instructor_dashboard_2/course_info.html
...@@ -30,17 +30,17 @@ ...@@ -30,17 +30,17 @@
<ul class="list-input"> <ul class="list-input">
<li class="field text is-not-editable" id="field-course-organization"> <li class="field text is-not-editable" id="field-course-organization">
<label for="course-organization">${_("Organization:")}</label> <label for="course-organization">${_("Organization:")}</label>
<b>${ section_data['course_id'].org }</b> <b>${ section_data['course_id'].org | h}</b>
</li> </li>
<li class="field text is-not-editable" id="field-course-number"> <li class="field text is-not-editable" id="field-course-number">
<label for="course-number">${_("Course Number:")}</label> <label for="course-number">${_("Course Number:")}</label>
<b>${ section_data['course_id'].course }</b> <b>${ section_data['course_id'].course | h}</b>
</li> </li>
<li class="field text is-not-editable" id="field-course-name"> <li class="field text is-not-editable" id="field-course-name">
<label for="course-name">${_("Course Name:")}</label> <label for="course-name">${_("Course Name:")}</label>
<b>${ section_data['course_id'].run }</b> <b>${ section_data['course_id'].run | h}</b>
</li> </li>
<li class="field text is-not-editable" id="field-course-display-name"> <li class="field text is-not-editable" id="field-course-display-name">
......
lms/templates/instructor/instructor_dashboard_2/metrics.html
<%! from django.utils.translation import ugettext as _ %> <%! from django.utils.translation import ugettext as _ %>
<%! from django.template.defaultfilters import escapejs %>
<%page args="section_data"/> <%page args="section_data"/>
...@@ -20,7 +21,7 @@ ...@@ -20,7 +21,7 @@
<h2>${_("Subsection Data")}</h2> <h2>${_("Subsection Data")}</h2>
<p>${_("Each bar shows the number of students that opened the subsection.")}</p> <p>${_("Each bar shows the number of students that opened the subsection.")}</p>
<p>${_("You can click on any of the bars to list the students that opened the subsection.")}</p> <p>${_("You can click on any of the bars to list the students that opened the subsection.")}</p>
<p>${_("You can also download this data as a CSV file.")}</p> <p>${_("You can also download this data as a CSV file.")}</p>
<p><input type="button" id="download_subsection_data" value="${_("Download Subsection Data for all Subsections as a CSV")}" /></p> <p><input type="button" id="download_subsection_data" value="${_("Download Subsection Data for all Subsections as a CSV")}" /></p>
</div> </div>
<div class="metrics-right-header"> <div class="metrics-right-header">
...@@ -69,10 +70,10 @@ ...@@ -69,10 +70,10 @@
$('.metrics-container').on("click", '.metrics-left .stacked-bar', function () { $('.metrics-container').on("click", '.metrics-left .stacked-bar', function () {
var module_id = $('rect', this).attr('id'); var module_id = $('rect', this).attr('id');
var metrics_overlay = $(this).closest('.metrics-left').siblings('.metrics-overlay'); var metrics_overlay = $(this).closest('.metrics-left').siblings('.metrics-overlay');
// Set module_id attribute on metrics_overlay // Set module_id attribute on metrics_overlay
metrics_overlay.data("module-id", module_id); metrics_overlay.data("module-id", module_id);
var header = $(this).closest('.metrics-left').siblings('.metrics-tooltip').text(); var header = $(this).closest('.metrics-left').siblings('.metrics-tooltip').text();
var overlay_content = '<h3 class="metrics-overlay-title">' + header + '</h3>'; var overlay_content = '<h3 class="metrics-overlay-title">' + header + '</h3>';
$('.metrics-overlay-content', metrics_overlay).before(overlay_content); $('.metrics-overlay-content', metrics_overlay).before(overlay_content);
...@@ -86,7 +87,7 @@ ...@@ -86,7 +87,7 @@
success: function(response) { success: function(response) {
overlay_content = "<tr class='header'><th>${_('Name')}</th><th>${_('Username')}</th></tr>"; overlay_content = "<tr class='header'><th>${_('Name')}</th><th>${_('Username')}</th></tr>";
$('.metrics-overlay-content thead', metrics_overlay).append(overlay_content); $('.metrics-overlay-content thead', metrics_overlay).append(overlay_content);
$.each(response.results, function(index, value ){ $.each(response.results, function(index, value ){
overlay_content = '<tr><td>' + value['name'] + "</td><td>" + value['username'] + '</td></tr>'; overlay_content = '<tr><td>' + value['name'] + "</td><td>" + value['username'] + '</td></tr>';
$('.metrics-overlay-content tbody', metrics_overlay).append(overlay_content); $('.metrics-overlay-content tbody', metrics_overlay).append(overlay_content);
...@@ -101,19 +102,19 @@ ...@@ -101,19 +102,19 @@
metrics_overlay.find('.metrics-student-opened').show(); metrics_overlay.find('.metrics-student-opened').show();
metrics_overlay.show(); metrics_overlay.show();
}); });
// Click handler for right bars // Click handler for right bars
$('.metrics-container').on("click", '.metrics-right .stacked-bar', function () { $('.metrics-container').on("click", '.metrics-right .stacked-bar', function () {
var module_id = $('rect', this).attr('id'); var module_id = $('rect', this).attr('id');
var metrics_overlay = $(this).closest('.metrics-right').siblings('.metrics-overlay'); var metrics_overlay = $(this).closest('.metrics-right').siblings('.metrics-overlay');
//Set module_id attribute on metrics_overlay //Set module_id attribute on metrics_overlay
metrics_overlay.data("module-id", module_id); metrics_overlay.data("module-id", module_id);
var header = $(this).closest('.metrics-right').siblings('.metrics-tooltip').text(); var header = $(this).closest('.metrics-right').siblings('.metrics-tooltip').text();
var far_index = header.indexOf(' - '); var far_index = header.indexOf(' - ');
var title = header.substring(0, far_index); var title = header.substring(0, far_index);
var overlay_content = '<h3 class="metrics-overlay-title">' + title + '</h3>'; var overlay_content = '<h3 class="metrics-overlay-title">' + title + '</h3>';
$('.metrics-overlay-content', metrics_overlay).before(overlay_content); $('.metrics-overlay-content', metrics_overlay).before(overlay_content);
...@@ -141,12 +142,12 @@ ...@@ -141,12 +142,12 @@
metrics_overlay.find('.metrics-student-grades').show(); metrics_overlay.find('.metrics-student-grades').show();
metrics_overlay.show(); metrics_overlay.show();
}); });
loadGraphs = function() { loadGraphs = function() {
$('#graph_reload').hide(); $('#graph_reload').hide();
$('.metrics-header-container').hide(); $('.metrics-header-container').hide();
$('.loading').remove(); $('.loading').remove();
var nothingText = "${_('There are no problems in this section.')}"; var nothingText = "${_('There are no problems in this section.')}";
var loadingText = "${_('Loading...')}"; var loadingText = "${_('Loading...')}";
...@@ -169,7 +170,7 @@ ...@@ -169,7 +170,7 @@
${all_section_metrics.body("metric_opened_", "metric_grade_", "metric_attempts_", "metric_tooltip_", course.id, allSubsectionTooltipArr, allProblemTooltipArr)} ${all_section_metrics.body("metric_opened_", "metric_grade_", "metric_attempts_", "metric_tooltip_", course.id, allSubsectionTooltipArr, allProblemTooltipArr)}
} }
// For downloading subsection and problem data as csv // For downloading subsection and problem data as csv
download_csv_data = function(event) { download_csv_data = function(event) {
...@@ -191,25 +192,25 @@ ...@@ -191,25 +192,25 @@
var data = {} var data = {}
data['sections'] = JSON.stringify(allSectionArr); data['sections'] = JSON.stringify(allSectionArr);
data['tooltips'] = JSON.stringify(allTooltipArr); data['tooltips'] = JSON.stringify(allTooltipArr);
data['course_id'] = "${section_data['course_id']}"; data['course_id'] = "${section_data['course_id'] | escapejs}";
data['data_type'] = event.type; data['data_type'] = event.type;
var input_data = document.createElement("input"); var input_data = document.createElement("input");
input_data.name = 'data'; input_data.name = 'data';
input_data.value = JSON.stringify(data); input_data.value = JSON.stringify(data);
var csrf_token_input = document.createElement("input"); var csrf_token_input = document.createElement("input");
csrf_token_input.name = 'csrfmiddlewaretoken'; csrf_token_input.name = 'csrfmiddlewaretoken';
csrf_token_input.value = "${ csrf_token }" csrf_token_input.value = "${ csrf_token }"
// Send data as a POST so it doesn't create a huge url // Send data as a POST so it doesn't create a huge url
var form = document.createElement("form"); var form = document.createElement("form");
form.action = "${section_data['post_metrics_data_csv_url']}"; form.action = "${section_data['post_metrics_data_csv_url']}";
form.method = 'post' form.method = 'post'
form.appendChild(input_data); form.appendChild(input_data);
form.appendChild(csrf_token_input) form.appendChild(csrf_token_input)
document.body.appendChild(form); document.body.appendChild(form);
form.submit(); form.submit();
} }
...@@ -222,17 +223,17 @@ ...@@ -222,17 +223,17 @@
$('.metrics-header-container').show(); $('.metrics-header-container').show();
} }
}); });
$('#graph_reload').click(function () { $('#graph_reload').click(function () {
loadGraphs(); loadGraphs();
$('#graph_reload').show(); $('#graph_reload').show();
$('.metrics-header-container').show(); $('.metrics-header-container').show();
}); });
$('#download_subsection_data').click(function() { $('#download_subsection_data').click(function() {
download_csv_data({'type': 'subsection'}); download_csv_data({'type': 'subsection'});
}); });
$('#download_problem_data').click(function() { $('#download_problem_data').click(function() {
download_csv_data({'type': 'problem'}); download_csv_data({'type': 'problem'});
}); });
...@@ -242,12 +243,12 @@ ...@@ -242,12 +243,12 @@
$('#graph_reload').hide(); $('#graph_reload').hide();
$('.metrics-header-container').hide(); $('.metrics-header-container').hide();
} }
$(document).ajaxStop(function() { $(document).ajaxStop(function() {
$('#graph_reload').show(); $('#graph_reload').show();
$('.metrics-header-container').show(); $('.metrics-header-container').show();
}); });
}); });
$('.metrics-overlay .close-button').click(function(event) { $('.metrics-overlay .close-button').click(function(event) {
event.preventDefault(); event.preventDefault();
...@@ -259,14 +260,14 @@ ...@@ -259,14 +260,14 @@
}); });
$('.metrics-overlay .download-csv').click(function(event) { $('.metrics-overlay .download-csv').click(function(event) {
var module_id = $(this).closest('.metrics-overlay').data("module-id"); var module_id = $(this).closest('.metrics-overlay').data("module-id");
var tooltip = $(this).closest('.metrics-container').children('.metrics-tooltip').text(); var tooltip = $(this).closest('.metrics-container').children('.metrics-tooltip').text();
var attributes = '?module_id=' + module_id + '&csv=true' + '&tooltip=' + tooltip; var attributes = '?module_id=' + module_id + '&csv=true' + '&tooltip=' + tooltip;
var url = $(this).data("endpoint"); var url = $(this).data("endpoint");
url += attributes; url += attributes;
return location.href = url; return location.href = url;
}); });
</script> </script>
......
lms/templates/main.html
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
<%! from microsite_configuration import page_title_breadcrumbs %> <%! from microsite_configuration import page_title_breadcrumbs %>
<%namespace name='static' file='static_content.html'/> <%namespace name='static' file='static_content.html'/>
<%! from django.utils import html %> <%! from django.utils.http import urlquote_plus %>
## Define a couple of helper functions to make life easier when ## Define a couple of helper functions to make life easier when
## embedding theme conditionals into templates. All inheriting ## embedding theme conditionals into templates. All inheriting
...@@ -148,7 +148,7 @@ ...@@ -148,7 +148,7 @@
<%def name="login_query()">${ <%def name="login_query()">${
u"?course_id={0}&enrollment_action={1}".format( u"?course_id={0}&enrollment_action={1}".format(
html.escape(course_id), urlquote_plus(course_id),
html.escape(enrollment_action) urlquote_plus(enrollment_action)
) if course_id and enrollment_action else "" ) if course_id and enrollment_action else ""
}</%def> }</%def>
lms/templates/peer_grading/peer_grading.html
...@@ -41,7 +41,7 @@ criteria.{end_li_tag} ...@@ -41,7 +41,7 @@ criteria.{end_li_tag}
%if problem['closed']: %if problem['closed']:
${problem['problem_name']} ${problem['problem_name']}
%else: %else:
<a href="#problem" data-location="${problem['location'].to_deprecated_string()}" class="problem-button">${problem['problem_name']}</a> <a href="#problem" data-location="${problem['location'] | h}" class="problem-button">${problem['problem_name']}</a>
%endif %endif
</td> </td>
<td> <td>
......
lms/templates/peer_grading/peer_grading_problem.html
<%! from django.utils.translation import ugettext as _ %> <%! from django.utils.translation import ugettext as _ %>
<section class="container peer-grading-container"> <section class="container peer-grading-container">
<div class="peer-grading" data-ajax-url="${ajax_url}" data-location="${problem_location.to_deprecated_string()}" data-use-single-location="${use_single_location}"> <div class="peer-grading" data-ajax-url="${ajax_url}" data-location="${problem_location | h}" data-use-single-location="${use_single_location}">
<div class="error-container"></div> <div class="error-container"></div>
<section class="content-panel"> <section class="content-panel">
...@@ -48,7 +48,7 @@ ...@@ -48,7 +48,7 @@
<textarea name="feedback" placeholder="Feedback for student" class="feedback-area" cols="70" ></textarea> <textarea name="feedback" placeholder="Feedback for student" class="feedback-area" cols="70" ></textarea>
<div class="flag-student-container"> <div class="flag-student-container">
<br /> <br />
<input type="checkbox" class="flag-checkbox" value="student_is_flagged"> <input type="checkbox" class="flag-checkbox" value="student_is_flagged">
${_("This submission has explicit, offensive, or (I suspect) plagiarized content. ")} ${_("This submission has explicit, offensive, or (I suspect) plagiarized content. ")}
</div> </div>
</div> </div>
......
lms/templates/shoppingcart/receipt.html
...@@ -52,7 +52,7 @@ ...@@ -52,7 +52,7 @@
% if item.status == "purchased": % if item.status == "purchased":
<td>${item.qty}</td> <td>${item.qty}</td>
<td>${item.line_desc}</td> <td>${item.line_desc}</td>
<td><a href="${course_id}" class="enter-course">${_('View Course')}</a></td> <td><a href="${course_id | h}" class="enter-course">${_('View Course')}</a></td>
<td>${"{0:0.2f}".format(item.unit_cost)} <td>${"{0:0.2f}".format(item.unit_cost)}
% if item.list_price != None: % if item.list_price != None:
<span class="old-price"> ${"{0:0.2f}".format(item.list_price)}</span> <span class="old-price"> ${"{0:0.2f}".format(item.list_price)}</span>
......
lms/templates/staff_problem_info.html
<%! from django.utils.translation import ugettext as _ %> <%! from django.utils.translation import ugettext as _ %>
<%! from django.template.defaultfilters import escapejs %>
<%namespace name='static' file='/static_content.html'/> <%namespace name='static' file='/static_content.html'/>
## The JS for this is defined in xqa_interface.html ## The JS for this is defined in xqa_interface.html
...@@ -9,10 +10,10 @@ ${block_content} ...@@ -9,10 +10,10 @@ ${block_content}
<a href="${edit_link}">Edit</a> <a href="${edit_link}">Edit</a>
% if xqa_key: % if xqa_key:
/ <a href="#${element_id}_xqa-modal" onclick="javascript:getlog('${element_id}', { / <a href="#${element_id}_xqa-modal" onclick="javascript:getlog('${element_id}', {
'location': '${location}', 'location': '${location | h}',
'xqa_key': '${xqa_key}', 'xqa_key': '${xqa_key | h}',
'category': '${category}', 'category': '${category | h}',
'user': '${user}' 'user': '${user | h}'
})" id="${element_id}_xqa_log">QA</a> })" id="${element_id}_xqa_log">QA</a>
% endif % endif
</div> </div>
...@@ -58,10 +59,10 @@ ${block_content} ...@@ -58,10 +59,10 @@ ${block_content}
<div class="staff_actions"> <div class="staff_actions">
<h3>${_('Actions')}</h3> <h3>${_('Actions')}</h3>
<div> <div>
<label for="sd_fu_${location.name}">${_('Username')}:</label> <label for="sd_fu_${location.name | h}">${_('Username')}:</label>
<input type="text" id="sd_fu_${location.name}" placeholder="${user.username}"/> <input type="text" id="sd_fu_${location.name | h}" placeholder="${user.username}"/>
</div> </div>
<div data-location="${location.to_deprecated_string()}" data-location-name="${location.name}"> <div data-location="${location | h}" data-location-name="${location.name | h}">
[ [
<a href="#" class="staff-debug-reset">${_('Reset Student Attempts')}</a> <a href="#" class="staff-debug-reset">${_('Reset Student Attempts')}</a>
% if has_instructor_access: % if has_instructor_access:
...@@ -72,7 +73,7 @@ ${block_content} ...@@ -72,7 +73,7 @@ ${block_content}
% endif % endif
] ]
</div> </div>
<div id="result_${location.name}"/> <div id="result_${location.name | h}"/>
</div> </div>
<div class="staff_info" style="display:block"> <div class="staff_info" style="display:block">
...@@ -106,7 +107,7 @@ category = ${category | h} ...@@ -106,7 +107,7 @@ category = ${category | h}
<form id="${element_id}_history_form"> <form id="${element_id}_history_form">
<label for="${element_id}_history_student_username">${_("User:")}</label> <label for="${element_id}_history_student_username">${_("User:")}</label>
<input id="${element_id}_history_student_username" type="text" placeholder=""/> <input id="${element_id}_history_student_username" type="text" placeholder=""/>
<input type="hidden" id="${element_id}_history_location" value="${location.to_deprecated_string()}"/> <input type="hidden" id="${element_id}_history_location" value="${location | h}"/>
<div class="submit"> <div class="submit">
<button name="submit" type="submit">${_("View History")}</button> <button name="submit" type="submit">${_("View History")}</button>
</div> </div>
...@@ -129,7 +130,7 @@ $(function () { ...@@ -129,7 +130,7 @@ $(function () {
null, null,
%endif %endif
{ {
'location': '${location.to_deprecated_string()}', 'location': '${location | escapejs}',
'xqa_key': '${xqa_key}', 'xqa_key': '${xqa_key}',
'category': '${category}', 'category': '${category}',
'user': '${user}' 'user': '${user}'
......
lms/templates/sysadmin_dashboard_gitlogs.html
...@@ -75,7 +75,7 @@ textarea { ...@@ -75,7 +75,7 @@ textarea {
%if course_id is not None: %if course_id is not None:
## Translators: Git is a version-control system; see http://git-scm.com/about ## Translators: Git is a version-control system; see http://git-scm.com/about
<h2>${_('Recent git load activity for {course_id}').format(course_id=course_id)}</h2> <h2>${_('Recent git load activity for {course_id}').format(course_id=course_id) | h}</h2>
%if error_msg: %if error_msg:
<h3>${_('Error')}:</h3> <h3>${_('Error')}:</h3>
<p>${error_msg}</p> <p>${error_msg}</p>
...@@ -100,15 +100,13 @@ textarea { ...@@ -100,15 +100,13 @@ textarea {
%> %>
% for cil in logs: % for cil in logs:
<% <%
course_id_string = cil.course_id.to_deprecated_string() if cil.course_id else None
# Appropriate datetime string for current locale and timezone # Appropriate datetime string for current locale and timezone
date = get_time_display(cil.created.replace(tzinfo=UTC), date = get_time_display(cil.created.replace(tzinfo=UTC),
DEFAULT_DATE_TIME_FORMAT, coerce_tz=settings.TIME_ZONE) DEFAULT_DATE_TIME_FORMAT, coerce_tz=settings.TIME_ZONE)
%> %>
<tr> <tr>
<td>${date}</td> <td>${date}</td>
<td><a href="${reverse('gitlogs')}/${course_id_string}">${course_id_string}</a></td> <td><a href="${reverse('gitlogs_detail', kwargs={'course_id': unicode(cil.course_id)})}">${cil.course_id | h}</a></td>
<td>${cil.git_log}</td> <td>${cil.git_log}</td>
</tr> </tr>
%endfor %endfor
......
lms/templates/verify_student/midcourse_photo_reverification.html
...@@ -174,7 +174,7 @@ ...@@ -174,7 +174,7 @@
<li class="wizard-step step-proceed"> <li class="wizard-step step-proceed">
<form id="reverify_form" method="post"> <form id="reverify_form" method="post">
<input type="hidden" name="csrfmiddlewaretoken" value="${ csrf_token }"> <input type="hidden" name="csrfmiddlewaretoken" value="${ csrf_token }">
<input type="hidden" name="course_id" value="${course_id}"> <input type="hidden" name="course_id" value="${course_id | h}">
<input class="action-primary disabled" type="button" id="midcourse_reverify_button" value="${_('Submit photos &amp; re-verify')}" name="payment"> <input class="action-primary disabled" type="button" id="midcourse_reverify_button" value="${_('Submit photos &amp; re-verify')}" name="payment">
</form> </form>
</li> </li>
......
lms/templates/verify_student/verified.html
<%! from django.utils.translation import ugettext as _ %> <%! from django.utils.translation import ugettext as _ %>
<%! from django.core.urlresolvers import reverse %> <%! from django.core.urlresolvers import reverse %>
<%! from django.template.defaultfilters import escapejs %>
<%inherit file="../main.html" /> <%inherit file="../main.html" />
<%namespace name='static' file='/static_content.html'/> <%namespace name='static' file='/static_content.html'/>
...@@ -14,7 +15,7 @@ var submitToPaymentProcessing = function(event) { ...@@ -14,7 +15,7 @@ var submitToPaymentProcessing = function(event) {
var xhr = $.post( var xhr = $.post(
"${create_order_url}", "${create_order_url}",
{ {
"course_id" : "${course_id}", "course_id" : "${course_id | escapejs}",
}, },
function(data) { function(data) {
for (prop in data) { for (prop in data) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment