Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
E
edx-platform
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
edx
edx-platform
Commits
415c0ea6
Commit
415c0ea6
authored
Mar 14, 2016
by
Muzaffar yousaf
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #11802 from edx/mzfr/notes-bug
Properly escape mixed content. text + html.
parents
6fef5697
d43f33db
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
18 additions
and
2 deletions
+18
-2
lms/djangoapps/edxnotes/tests.py
+15
-0
lms/templates/edxnotes/edxnotes.html
+3
-2
No files found.
lms/djangoapps/edxnotes/tests.py
View file @
415c0ea6
...
...
@@ -998,6 +998,21 @@ class EdxNotesViewsTest(ModuleStoreTestCase):
response
=
self
.
client
.
get
(
self
.
notes_page_url
)
self
.
assertContains
(
response
,
'Highlights and notes you've made in course content'
)
# pylint: disable=unused-argument
@patch.dict
(
"django.conf.settings.FEATURES"
,
{
"ENABLE_EDXNOTES"
:
True
})
@patch
(
"edxnotes.views.get_notes"
,
return_value
=
{
'results'
:
[]})
@patch
(
"edxnotes.views.get_course_position"
,
return_value
=
{
'display_name'
:
'Section 1'
,
'url'
:
'test_url'
})
def
test_edxnotes_html_tags_should_not_be_escaped
(
self
,
mock_get_notes
,
mock_position
):
"""
Tests that explicit html tags rendered correctly.
"""
enable_edxnotes_for_the_course
(
self
.
course
,
self
.
user
.
id
)
response
=
self
.
client
.
get
(
self
.
notes_page_url
)
self
.
assertContains
(
response
,
'Get started by making a note in something you just read, like <a href="test_url">Section 1</a>'
)
@patch.dict
(
"django.conf.settings.FEATURES"
,
{
"ENABLE_EDXNOTES"
:
False
})
def
test_edxnotes_view_is_disabled
(
self
):
"""
...
...
lms/templates/edxnotes/edxnotes.html
View file @
415c0ea6
...
...
@@ -5,6 +5,7 @@
<
%!
from
django
.
utils
.
translation
import
ugettext
as
_
from
edxnotes
.
helpers
import
NoteJSONEncoder
from
openedx
.
core
.
djangolib
.
markup
import
Text
,
HTML
from
openedx
.
core
.
djangolib
.
js_utils
import
dump_js_escaped_json
,
js_escaped_string
%
>
...
...
@@ -78,8 +79,8 @@ from openedx.core.djangolib.js_utils import dump_js_escaped_json, js_escaped_str
% if position is not None:
<div
class=
"placeholder-cta student-notes-cta"
>
<p
class=
"placeholder-cta-copy"
>
${
_('Get started by making a note in something you just read, like {section_link}.'
).format(
section_link=
'
<a
href=
"{url}"
>
{section_name}
</a>
'
.format(
<p
class=
"placeholder-cta-copy"
>
${
Text(_('Get started by making a note in something you just read, like {section_link}.')
).format(
section_link=
HTML('
<a
href=
"{url}"
>
{section_name}
</a>
')
.format(
url=position['url'],
section_name=position['display_name'],
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
