Fix actual safe template violations

47bc8e65 · Brian Jacobel · 7c7ab815 · 47bc8e65 · 47bc8e65
Commit 47bc8e65 authored May 31, 2016 by Brian Jacobel
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 8 deletions

common/templates/edxnotes_wrapper.html
+10 -4

lms/templates/instructor/instructor_dashboard_2/certificates.html
+5 -4

No files found.
--- a/common/templates/edxnotes_wrapper.html
+++ b/common/templates/edxnotes_wrapper.html
+<%namespace name='static' file='/static_content.html'/>
+<%page expression_filter="h"/>
 <%!
 import json
 from django.utils.translation import ugettext as _
 from student.models import anonymous_id_for_user
+from openedx.core.djangolib.js_utils import js_escaped_string, dump_js_escaped_json
 %>
-<%namespace name='static' file='/static_content.html'/>
 <%
    if user:
        params.update({'user': anonymous_id_for_user(user, None)})
 %>
 <div id="edx-notes-wrapper-${uid}" class="edx-notes-wrapper">
-    <div class="edx-notes-wrapper-content">${content}</div>
+    <div class="edx-notes-wrapper-content">${content | n, decode.utf8 }</div>
 </div>
 <%static:require_module_async module_name="js/edxnotes/views/notes_visibility_factory" class_name="NotesVisibilityFactory">
-    var element = document.getElementById('edx-notes-wrapper-${uid}');
+    var element = document.getElementById('edx-notes-wrapper-${uid | n, js_escaped_string}');
-    NotesVisibilityFactory.VisibilityDecorator.factory(element, ${json.dumps(params)}, ${edxnotes_visibility});
+    NotesVisibilityFactory.VisibilityDecorator.factory(element, ${params | n, dump_js_escaped_json}, ${edxnotes_visibility | n, decode.utf8});
 </%static:require_module_async>
--- a/lms/templates/instructor/instructor_dashboard_2/certificates.html
+++ b/lms/templates/instructor/instructor_dashboard_2/certificates.html
@@ -4,14 +4,15 @@
 <%!
 from django.utils.translation import ugettext as _
 from openedx.core.djangolib.js_utils import dump_js_escaped_json, js_escaped_string
+from openedx.core.djangolib.markup import HTML
 %>
 <%static:require_module_async module_name="js/certificates/factories/certificate_whitelist_factory" class_name="CertificateWhitelistFactory">
-        CertificateWhitelistFactory(${certificate_white_list | n, dump_js_escaped_json}, '${generate_certificate_exceptions_url | n, js_escaped_string}', '${certificate_exception_view_url | n, js_escaped_string}', '${generate_bulk_certificate_exceptions_url | n, js_escaped_string}', ${bool(section_data['active_certificate']) | n, dump_js_escaped_json});
+    CertificateWhitelistFactory(${certificate_white_list | n, dump_js_escaped_json}, '${generate_certificate_exceptions_url | n, js_escaped_string}', '${certificate_exception_view_url | n, js_escaped_string}', '${generate_bulk_certificate_exceptions_url | n, js_escaped_string}', ${bool(section_data['active_certificate']) | n, dump_js_escaped_json});
 </%static:require_module_async>
 <%static:require_module_async module_name="js/certificates/factories/certificate_invalidation_factory" class_name="CertificateInvalidationFactory">
-        CertificateInvalidationFactory('${certificate_invalidations | n, dump_js_escaped_json}', '${certificate_invalidation_view_url | n, js_escaped_string}');
+    CertificateInvalidationFactory('${certificate_invalidations | n, dump_js_escaped_json}', '${certificate_invalidation_view_url | n, js_escaped_string}');
 </%static:require_module_async>
 <div class="certificates-wrapper">
@@ -85,7 +86,7 @@ from openedx.core.djangolib.js_utils import dump_js_escaped_json, js_escaped_str
                    <input type="button" id="disabled-btn-start-generating-certificates" class="is-disabled" aria-disabled="true" value="${_('Generate Certificates')}"/>
                % else:
                    <p class="under-heading">
-                        ${_("When you are ready to generate certificates for your course, click Generate Certificates. You do not need to do this<br/>if you have set the certificate mode to on-demand generation.")}
+                        ${HTML(_("When you are ready to generate certificates for your course, click Generate Certificates. You do not need to do this<br/>if you have set the certificate mode to on-demand generation."))}
                    </p>
                    <input type="button" class="btn-blue" id="btn-start-generating-certificates" value="${_('Generate Certificates')}" data-endpoint="${section_data['urls']['start_certificate_generation']}"/>
                %endif
@@ -112,7 +113,7 @@ from openedx.core.djangolib.js_utils import dump_js_escaped_json, js_escaped_str
        <h2>${_("Regenerate Certificates")}</h2>
        <form id="certificate-regenerating-form" method="post" action="${section_data['urls']['start_certificate_regeneration']}">
            <p class="under-heading">
-                ${_('To regenerate certificates for your course, choose the learners who will receive regenerated certificates and click <br/> Regenerate Certificates.')}
+                ${HTML(_('To regenerate certificates for your course, choose the learners who will receive regenerated certificates and click <br/> Regenerate Certificates.'))}
            </p>
                <label style="display: inline" for="certificate_status_${section_data['status'].downloadable}">