Skip to content

E
edx-platform
Commit 6eec5ac4 by Nimisha Asthagiri
Options

XSS Safe Default - dashboard

parent 15e5a7db
Showing with 97 additions and 80 deletions
common/djangoapps/student/tests/tests.py
......@@ -249,11 +249,14 @@ class DashboardTest(ModuleStoreTestCase):
Test that the certificate verification status for courses is visible on the dashboard.
"""
self.client.login(username="jack", password="test")
self._check_verification_status_on('verified', 'You\'re enrolled as a verified student')
self._check_verification_status_on('honor', 'You\'re enrolled as an honor code student')
self._check_verification_status_on('verified', 'You're enrolled as a verified student')
self._check_verification_status_on('honor', 'You're enrolled as an honor code student')
self._check_verification_status_off('audit', '')
self._check_verification_status_on('professional', 'You\'re enrolled as a professional education student')
self._check_verification_status_on('no-id-professional', 'You\'re enrolled as a professional education student')
self._check_verification_status_on('professional', 'You're enrolled as a professional education student')
self._check_verification_status_on(
'no-id-professional',
'You're enrolled as a professional education student',
)
@unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms')
def _check_verification_status_off(self, mode, value):
......
lms/templates/dashboard.html
<%page expression_filter="h"/>
<%inherit file="main.html" />
<%namespace name='static' file='static_content.html'/>
<%!
from django.core.urlresolvers import reverse
from django.utils.translation import ugettext as _
from django.template import RequestContext
import third_party_auth
from third_party_auth import pipeline
from django.core.urlresolvers import reverse
import json
from openedx.core.djangolib.js_utils import dump_js_escaped_json, js_escaped_string
%>
<%
......@@ -39,9 +40,9 @@ import json
<script type="text/javascript">
$(document).ready(function() {
edx.dashboard.legacy.init({
dashboard: "${reverse('dashboard')}",
signInUser: "${reverse('signin_user')}",
changeEmailSettings: "${reverse('change_email_settings')}"
dashboard: "${reverse('dashboard') | n, js_escaped_string}",
signInUser: "${reverse('signin_user') | n, js_escaped_string}",
changeEmailSettings: "${reverse('change_email_settings') | n, js_escaped_string}"
});
});
</script>
......@@ -54,7 +55,7 @@ import json
<%static:require_module module_name="js/views/message_banner" class_name="MessageBannerView">
var banner = new MessageBannerView({urgency: 'low', type: 'warning'});
$('#content').prepend(banner.$el);
banner.showMessage(${json.dumps(redirect_message)})
banner.showMessage(${redirect_message | n, dump_js_escaped_json})
</%static:require_module>
% endif
</%block>
......@@ -117,7 +118,7 @@ import json
<h2>${_("Course-loading errors")}</h2>
% for course_dir, errors in errored_courses.items():
<h3>${course_dir | h}</h3>
<h3>${course_dir}</h3>
<ul>
% for (msg, err) in errors:
<li>${msg}
......
lms/templates/dashboard/_dashboard_course_listing.html
<%page args="course_overview, enrollment, show_courseware_link, cert_status, can_unenroll, credit_status, show_email_settings, course_mode_info, show_refund_option, is_paid_course, is_course_blocked, verification_status, course_requirements, dashboard_index, share_settings, course_program_info" />
<%page args="course_overview, enrollment, show_courseware_link, cert_status, can_unenroll, credit_status, show_email_settings, course_mode_info, show_refund_option, is_paid_course, is_course_blocked, verification_status, course_requirements, dashboard_index, share_settings, course_program_info" expression_filter="h"/>
<%!
import urllib
......@@ -6,9 +6,9 @@ import urllib
from django.utils.translation import ugettext as _
from django.utils.translation import ungettext
from django.core.urlresolvers import reverse
from markupsafe import escape
from course_modes.models import CourseMode
from course_modes.helpers import enrollment_mode_display
from openedx.core.djangolib.markup import Text, HTML
from student.helpers import (
VERIFY_STATUS_NEED_TO_VERIFY,
VERIFY_STATUS_SUBMITTED,
......@@ -63,16 +63,16 @@ from student.helpers import (
% if show_courseware_link:
% if not is_course_blocked:
<a href="${course_target}" data-course-key="${enrollment.course_id}" class="cover">
<img src="${course_overview.image_urls['small']}" class="course-image" alt="${_('{course_number} {course_name} Home Page').format(course_number=course_overview.number, course_name=course_overview.display_name_with_default_escaped) |h}" />
<img src="${course_overview.image_urls['small']}" class="course-image" alt="${_('{course_number} {course_name} Home Page').format(course_number=course_overview.number, course_name=course_overview.display_name_with_default)}" />
</a>
% else:
<a class="fade-cover">
<img src="${course_overview.image_urls['small']}" class="course-image" alt="${_('{course_number} {course_name} Cover Image').format(course_number=course_overview.number, course_name=course_overview.display_name_with_default_escaped) |h}" />
<img src="${course_overview.image_urls['small']}" class="course-image" alt="${_('{course_number} {course_name} Cover Image').format(course_number=course_overview.number, course_name=course_overview.display_name_with_default)}" />
</a>
% endif
% else:
<a class="cover">
<img src="${course_overview.image_urls['small']}" class="course-image" alt="${_('{course_number} {course_name} Cover Image').format(course_number=course_overview.number, course_name=course_overview.display_name_with_default_escaped) | h}" />
<img src="${course_overview.image_urls['small']}" class="course-image" alt="${_('{course_number} {course_name} Cover Image').format(course_number=course_overview.number, course_name=course_overview.display_name_with_default)}" />
</a>
% endif
% if settings.FEATURES.get('ENABLE_VERIFIED_CERTIFICATES') and course_verified_certs.get('display_mode') != 'audit':
......@@ -89,17 +89,17 @@ from student.helpers import (
<h3 class="course-title">
% if show_courseware_link:
% if not is_course_blocked:
<a data-course-key="${enrollment.course_id}" href="${course_target}">${course_overview.display_name_with_default_escaped}</a>
<a data-course-key="${enrollment.course_id}" href="${course_target}">${course_overview.display_name_with_default}</a>
% else:
<a class="disable-look" data-course-key="${enrollment.course_id}">${course_overview.display_name_with_default_escaped}</a>
<a class="disable-look" data-course-key="${enrollment.course_id}">${course_overview.display_name_with_default}</a>
% endif
% else:
<span>${course_overview.display_name_with_default_escaped}</span>
<span>${course_overview.display_name_with_default}</span>
% endif
</h3>
<div class="course-info">
<span class="info-university">${course_overview.display_org_with_default | h} - </span>
<span class="info-course-id">${course_overview.display_number_with_default | h}</span>
<span class="info-university">${course_overview.display_org_with_default} - </span>
<span class="info-course-id">${course_overview.display_number_with_default}</span>
<span class="info-date-block" data-tooltip="Hi">
% if course_overview.has_ended():
${_("Ended - {end_date}").format(end_date=course_overview.end_datetime_text("SHORT_DATE"))}
......@@ -119,15 +119,15 @@ from student.helpers import (
% if show_courseware_link:
% if course_overview.has_ended():
% if not is_course_blocked:
<a href="${course_target}" class="enter-course archived" data-course-key="${enrollment.course_id}">${_('View Archived Course')}<span class="sr">&nbsp;${course_overview.display_name_with_default_escaped}</span></a>
<a href="${course_target}" class="enter-course archived" data-course-key="${enrollment.course_id}">${_('View Archived Course')}<span class="sr">&nbsp;${course_overview.display_name_with_default}</span></a>
% else:
<a class="enter-course-blocked archived" data-course-key="${enrollment.course_id}">${_('View Archived Course')}<span class="sr">&nbsp;${course_overview.display_name_with_default_escaped}</span></a>
<a class="enter-course-blocked archived" data-course-key="${enrollment.course_id}">${_('View Archived Course')}<span class="sr">&nbsp;${course_overview.display_name_with_default}</span></a>
% endif
% else:
% if not is_course_blocked:
<a href="${course_target}" class="enter-course" data-course-key="${enrollment.course_id}">${_('View Course')}<span class="sr">&nbsp;${course_overview.display_name_with_default_escaped}</span></a>
<a href="${course_target}" class="enter-course" data-course-key="${enrollment.course_id}">${_('View Course')}<span class="sr">&nbsp;${course_overview.display_name_with_default}</span></a>
% else:
<a class="enter-course-blocked" data-course-key="${enrollment.course_id}">${_('View Course')}<span class="sr">&nbsp;${course_overview.display_name_with_default_escaped}</span></a>
<a class="enter-course-blocked" data-course-key="${enrollment.course_id}">${_('View Course')}<span class="sr">&nbsp;${course_overview.display_name_with_default}</span></a>
% endif
% endif
......@@ -178,10 +178,10 @@ from student.helpers import (
% endif
% endif
<div class="wrapper-action-more" data-course-key="${enrollment.course_id}">
<button type="button" class="action action-more" id="actions-dropdown-link-${dashboard_index}" aria-haspopup="true" aria-expanded="false" aria-controls="actions-dropdown-${dashboard_index}" data-course-number="${course_overview.number | h}" data-course-name="${course_overview.display_name_with_default_escaped | h}" data-dashboard-index="${dashboard_index}">
<button type="button" class="action action-more" id="actions-dropdown-link-${dashboard_index}" aria-haspopup="true" aria-expanded="false" aria-controls="actions-dropdown-${dashboard_index}" data-course-number="${course_overview.number}" data-course-name="${course_overview.display_name_with_default}" data-dashboard-index="${dashboard_index}">
<span class="sr">${_('Course options for')}</span>
<span class="sr">&nbsp;
${course_overview.display_name_with_default_escaped}
${course_overview.display_name_with_default}
</span>
<i class="fa fa-cog" aria-hidden="true"></i>
</button>
......@@ -191,69 +191,69 @@ from student.helpers import (
<li class="actions-item" id="actions-item-unenroll-${dashboard_index}">
% if is_paid_course and show_refund_option:
% if not is_course_blocked:
<a href="#unenroll-modal" class="action action-unenroll" rel="leanModal" data-course-id="${course_overview.id | h}" data-course-number="${course_overview.number | h}" data-course-name="${course_overview.display_name_with_default_escaped | h}" data-dashboard-index="${dashboard_index}"
data-track-info="${_("Are you sure you want to unenroll from the purchased course %(course_name)s (%(course_number)s)?") | h}"
data-refund-info="${_("You will be refunded the amount you paid.") | h}">
<a href="#unenroll-modal" class="action action-unenroll" rel="leanModal" data-course-id="${course_overview.id}" data-course-number="${course_overview.number}" data-course-name="${course_overview.display_name_with_default}" data-dashboard-index="${dashboard_index}"
data-track-info="${_("Are you sure you want to unenroll from the purchased course %(course_name)s (%(course_number)s)?")}"
data-refund-info="${_("You will be refunded the amount you paid.")}">
${_('Unenroll')}
</a>
% else:
<a class="action action-unenroll is-disabled" data-course-id="${course_overview.id | h}" data-course-number="${course_overview.number | h}" data-course-name="${course_overview.display_name_with_default_escaped | h}" data-dashboard-index="${dashboard_index}"
data-track-info="${_("Are you sure you want to unenroll from the purchased course %(course_name)s (%(course_number)s)?") | h}"
data-refund-info="${_("You will be refunded the amount you paid.") | h}">
<a class="action action-unenroll is-disabled" data-course-id="${course_overview.id}" data-course-number="${course_overview.number}" data-course-name="${course_overview.display_name_with_default}" data-dashboard-index="${dashboard_index}"
data-track-info="${_("Are you sure you want to unenroll from the purchased course %(course_name)s (%(course_number)s)?")}"
data-refund-info="${_("You will be refunded the amount you paid.")}">
${_('Unenroll')}
</a>
% endif
% elif is_paid_course and not show_refund_option:
% if not is_course_blocked:
<a href="#unenroll-modal" class="action action-unenroll" rel="leanModal" data-course-id="${course_overview.id | h}" data-course-number="${course_overview.number | h}" data-course-name="${course_overview.display_name_with_default_escaped | h}" data-dashboard-index="${dashboard_index}"
data-track-info="${_("Are you sure you want to unenroll from the purchased course %(course_name)s (%(course_number)s)?") | h}"
data-refund-info="${_("You will not be refunded the amount you paid.") | h}">
<a href="#unenroll-modal" class="action action-unenroll" rel="leanModal" data-course-id="${course_overview.id}" data-course-number="${course_overview.number}" data-course-name="${course_overview.display_name_with_default}" data-dashboard-index="${dashboard_index}"
data-track-info="${_("Are you sure you want to unenroll from the purchased course %(course_name)s (%(course_number)s)?")}"
data-refund-info="${_("You will not be refunded the amount you paid.")}">
${_('Unenroll')}
</a>
% else:
<a class="action action-unenroll is-disabled" data-course-id="${course_overview.id | h}" data-course-number="${course_overview.number | h}" data-course-name="${course_overview.display_name_with_default_escaped | h}" data-dashboard-index="${dashboard_index}"
data-track-info="${_("Are you sure you want to unenroll from the purchased course %(course_name)s (%(course_number)s)?") | h}"
data-refund-info="${_("You will not be refunded the amount you paid.") | h}">
<a class="action action-unenroll is-disabled" data-course-id="${course_overview.id}" data-course-number="${course_overview.number}" data-course-name="${course_overview.display_name_with_default}" data-dashboard-index="${dashboard_index}"
data-track-info="${_("Are you sure you want to unenroll from the purchased course %(course_name)s (%(course_number)s)?")}"
data-refund-info="${_("You will not be refunded the amount you paid.")}">
${_('Unenroll')}
</a>
% endif
% elif enrollment.mode != "verified":
% if not is_course_blocked:
<a href="#unenroll-modal" class="action action-unenroll" rel="leanModal" data-course-id="${course_overview.id | h}" data-course-number="${course_overview.number | h}" data-course-name="${course_overview.display_name_with_default_escaped | h}" data-dashboard-index="${dashboard_index}"
data-track-info="${_("Are you sure you want to unenroll from %(course_name)s (%(course_number)s)?") | h}">
<a href="#unenroll-modal" class="action action-unenroll" rel="leanModal" data-course-id="${course_overview.id}" data-course-number="${course_overview.number}" data-course-name="${course_overview.display_name_with_default}" data-dashboard-index="${dashboard_index}"
data-track-info="${_("Are you sure you want to unenroll from %(course_name)s (%(course_number)s)?")}">
${_('Unenroll')}
</a>
% else:
<a class="action action-unenroll is-disabled" data-course-id="${course_overview.id | h}" data-course-number="${course_overview.number | h}" data-course-name="${course_overview.display_name_with_default_escaped | h}" data-dashboard-index="${dashboard_index}"
data-track-info="${_("Are you sure you want to unenroll from %(course_name)s (%(course_number)s)?") | h}">
<a class="action action-unenroll is-disabled" data-course-id="${course_overview.id}" data-course-number="${course_overview.number}" data-course-name="${course_overview.display_name_with_default}" data-dashboard-index="${dashboard_index}"
data-track-info="${_("Are you sure you want to unenroll from %(course_name)s (%(course_number)s)?")}">
${_('Unenroll')}
</a>
% endif
% elif show_refund_option:
% if not is_course_blocked:
<a href="#unenroll-modal" class="action action-unenroll" rel="leanModal" data-course-id="${course_overview.id | h}" data-course-number="${course_overview.number | h}" data-course-name="${course_overview.display_name_with_default_escaped | h}" data-dashboard-index="${dashboard_index}" data-cert-name-long="${cert_name_long | h}"
data-track-info="${_("Are you sure you want to unenroll from the verified %(cert_name_long)s track of %(course_name)s (%(course_number)s)?") | h}"
data-refund-info="${_("You will be refunded the amount you paid.") | h}">
<a href="#unenroll-modal" class="action action-unenroll" rel="leanModal" data-course-id="${course_overview.id}" data-course-number="${course_overview.number}" data-course-name="${course_overview.display_name_with_default}" data-dashboard-index="${dashboard_index}" data-cert-name-long="${cert_name_long}"
data-track-info="${_("Are you sure you want to unenroll from the verified %(cert_name_long)s track of %(course_name)s (%(course_number)s)?")}"
data-refund-info="${_("You will be refunded the amount you paid.")}">
${_('Unenroll')}
</a>
% else:
<a class="action action-unenroll is-disabled" data-course-id="${course_overview.id | h}" data-course-number="${course_overview.number | h}" data-course-name="${course_overview.display_name_with_default_escaped | h}" data-dashboard-index="${dashboard_index}" data-cert-name-long="${cert_name_long | h}"
data-track-info="${_("Are you sure you want to unenroll from the verified %(cert_name_long)s track of %(course_name)s (%(course_number)s)?") | h}"
data-refund-info="${_("You will be refunded the amount you paid.") | h}">
<a class="action action-unenroll is-disabled" data-course-id="${course_overview.id}" data-course-number="${course_overview.number}" data-course-name="${course_overview.display_name_with_default}" data-dashboard-index="${dashboard_index}" data-cert-name-long="${cert_name_long}"
data-track-info="${_("Are you sure you want to unenroll from the verified %(cert_name_long)s track of %(course_name)s (%(course_number)s)?")}"
data-refund-info="${_("You will be refunded the amount you paid.")}">
${_('Unenroll')}
</a>
% endif
% else:
% if not is_course_blocked:
<a href="#unenroll-modal" class="action action-unenroll" rel="leanModal" data-course-id="${course_overview.id | h}" data-course-number="${course_overview.number | h}" data-course-name="${course_overview.display_name_with_default_escaped | h}" data-dashboard-index="${dashboard_index}" data-cert-name-long="${cert_name_long | h}"
data-track-info="${_("Are you sure you want to unenroll from the verified %(cert_name_long)s track of %(course_name)s (%(course_number)s)?") | h}"
data-refund-info="${_("The refund deadline for this course has passed, so you will not receive a refund.") | h}">
<a href="#unenroll-modal" class="action action-unenroll" rel="leanModal" data-course-id="${course_overview.id}" data-course-number="${course_overview.number}" data-course-name="${course_overview.display_name_with_default}" data-dashboard-index="${dashboard_index}" data-cert-name-long="${cert_name_long}"
data-track-info="${_("Are you sure you want to unenroll from the verified %(cert_name_long)s track of %(course_name)s (%(course_number)s)?")}"
data-refund-info="${_("The refund deadline for this course has passed, so you will not receive a refund.")}">
${_('Unenroll')}
</a>
% else:
<a class="action action-unenroll is-disabled" data-course-id="${course_overview.id | h}" data-course-number="${course_overview.number | h}" data-course-name="${course_overview.display_name_with_default_escaped | h}" data-dashboard-index="${dashboard_index}" data-cert-name-long="${cert_name_long | h}"
data-track-info="${_("Are you sure you want to unenroll from the verified %(cert_name_long)s track of %(course_name)s (%(course_number)s)?") | h}"
data-refund-info="${_("The refund deadline for this course has passed, so you will not receive a refund.") | h}">
<a class="action action-unenroll is-disabled" data-course-id="${course_overview.id}" data-course-number="${course_overview.number}" data-course-name="${course_overview.display_name_with_default}" data-dashboard-index="${dashboard_index}" data-cert-name-long="${cert_name_long}"
data-track-info="${_("Are you sure you want to unenroll from the verified %(cert_name_long)s track of %(course_name)s (%(course_number)s)?")}"
data-refund-info="${_("The refund deadline for this course has passed, so you will not receive a refund.")}">
${_('Unenroll')}
</a>
% endif
......@@ -263,9 +263,9 @@ from student.helpers import (
<li class="actions-item" id="actions-item-email-settings-${dashboard_index}">
% if show_email_settings:
% if not is_course_blocked:
<a href="#email-settings-modal" class="action action-email-settings" rel="leanModal" data-course-id="${course_overview.id | h}" data-course-number="${course_overview.number | h}" data-dashboard-index="${dashboard_index}" data-optout="${unicode(course_overview.id) in course_optouts}">${_('Email Settings')}</a>
<a href="#email-settings-modal" class="action action-email-settings" rel="leanModal" data-course-id="${course_overview.id}" data-course-number="${course_overview.number}" data-dashboard-index="${dashboard_index}" data-optout="${unicode(course_overview.id) in course_optouts}">${_('Email Settings')}</a>
% else:
<a class="action action-email-settings is-disabled" data-course-id="${course_overview.id| h}" data-course-number="${course_overview.number | h}" data-dashboard-index="${dashboard_index}" data-optout="${unicode(course_overview.id) in course_optouts}">${_('Email Settings')}</a>
<a class="action action-email-settings is-disabled" data-course-id="${course_overview.id}" data-course-number="${course_overview.number}" data-dashboard-index="${dashboard_index}" data-optout="${unicode(course_overview.id) in course_optouts}">${_('Email Settings')}</a>
% endif
% endif
</li>
......@@ -303,7 +303,7 @@ from student.helpers import (
% endif
</div>
<div class="verification-cta">
<a href="${reverse('verify_student_verify_now', kwargs={'course_id': unicode(course_overview.id)})}" class="cta" data-course-id="${course_overview.id | h}">${_('Verify Now')}</a>
<a href="${reverse('verify_student_verify_now', kwargs={'course_id': unicode(course_overview.id)})}" class="cta" data-course-id="${course_overview.id}">${_('Verify Now')}</a>
</div>
% elif verification_status['status'] == VERIFY_STATUS_SUBMITTED:
<h4 class="message-title">${_('You have already verified your ID!')}</h4>
......@@ -317,7 +317,7 @@ from student.helpers import (
<h4 class="message-title">${_('Your verification will expire soon!')}</h4>
## Translators: start_link and end_link will be replaced with HTML tags;
## please do not translate these.
<p class="message-copy">${_('Your current verification will expire before the verification deadline for this course. {start_link}Re-verify your identity now{end_link} using a webcam and a government-issued ID.').format(start_link='<a href="{href}">'.format(href=reverse('verify_student_reverify')), end_link='</a>')}</p>
<p class="message-copy">${Text(_('Your current verification will expire before the verification deadline for this course. {start_link}Re-verify your identity now{end_link} using a webcam and a government-issued ID.')).format(start_link=HTML('<a href="{href}">'.format(href=reverse('verify_student_reverify'))), end_link=HTML('</a>'))}</p>
% endif
</div>
% endif
......@@ -330,13 +330,23 @@ from student.helpers import (
<b class="message-copy-bold">
${_("Pursue a {cert_name_long} to highlight the knowledge and skills you gain in this course.").format(cert_name_long=cert_name_long)}
</b><br>
${_("It's official. It's easily shareable. It's a proven motivator to complete the course. <br>{link_start}Learn more about the verified {cert_name_long}{link_end}.").format(link_start='<a href="{}" class="verified-info" data-course-key="{}">'.format(marketing_link('WHAT_IS_VERIFIED_CERT'), enrollment.course_id), link_end="</a>", cert_name_long=cert_name_long)}
${Text(_("It's official. It's easily shareable. "
"It's a proven motivator to complete the course. {line_break}"
"{link_start}Learn more about the verified {cert_name_long}{link_end}.")).format(
line_break=HTML('<br>'),
link_start=HTML('<a href="{}" class="verified-info" data-course-key="{}">'.format(
marketing_link('WHAT_IS_VERIFIED_CERT'),
enrollment.course_id
)),
link_end=HTML('</a>'),
cert_name_long=cert_name_long
)}
</p>
<div class="action-upgrade-container">
% if use_ecommerce_payment_flow and course_mode_info['verified_sku']:
<a class="action action-upgrade" href="${ecommerce_payment_page}?sku=${course_mode_info['verified_sku']}">
% else:
<a class="action action-upgrade" href="${reverse('verify_student_upgrade_and_verify', kwargs={'course_id': unicode(course_overview.id)})}" data-course-id="${course_overview.id | h}" data-user="${user.username | h}">
<a class="action action-upgrade" href="${reverse('verify_student_upgrade_and_verify', kwargs={'course_id': unicode(course_overview.id)})}" data-course-id="${course_overview.id}" data-user="${user.username}">
% endif
<i class="action-upgrade-icon"></i>
<span class="wrapper-copy">
......@@ -356,23 +366,23 @@ from student.helpers import (
% if is_course_blocked:
<p id="block-course-msg" class="course-block">
${_("You can no longer access this course because payment has not yet been received. "
${Text(_("You can no longer access this course because payment has not yet been received. "
"You can {contact_link_start}contact the account holder{contact_link_end} "
"to request payment, or you can "
"{unenroll_link_start}unenroll{unenroll_link_end} "
"from this course").format(
contact_link_start='<a href="#">',
contact_link_end='</a>',
unenroll_link_start=(
"from this course")).format(
contact_link_start=HTML('<a href="#">'),
contact_link_end=HTML('</a>'),
unenroll_link_start=HTML(
'<a id="unregister_block_course" rel="leanModal" '
'data-course-id="{course_id}" data-course-number="{course_number}" data-course-name="{course_name}" '
'href="#unenroll-modal">'.format(
course_id=escape(course_overview.id),
course_number=escape(course_overview.number),
course_name=escape(course_overview.display_name_with_default_escaped),
)
'href="#unenroll-modal">'
).format(
course_id=course_overview.id,
course_number=course_overview.number,
course_name=course_overview.display_name_with_default,
),
unenroll_link_end="</a>",
unenroll_link_end=HTML('</a>'),
)}
</p>
%endif
......@@ -383,9 +393,9 @@ from student.helpers import (
<% prc_target = reverse('about_course', args=[unicode(course_requirements['courses'][0]['key'])]) %>
<li class="prerequisites">
<p class="tip">
${_("You must successfully complete {link_start}{prc_display}{link_end} before you begin this course.").format(
link_start='<a href="{}">'.format(prc_target),
link_end='</a>',
${Text(_("You must successfully complete {link_start}{prc_display}{link_end} before you begin this course.")).format(
link_start=HTML('<a href="{}">'.format(prc_target)),
link_end=HTML('</a>'),
prc_display=course_requirements['courses'][0]['display'],
)}
</p>
......
lms/templates/dashboard/_dashboard_status_verification.html
<%page expression_filter="h"/>
<%namespace name='static' file='../static_content.html'/>
<%!
from django.utils.translation import ugettext as _
......
themes/edx.org/lms/templates/dashboard.html
<%page expression_filter="h"/>
<%inherit file="main.html" />
<%namespace name='static' file='static_content.html'/>
<%!
......@@ -8,6 +9,7 @@ from third_party_auth import pipeline
from microsite_configuration import microsite
from django.core.urlresolvers import reverse
import json
from openedx.core.djangolib.js_utils import dump_js_escaped_json, js_escaped_string
%>
<%
......@@ -40,9 +42,9 @@ import json
<script type="text/javascript">
$(document).ready(function() {
edx.dashboard.legacy.init({
dashboard: "${reverse('dashboard')}",
signInUser: "${reverse('signin_user')}",
changeEmailSettings: "${reverse('change_email_settings')}"
dashboard: "${reverse('dashboard') | n, js_escaped_string}",
signInUser: "${reverse('signin_user') | n, js_escaped_string}",
changeEmailSettings: "${reverse('change_email_settings') | n, js_escaped_string}"
});
});
</script>
......@@ -55,7 +57,7 @@ import json
<%static:require_module module_name="js/views/message_banner" class_name="MessageBannerView">
var banner = new MessageBannerView({urgency: 'low', type: 'warning'});
$('#content').prepend(banner.$el);
banner.showMessage(${json.dumps(redirect_message)})
banner.showMessage(${redirect_message | n, dump_js_escaped_json})
</%static:require_module>
% endif
</%block>
......@@ -118,7 +120,7 @@ import json
<h2>${_("Course-loading errors")}</h2>
% for course_dir, errors in errored_courses.items():
<h3>${course_dir | h}</h3>
<h3>${course_dir}</h3>
<ul>
% for (msg, err) in errors:
<li>${msg}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment