Skip to content

E
edx-platform
Commit 8a85d7e3 by Kevin Falcone
Options

Udpate to secure by default 

Most things were already escaped, including the json.dumps, and we've
decided not to use dump_html_escaped_json
parent 1b1f3952
Showing with 3 additions and 2 deletions
lms/templates/courseware/submission_history.html
<%page expression_filter="h"/>
<% import json %> <% import json %>
<h3>${username | h} > ${course_id | h} > ${location | h}</h3> <h3>${username} > ${course_id} > ${location}</h3>
% for i, (entry, score) in enumerate(zip(history_entries, scores)): % for i, (entry, score) in enumerate(zip(history_entries, scores)):
<hr/> <hr/>
...@@ -7,7 +8,7 @@ ...@@ -7,7 +8,7 @@
<b>#${len(history_entries) - i}</b>: ${entry.updated} (${TIME_ZONE} time)</br> <b>#${len(history_entries) - i}</b>: ${entry.updated} (${TIME_ZONE} time)</br>
Score: ${score.grade} / ${score.max_grade} Score: ${score.grade} / ${score.max_grade}
<pre> <pre>
${json.dumps(entry.state, indent=2, sort_keys=True) | h} ${json.dumps(entry.state, indent=2, sort_keys=True)}
</pre> </pre>
</div> </div>
% endfor % endfor
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment