Skip to content

E
edx-platform
Commit 9af1aa30 by Nimisha Asthagiri
Options

XSS Safe Templates

parent 33327219
Showing with 26 additions and 11 deletions
lms/templates/survey/survey.html
<%page expression_filter="h"/>
<%inherit file="../main.html" />
<%namespace name='static' file='../static_content.html'/>
<%!
......@@ -26,7 +27,7 @@ from django.utils import html
<div class="header-survey">
<h4 class="course-info">
<span class="course-org">${course.display_org_with_default}</span><span class="course-number"> ${course.display_number_with_default}</span>
<span class="course-name">${course.display_name | h}</span>
<span class="course-name">${course.display_name}</span>
</h4>
<h3 class="title">${_("Pre-Course Survey")}</h3>
</div>
......@@ -41,7 +42,7 @@ from django.utils import html
<ul class="message-copy"> </ul>
</div>
${survey_form}
${survey_form | n, unicode}
<div class="form-actions">
<button name="submit" type="submit" id="submit" class="action action-primary action-update">${_('Submit')}</button>
......
lms/templates/tab_module.html
<%page expression_filter="h"/>
<%!
from openedx.core.djangolib.js_utils import (
dump_js_escaped_json, js_escaped_string
)
%>
<div id="tab_${id}" class="tab">
<ul class="navigation"></ul>
</div>
......@@ -5,7 +12,7 @@
<%block name="js_extra">
<script type="text/javascript">
$(function(){
new Tab('${id}', ${items});
new Tab('${id | n, js_escaped_string}', ${items | n, dump_js_escaped_json});
});
</script>
</%block>
lms/templates/themable-footer.html
## mako
<%page expression_filter="h"/>
<%namespace name='static' file='static_content.html'/>
## This file only exists as an additional layer of indirection to preserve
......
lms/templates/tracking_log.html
<%page expression_filter="h"/>
<%! from django.utils.translation import ugettext as _ %>
<html>
......@@ -13,4 +14,4 @@
</tr>
% endfor
</table>
</html>
\ No newline at end of file
</html>
lms/templates/unsubscribe.html
<%page expression_filter="h"/>
<%!
from openedx.core.djangolib.markup import Text, HTML
from django.core.urlresolvers import reverse
from django.utils.translation import ugettext as _
from django.conf import settings
......@@ -14,13 +16,16 @@ from django.conf import settings
<hr class="horizontal-divider">
<p>
${_("You will no longer receive forum notification emails from {platform_name}. "
${Text(
_("You will no longer receive forum notification emails from {platform_name}. "
"You may {dashboard_link_start}return to your dashboard{link_end}. "
"If you did not mean to do this, {undo_link_start}you can re-subscribe{link_end}.").format(
platform_name=settings.PLATFORM_NAME,
dashboard_link_start="<a href='{}'>".format(reverse('dashboard')),
undo_link_start="<a id='resub_link' href='{}'>".format(reverse('resubscribe_forum_update', args=[token])),
link_end="</a>",)}
"If you did not mean to do this, {undo_link_start}you can re-subscribe{link_end}."
)).format(
platform_name=settings.PLATFORM_NAME,
dashboard_link_start=HTML("<a href='{}'>".format(reverse('dashboard'))),
undo_link_start=HTML("<a id='resub_link' href='{}'>".format(reverse('resubscribe_forum_update', args=[token]))),
link_end=HTML("</a>"),
)}
</p>
</section>
</section>
lms/templates/using.html
<%page expression_filter="h"/>
<%! from django.utils.translation import ugettext as _ %>
<h1>${_('Using the system')}</h1>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment