certs: /request_cert: add_cert() strips HTML

* HTML in the grade range label was getting passed through to the certificate agent via xqueue. This strips HTML before passing labels through. This change is being rolled into my PR to master for the /request_cert endpoint feature.

certs: /request_cert: add_cert() strips HTML
* HTML in the grade range label was getting passed through to the certificate agent via xqueue. This strips HTML before passing labels through. This change is being rolled into my PR to master for the /request_cert endpoint feature.
eb24a226 · Joe Blaylock · c630a319 · eb24a226
Commit eb24a226 authored Mar 21, 2014 by Joe Blaylock
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 6 deletions

lms/djangoapps/certificates/queue.py
+15 -6

No files found.
--- a/lms/djangoapps/certificates/queue.py
+++ b/lms/djangoapps/certificates/queue.py
@@ -15,6 +15,8 @@ from verify_student.models import SoftwareSecurePhotoVerification
 import json
 import random
 import logging
+import lxml
+from lxml.etree import XMLSyntaxError, ParserError
 from xmodule.modulestore import Location


@@ -205,8 +207,15 @@ class XQueueCertInterface(object):
            cert.grade = grade['percent']
            cert.course_id = course_id
            cert.name = profile_name
+            # Strip HTML from grade range label
+            grade_text = grade.get('grade', None)
+            try:
+                grade_text = lxml.html.fromstring(grade_text).text_content()
+            except (TypeError, XMLSyntaxError, ParserError) as e:
+                # Despite blowing up the xml parser, bad values here are fine
+                grade_text = None

-            if is_whitelisted or grade['grade'] is not None:
+            if is_whitelisted or grade_text is not None:

                # check to see whether the student is on the
                # the embargoed country restricted list
@@ -221,11 +230,11 @@ class XQueueCertInterface(object):
                    key = make_hashkey(random.random())
                    cert.key = key
                    contents = {
-                        'action':       'create',
-                        'username':     student.username,
-                        'course_id':    course_id,
-                        'name':         profile_name,
-                        'grade':        grade['grade'],
+                        'action': 'create',
+                        'username': student.username,
+                        'course_id': course_id,
+                        'name': profile_name,
+                        'grade': grade_text,
                        'template_pdf': template_pdf,
                        'designation':  profile_title,
                    }