Merge pull request #3030 from edx/jrbl/fix_ncp101

certs: /request_cert: add_cert() strips HTML

lms/djangoapps/certificates/queue.py

@@ -15,6 +15,8 @@ from verify_student.models import SoftwareSecurePhotoVerification
 import json
 import random
 import logging
+import lxml
+from lxml.etree import XMLSyntaxError, ParserError
 from xmodule.modulestore import Location
 
 
@@ -205,8 +207,15 @@ class XQueueCertInterface(object):
             cert.grade = grade['percent']
             cert.course_id = course_id
             cert.name = profile_name
+            # Strip HTML from grade range label
+            grade_text = grade.get('grade', None)
+            try:
+                grade_text = lxml.html.fromstring(grade_text).text_content()
+            except (TypeError, XMLSyntaxError, ParserError) as e:
+                # Despite blowing up the xml parser, bad values here are fine
+                grade_text = None
 
-            if is_whitelisted or grade['grade'] is not None:
+            if is_whitelisted or grade_text is not None:
 
                 # check to see whether the student is on the
                 # the embargoed country restricted list
@@ -221,11 +230,11 @@ class XQueueCertInterface(object):
                     key = make_hashkey(random.random())
                     cert.key = key
                     contents = {
-                        'action':       'create',
-                        'username':     student.username,
-                        'course_id':    course_id,
-                        'name':         profile_name,
-                        'grade':        grade['grade'],
+                        'action': 'create',
+                        'username': student.username,
+                        'course_id': course_id,
+                        'name': profile_name,
+                        'grade': grade_text,
                         'template_pdf': template_pdf,
                         'designation':  profile_title,
                     }