Skip to content

E
edx-platform
Commit fb83cd71 by attiyaIshaque
Options

Merge pull request #12051 from edx/attiya/safe-templates 

Safe Templates
parents 74346430 002ad84d
Showing with 12 additions and 10 deletions
cms/templates/edit-tabs.html
<%page expression_filter="h"/>
<%inherit file="base.html" /> <%inherit file="base.html" />
<%def name="online_help_token()"><% return "pages" %></%def> <%def name="online_help_token()"><% return "pages" %></%def>
<%namespace name='static' file='static_content.html'/> <%namespace name='static' file='static_content.html'/>
...@@ -5,7 +6,7 @@ ...@@ -5,7 +6,7 @@
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse
from xmodule.tabs import StaticTab from xmodule.tabs import StaticTab
from django.template.defaultfilters import escapejs from openedx.core.djangolib.js_utils import js_escaped_string
%> %>
<%block name="title">${_("Pages")}</%block> <%block name="title">${_("Pages")}</%block>
<%block name="bodyclass">is-signedin course view-static-pages</%block> <%block name="bodyclass">is-signedin course view-static-pages</%block>
...@@ -20,7 +21,7 @@ ...@@ -20,7 +21,7 @@
<%block name="requirejs"> <%block name="requirejs">
require(["js/factories/edit_tabs"], function (EditTabsFactory) { require(["js/factories/edit_tabs"], function (EditTabsFactory) {
EditTabsFactory("${context_course.location | escapejs}", "${reverse('contentstore.views.tabs_handler', kwargs={'course_key_string': context_course.id})}"); EditTabsFactory("${context_course.location | n, js_escaped_string}", "${reverse('contentstore.views.tabs_handler', kwargs={'course_key_string': context_course.id})}");
}); });
</%block> </%block>
...@@ -30,7 +31,7 @@ ...@@ -30,7 +31,7 @@
<h1 class="page-header"> <h1 class="page-header">
<small class="subtitle">${_("Content")}</small> <small class="subtitle">${_("Content")}</small>
## Translators: Pages refer to the tabs that appear in the top navigation of each course. ## Translators: Pages refer to the tabs that appear in the top navigation of each course.
<span class="sr">&gt; </span>${_("Pages")} <span class="sr"> > </span>${_("Pages")}
</h1> </h1>
<nav class="nav-actions" aria-label="${_('Page Actions')}"> <nav class="nav-actions" aria-label="${_('Page Actions')}">
...@@ -72,7 +73,7 @@ ...@@ -72,7 +73,7 @@
%> %>
% if isinstance(tab, StaticTab): % if isinstance(tab, StaticTab):
<li class="component ${css_class}" data-locator="${tab.locator | h}" data-tab-id="${tab.tab_id | h}"></li> <li class="component ${css_class}" data-locator="${tab.locator}" data-tab-id="${tab.tab_id}"></li>
% else: % else:
<li class="course-nav-item ${css_class}" data-tab-id="${tab.tab_id}"> <li class="course-nav-item ${css_class}" data-tab-id="${tab.tab_id}">
......
cms/templates/error.html
<%page expression_filter="h"/>
<%inherit file="base.html" /> <%inherit file="base.html" />
<%! <%!
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
...@@ -22,17 +23,17 @@ help_link_end = '</a>' ...@@ -22,17 +23,17 @@ help_link_end = '</a>'
<article class="error-prompt"> <article class="error-prompt">
% if error == '404': % if error == '404':
<h1>${_("The Page You Requested Page Cannot be Found")}</h1> <h1>${_("The Page You Requested Page Cannot be Found")}</h1>
<p class="description">${_("We're sorry. We couldn't find the {studio_name} page you're looking for. You may want to return to the {studio_name} Dashboard and try again. If you are still having problems accessing things, please feel free to {link_start}contact {studio_name} support{link_end} for further help.").format( <p class="description">${Text(_("We're sorry. We couldn't find the {studio_name} page you're looking for. You may want to return to the {studio_name} Dashboard and try again. If you are still having problems accessing things, please feel free to {link_start}contact {studio_name} support{link_end} for further help.")).format(
studio_name=settings.STUDIO_SHORT_NAME, studio_name=settings.STUDIO_SHORT_NAME,
link_start=help_link_start, link_start=HTML(help_link_start),
link_end=help_link_end, link_end=HTML(help_link_end),
)}</p> )}</p>
% elif error == '500': % elif error == '500':
<h1>${_("The Server Encountered an Error")}</h1> <h1>${_("The Server Encountered an Error")}</h1>
<p class="description">${_("We're sorry. There was a problem with the server while trying to process your last request. You may want to return to the {studio_name} Dashboard or try this request again. If you are still having problems accessing things, please feel free to {link_start}contact {studio_name} support{link_end} for further help.").format( <p class="description">${Text(_("We're sorry. There was a problem with the server while trying to process your last request. You may want to return to the {studio_name} Dashboard or try this request again. If you are still having problems accessing things, please feel free to {link_start}contact {studio_name} support{link_end} for further help.")).format(
studio_name=settings.STUDIO_SHORT_NAME, studio_name=settings.STUDIO_SHORT_NAME,
link_start=help_link_start, link_start=HTML(help_link_start),
link_end=help_link_end, link_end=HTML(help_link_end),
)}</p> )}</p>
% endif % endif
<a href="/" class="back-button">${_("Back to dashboard")}</a> <a href="/" class="back-button">${_("Back to dashboard")}</a>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment