Commit fde370bd by Vik Paruchuri

Fix notification issue, sanitize input html

parent a5daf1f3
...@@ -554,7 +554,7 @@ class OpenEndedModule(openendedchild.OpenEndedChild): ...@@ -554,7 +554,7 @@ class OpenEndedModule(openendedchild.OpenEndedChild):
# add new history element with answer and empty score and hint. # add new history element with answer and empty score and hint.
self.new_history_entry(get['student_answer']) self.new_history_entry(get['student_answer'])
get['student_answer'] = self.sanitize_html(get['student_answer']) get['student_answer'] = OpenEndedModule.sanitize_html(get['student_answer'])
self.send_to_grader(get['student_answer'], system) self.send_to_grader(get['student_answer'], system)
self.change_state(self.ASSESSING) self.change_state(self.ASSESSING)
......
...@@ -131,7 +131,8 @@ class OpenEndedChild(object): ...@@ -131,7 +131,8 @@ class OpenEndedChild(object):
return "" return ""
return self.history[-1].get('post_assessment', "") return self.history[-1].get('post_assessment', "")
def sanitize_html(self, answer): @staticmethod
def sanitize_html(answer):
cleaner = Cleaner(style=True, links=True, add_nofollow=True, page_structure=True, safe_attrs_only=True) cleaner = Cleaner(style=True, links=True, add_nofollow=True, page_structure=True, safe_attrs_only=True)
clean_html = cleaner.clean_html(answer) clean_html = cleaner.clean_html(answer)
return clean_html return clean_html
...@@ -142,7 +143,7 @@ class OpenEndedChild(object): ...@@ -142,7 +143,7 @@ class OpenEndedChild(object):
@param answer: The student supplied answer @param answer: The student supplied answer
@return: None @return: None
""" """
answer = self.sanitize_html(answer) answer = OpenEndedChild.sanitize_html(answer)
self.history.append({'answer': answer}) self.history.append({'answer': answer})
def record_latest_score(self, score): def record_latest_score(self, score):
......
...@@ -133,7 +133,7 @@ def _peer_grading(tab, user, course, active_page): ...@@ -133,7 +133,7 @@ def _peer_grading(tab, user, course, active_page):
return [] return []
def _combined_open_ended_grading(tab, user, course, active_page): def _combined_open_ended_grading(tab, user, course, active_page):
if user.is_authenticated: if user.is_authenticated():
link = reverse('open_ended_notifications', args=[course.id]) link = reverse('open_ended_notifications', args=[course.id])
tab_name = "Open Ended Panel" tab_name = "Open Ended Panel"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment