From 48e2299e47dfedc578e9349d9d7b85cde1fac62c Mon Sep 17 00:00:00 2001 From: Daniel Friedman Date: Wed, 23 Mar 2016 11:21:50 -0400 Subject: [PATCH] Make CMS activation_invalid template safe by default --- cms/templates/activation_invalid.html | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/cms/templates/activation_invalid.html b/cms/templates/activation_invalid.html index fd9e5a9e5f..bdb135ee3b 100644 --- a/cms/templates/activation_invalid.html +++ b/cms/templates/activation_invalid.html @@ -1,10 +1,18 @@ -<%! from django.utils.translation import ugettext as _ %> +<%! +from openedx.core.djangolib.markup import HTML, Text +from django.utils.translation import ugettext as _ +%> +<%page expression_filter="h"/> <%inherit file="base.html" /> <%block name="content">
-

${_("{studio_name} Account Activation").format(studio_name=settings.STUDIO_SHORT_NAME)}

+

+ ${_("{studio_name} Account Activation").format( + studio_name=Text(settings.STUDIO_SHORT_NAME) + )} +

@@ -18,10 +26,14 @@

${_("Your account activation is invalid")}

${_("We're sorry. Something went wrong with your activation. Check to make sure the URL you went to was correct, as e-mail programs will sometimes split it into two lines.")}

-

${_("If you still have issues, contact {platform_name} Support. In the meantime, you can also return to {link_start}the {studio_name} homepage.{link_end}").format( - platform_name=settings.PLATFORM_NAME, studio_name=settings.STUDIO_NAME, - link_start='', link_end="" - )}

+

+ ${_("If you still have issues, contact {platform_name} Support. In the meantime, you can also return to {link_start}the {studio_name} homepage.{link_end}").format( + platform_name=Text(settings.PLATFORM_NAME), + studio_name=Text(settings.STUDIO_NAME), + link_start=HTML(''), + link_end=HTML('') + )} +