diff --git a/openedx/core/djangoapps/user_authn/exceptions.py b/openedx/core/djangoapps/user_authn/exceptions.py
index d86b5f8d51..7df072b69f 100644
--- a/openedx/core/djangoapps/user_authn/exceptions.py
+++ b/openedx/core/djangoapps/user_authn/exceptions.py
@@ -1,5 +1,7 @@
""" User Authn related Exceptions. """
+from openedx.core.djangolib.markup import Text
+
class AuthFailedError(Exception):
"""
@@ -8,7 +10,7 @@ class AuthFailedError(Exception):
"""
def __init__(self, value=None, redirect=None, redirect_url=None):
super(AuthFailedError, self).__init__()
- self.value = value
+ self.value = Text(value)
self.redirect = redirect
self.redirect_url = redirect_url
diff --git a/openedx/core/djangoapps/user_authn/tests/test_exceptions.py b/openedx/core/djangoapps/user_authn/tests/test_exceptions.py
new file mode 100644
index 0000000000..ac16d733c7
--- /dev/null
+++ b/openedx/core/djangoapps/user_authn/tests/test_exceptions.py
@@ -0,0 +1,18 @@
+""" Test Authn related exception. """
+
+from unittest import TestCase
+
+from openedx.core.djangoapps.user_authn.exceptions import AuthFailedError
+from openedx.core.djangolib.markup import Text
+
+
+class AuthFailedErrorTests(TestCase):
+ """ Tests for AuthFailedError exception."""
+
+ def test_sanitize_message(self):
+ """ Tests that AuthFailedError HTML-escapes the message."""
+ script_tag = ''
+ exception = AuthFailedError(script_tag)
+
+ expected_value = Text(script_tag)
+ self.assertEqual(exception.value, expected_value)
diff --git a/openedx/core/djangoapps/user_authn/views/login.py b/openedx/core/djangoapps/user_authn/views/login.py
index 71d4180aa1..4048b4a81c 100644
--- a/openedx/core/djangoapps/user_authn/views/login.py
+++ b/openedx/core/djangoapps/user_authn/views/login.py
@@ -56,27 +56,17 @@ def _do_third_party_auth(request):
u"with backend_name {backend_name}".format(
username=username, backend_name=backend_name)
)
- message = _(
+ message = Text(_(
u"You've successfully logged into your {provider_name} account, "
- u"but this account isn't linked with an {platform_name} account yet."
- ).format(
- platform_name=platform_name,
- provider_name=requested_provider.name,
- )
- message += "
"
- message += _(
+ u"but this account isn't linked with your {platform_name} account yet. {blank_lines}"
u"Use your {platform_name} username and password to log into {platform_name} below, "
- u"and then link your {platform_name} account with {provider_name} from your dashboard."
- ).format(
- platform_name=platform_name,
- provider_name=requested_provider.name,
- )
- message += "
"
- message += Text(_(
- u"If you don't have an {platform_name} account yet, "
+ u"and then link your {platform_name} account with {provider_name} from your dashboard. {blank_lines}"
+ u"If you don't have an account on {platform_name} yet, "
u"click {register_label_strong} at the top of the page."
)).format(
+ blank_lines=HTML('
'),
platform_name=platform_name,
+ provider_name=requested_provider.name,
register_label_strong=HTML('{register_text}').format(
register_text=_('Register')
)
@@ -140,16 +130,19 @@ def _generate_not_activated_message(user):
'PLATFORM_NAME',
settings.PLATFORM_NAME
)
-
- not_activated_msg_template = _(u'In order to sign in, you need to activate your account.
'
- u'We just sent an activation link to {email}. If '
- u'you do not receive an email, check your spam folders or '
- u'contact {platform} Support.')
-
- not_activated_message = not_activated_msg_template.format(
- email=user.email,
- support_url=support_url,
- platform=platform_name
+ not_activated_message = Text(_(
+ u'In order to sign in, you need to activate your account.{blank_lines}'
+ u'We just sent an activation link to {email_strong}. If '
+ u'you do not receive an email, check your spam folders or '
+ u'{link_start}contact {platform_name} Support{link_end}.'
+ )).format(
+ platform_name=platform_name,
+ blank_lines=HTML('
'),
+ email_strong=HTML('{email}').format(email=user.email),
+ link_start=HTML(u'').format(
+ support_url=support_url,
+ ),
+ link_end=HTML(""),
)
return not_activated_message