From 015aa98a386ca210e36c8aacd500ff01959fa8d8 Mon Sep 17 00:00:00 2001 From: SaadYousaf Date: Wed, 1 Jul 2020 23:24:50 +0500 Subject: [PATCH 1/8] PROD-1661 --- .../views/video/transcripts/file_uploader.js | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/cms/static/js/views/video/transcripts/file_uploader.js b/cms/static/js/views/video/transcripts/file_uploader.js index 2acd158c1c..8edab306a5 100644 --- a/cms/static/js/views/video/transcripts/file_uploader.js +++ b/cms/static/js/views/video/transcripts/file_uploader.js @@ -1,9 +1,11 @@ define( [ 'jquery', 'backbone', 'underscore', - 'js/views/video/transcripts/utils' + 'js/views/video/transcripts/utils', + 'edx-ui-toolkit/js/utils/html-utils' ], -function($, Backbone, _, TranscriptUtils) { +function($, Backbone, _, TranscriptUtils, HtmlUtils) { + 'use strict'; var FileUploader = Backbone.View.extend({ invisibleClass: 'is-invisible', @@ -37,9 +39,8 @@ function($, Backbone, _, TranscriptUtils) { return; } - this.template = _.template(tpl); - - tplContainer.html(this.template({ + this.template = HtmlUtils.template(tpl); + HtmlUtils.setHtml(tplContainer, this.template({ ext: this.validFileExtensions, component_locator: this.options.component_locator })); @@ -126,11 +127,12 @@ function($, Backbone, _, TranscriptUtils) { * */ checkExtValidity: function(file) { + var fileExtension; if (!file.name) { return void(0); } - var fileExtension = file.name + fileExtension = file.name .split('.') .pop() .toLowerCase(); @@ -153,7 +155,7 @@ function($, Backbone, _, TranscriptUtils) { this.$progress .width(percentVal) - .html(percentVal) + .text(percentVal) .removeClass(this.invisibleClass); }, @@ -177,7 +179,7 @@ function($, Backbone, _, TranscriptUtils) { this.$progress .width(percentVal) - .html(percentVal); + .text(percentVal); }, /** From 3cbfab378aa8061e9b2974eaa97406ef73a095f6 Mon Sep 17 00:00:00 2001 From: SaadYousaf Date: Wed, 1 Jul 2020 23:44:47 +0500 Subject: [PATCH 2/8] PROD-1663 --- lms/templates/split_test_author_view.html | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/lms/templates/split_test_author_view.html b/lms/templates/split_test_author_view.html index ede487e199..534777d0b1 100644 --- a/lms/templates/split_test_author_view.html +++ b/lms/templates/split_test_author_view.html @@ -1,4 +1,9 @@ -<%! from django.utils.translation import ugettext as _ %> +<%page expression_filter="h"/> + +<%! + from django.utils.translation import ugettext as _ + from openedx.core.djangolib.markup import HTML, Text +%> <% split_test = context.get('split_test') @@ -11,8 +16,8 @@ show_link = group_configuration_url is not None

- ${_("This content experiment uses group configuration '{group_configuration_name}'.").format( - group_configuration_name="{}".format(group_configuration_url, user_partition.name) if show_link else user_partition.name + ${Text(_("This content experiment uses group configuration '{group_configuration_name}'.")).format( + group_configuration_name=Text(HTML("{}")).format(group_configuration_url, user_partition.name) if show_link else user_partition.name )}

@@ -23,13 +28,13 @@ show_link = group_configuration_url is not None % if is_root:

${_("Active Groups")}

- ${active_groups_preview} + ${HTML(active_groups_preview)}
% if inactive_groups_preview:

${_("Inactive Groups")}

- ${inactive_groups_preview} + ${HTML(inactive_groups_preview)}
% endif % endif From 188aae9402164b64446cbd93dfdcf832dbe178bb Mon Sep 17 00:00:00 2001 From: SaadYousaf Date: Thu, 2 Jul 2020 00:05:40 +0500 Subject: [PATCH 3/8] PROD-1665 --- cms/templates/manage_users_lib.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cms/templates/manage_users_lib.html b/cms/templates/manage_users_lib.html index 4d9e4e1aa2..0800be9eb5 100644 --- a/cms/templates/manage_users_lib.html +++ b/cms/templates/manage_users_lib.html @@ -1,3 +1,5 @@ +<%page expression_filter="h"/> + <%inherit file="base.html" /> <%! from django.utils.translation import ugettext as _ @@ -110,7 +112,7 @@ from openedx.core.djangolib.js_utils import ( <%block name="requirejs"> require(["js/factories/manage_users_lib"], function(ManageLibraryUsersFactory) { ManageLibraryUsersFactory( - "${context_library.display_name_with_default | h}", + "${context_library.display_name_with_default | n, js_escaped_string}", ${users | n, dump_js_escaped_json}, "${reverse('course_team_handler', kwargs={'course_key_string': library_key, 'email': '@@EMAIL@@'}) | n, js_escaped_string}", ${request.user.id | n, dump_js_escaped_json}, From f1d99e1d61d8ba44aa153a279d30bf1706a75c34 Mon Sep 17 00:00:00 2001 From: Ali-D-Akbar Date: Thu, 2 Jul 2020 23:43:44 +0500 Subject: [PATCH 4/8] PROD-1795 --- cms/templates/edit-tabs.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cms/templates/edit-tabs.html b/cms/templates/edit-tabs.html index 7ee868aaa5..c9e30c3223 100644 --- a/cms/templates/edit-tabs.html +++ b/cms/templates/edit-tabs.html @@ -21,7 +21,7 @@ <%block name="page_bundle"> <%static:webpack entry="js/factories/edit_tabs"> - EditTabsFactory("${context_course.location | n, js_escaped_string}", "${reverse('tabs_handler', kwargs={'course_key_string': context_course.id})}"); + EditTabsFactory("${context_course.location | n, js_escaped_string}", "${reverse('tabs_handler', kwargs={'course_key_string': context_course.id}) | n, js_escaped_string}"); From ffde1c4bc281088ec1c2e0879c391727046aba6d Mon Sep 17 00:00:00 2001 From: SaadYousaf Date: Mon, 6 Jul 2020 16:59:38 +0500 Subject: [PATCH 5/8] PROD-1731 --- lms/static/js/verify_student/views/reverify_view.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lms/static/js/verify_student/views/reverify_view.js b/lms/static/js/verify_student/views/reverify_view.js index 43257138b3..b61ca2f1b5 100644 --- a/lms/static/js/verify_student/views/reverify_view.js +++ b/lms/static/js/verify_student/views/reverify_view.js @@ -83,7 +83,10 @@ // Get or create the step container $stepEl = $('#current-step-container'); if (!$stepEl.length) { - $stepEl = $('
').appendTo(this.el); + $stepEl = edx.HtmlUtils.append( + $(this.el), + edx.HtmlUtils.HTML('
').toString() + ); } // Render the step subview From e7338cd180f45af6070177e2a0d4a84188e290e6 Mon Sep 17 00:00:00 2001 From: SaadYousaf Date: Mon, 6 Jul 2020 17:13:11 +0500 Subject: [PATCH 6/8] PROD-1732 --- lms/static/js/verify_student/views/pay_and_verify_view.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lms/static/js/verify_student/views/pay_and_verify_view.js b/lms/static/js/verify_student/views/pay_and_verify_view.js index 452b0cb731..4dd4d4d16f 100644 --- a/lms/static/js/verify_student/views/pay_and_verify_view.js +++ b/lms/static/js/verify_student/views/pay_and_verify_view.js @@ -126,7 +126,10 @@ var edx = edx || {}; // Get or create the step container $stepEl = $('#current-step-container'); if (!$stepEl.length) { - $stepEl = $('
').appendTo(this.el); + $stepEl = edx.HtmlUtils.append( + $(this.el), + edx.HtmlUtils.HTML('
').toString() + ); } // Render the subview From 2db23423149b688f59268480beee53aeb49f7344 Mon Sep 17 00:00:00 2001 From: SaadYousaf Date: Mon, 6 Jul 2020 18:02:10 +0500 Subject: [PATCH 7/8] PROD-1729 --- lms/static/js/views/image_field.js | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/lms/static/js/views/image_field.js b/lms/static/js/views/image_field.js index d568759617..3a4b427c15 100644 --- a/lms/static/js/views/image_field.js +++ b/lms/static/js/views/image_field.js @@ -1,15 +1,16 @@ (function(define) { 'use strict'; define([ - 'gettext', 'jquery', 'underscore', 'backbone', 'js/views/fields', + 'gettext', 'jquery', 'underscore', 'backbone', + 'edx-ui-toolkit/js/utils/html-utils', 'js/views/fields', 'text!templates/fields/field_image.underscore', 'backbone-super', 'jquery.fileupload' - ], function(gettext, $, _, Backbone, FieldViews, field_image_template) { + ], function(gettext, $, _, Backbone, HtmlUtils, FieldViews, FieldImageTemplate) { var ImageFieldView = FieldViews.FieldView.extend({ fieldType: 'image', - fieldTemplate: field_image_template, + fieldTemplate: FieldImageTemplate, uploadButtonSelector: '.upload-button-input', titleAdd: gettext('Upload an image'), @@ -44,7 +45,7 @@ }, render: function() { - this.$el.html(this.template({ + var attributes = { id: this.options.valueAttribute, inputName: (this.options.inputName || 'file'), imageUrl: _.result(this, 'imageUrl'), @@ -54,7 +55,8 @@ removeButtonIcon: _.result(this, 'iconRemove'), removeButtonTitle: _.result(this, 'removeButtonTitle'), screenReaderTitle: _.result(this, 'screenReaderTitle') - })); + }; + this.$el.html(HtmlUtils.HTML(this.template(attributes)).toString()); this.delegateEvents(); this.updateButtonsVisibility(); this.watchForPageUnload(); @@ -184,14 +186,14 @@ showUploadInProgressMessage: function() { this.$('.u-field-upload-button').addClass('in-progress'); - this.$('.upload-button-icon').html(this.iconProgress); - this.$('.upload-button-title').html(this.titleUploading); + HtmlUtils.setHtml(this.$('.upload-button-icon'), HtmlUtils.HTML(this.iconProgress)); + HtmlUtils.setHtml(this.$('.upload-button-title'), HtmlUtils.HTML(this.titleUploading)); }, showRemovalInProgressMessage: function() { this.$('.u-field-remove-button').css('opacity', 1); - this.$('.remove-button-icon').html(this.iconProgress); - this.$('.remove-button-title').html(this.titleRemoving); + HtmlUtils.setHtml(this.$('.remove-button-icon'), HtmlUtils.HTML(this.iconProgress)); + HtmlUtils.setHtml(this.$('.remove-button-title'), HtmlUtils.HTML(this.titleRemoving)); }, setCurrentStatus: function(status) { From a89553f1c3d838aa7a3915b3626d8307fe197991 Mon Sep 17 00:00:00 2001 From: Ali-D-Akbar Date: Mon, 6 Jul 2020 20:00:46 +0500 Subject: [PATCH 8/8] PROD-1727 --- lms/static/js/views/notification.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lms/static/js/views/notification.js b/lms/static/js/views/notification.js index a5cc328f17..1187e8478b 100644 --- a/lms/static/js/views/notification.js +++ b/lms/static/js/views/notification.js @@ -9,7 +9,7 @@ }, render: function() { - this.$el.html(this.template({ + this.$el.html(this.template({ // xss-lint: disable=javascript-jquery-html type: this.model.get('type'), title: this.model.get('title'), message: this.model.get('message'),