diff --git a/lms/static/js/certificates/views/certificate_invalidation_view.js b/lms/static/js/certificates/views/certificate_invalidation_view.js index 3683bd149d..316713d6a8 100644 --- a/lms/static/js/certificates/views/certificate_invalidation_view.js +++ b/lms/static/js/certificates/views/certificate_invalidation_view.js @@ -33,6 +33,7 @@ invalidateCertificate: function() { var user = this.$("#certificate-invalidation-user").val(); var notes = this.$("#certificate-invalidation-notes").val(); + var message = ""; var certificate_invalidation = new CertificateInvalidationModel({ url: this.collection.url, @@ -41,10 +42,8 @@ }); if (this.collection.findWhere({user: user})) { - this.showMessage( - gettext("Certificate of ") + user + - gettext(" has already been invalidated. Please check your spelling and retry." - )); + message = gettext("Certificate of <%= user %> has already been invalidated. Please check your spelling and retry."); // jshint ignore:line + this.escapeAndShowMessage(_.template(message, {user: user})); } else if (certificate_invalidation.isValid()) { var self = this; @@ -53,25 +52,26 @@ success: function(model) { self.collection.add(model); - self.showMessage( - gettext('Certificate has been successfully invalidated for ') + user + '.' - ); + message = gettext('Certificate has been successfully invalidated for <%= user %>.'); + self.escapeAndShowMessage(_.template(message, {user: user})); }, error: function(model, response) { try { var response_data = JSON.parse(response.responseText); - self.showMessage(response_data.message); + self.escapeAndShowMessage(response_data.message); } catch(exception) { - self.showMessage(gettext("Server Error, Please refresh the page and try again.")); + self.escapeAndShowMessage( + gettext("Server Error, Please refresh the page and try again.") + ); } } }); } else { - this.showMessage(certificate_invalidation.validationError); + this.escapeAndShowMessage(certificate_invalidation.validationError); } }, @@ -83,16 +83,19 @@ if (model) { model.destroy({ success: function() { - self.showMessage(gettext('The certificate for this learner has been re-validated and ' + - 'the system is re-running the grade for this learner.')); + self.escapeAndShowMessage( + gettext('The certificate for this learner has been re-validated and the system is re-running the grade for this learner.') // jshint ignore:line + ); }, error: function(model, response) { try { var response_data = JSON.parse(response.responseText); - self.showMessage(response_data.message); + self.escapeAndShowMessage(response_data.message); } catch(exception) { - self.showMessage(gettext("Server Error, Please refresh the page and try again.")); + self.escapeAndShowMessage( + gettext("Server Error, Please refresh the page and try again.") + ); } }, wait: true, @@ -100,8 +103,9 @@ }); } else { - self.showMessage(gettext('Could not find Certificate Invalidation in the list. ' + - 'Please refresh the page and try again')); + self.escapeAndShowMessage( + gettext('Could not find Certificate Invalidation in the list. Please refresh the page and try again') // jshint ignore:line + ); } }, @@ -110,9 +114,9 @@ return re.test(email); }, - showMessage: function(message) { + escapeAndShowMessage: function(message) { $(this.messages + ">p" ).remove(); - this.$(this.messages).removeClass('hidden').append("

"+ gettext(message) + "

"); + this.$(this.messages).removeClass('hidden').append("

"+ _.escape(message) + "

"); } }); diff --git a/lms/static/js/certificates/views/certificate_whitelist.js b/lms/static/js/certificates/views/certificate_whitelist.js index 39f850a7e3..5b5946e233 100644 --- a/lms/static/js/certificates/views/certificate_whitelist.js +++ b/lms/static/js/certificates/views/certificate_whitelist.js @@ -54,7 +54,9 @@ model.destroy( { success: function() { - self.showMessage('Student Removed from certificate white list successfully.'); + self.escapeAndShowMessage( + gettext('Student Removed from certificate white list successfully.') + ); }, error: this.showError(this), wait: true, @@ -63,9 +65,8 @@ ); } else{ - this.showMessage( - 'Could not find Certificate Exception in white list. ' + - 'Please refresh the page and try again' + this.escapeAndShowMessage( + gettext('Could not find Certificate Exception in white list. Please refresh the page and try again') // jshint ignore:line ); } }, @@ -77,15 +78,15 @@ ); }, - showMessage: function(message){ + escapeAndShowMessage: function(message){ $(this.message_div + ">p" ).remove(); - $(this.message_div).removeClass('hidden').append("

"+ gettext(message) + "

").focus(); + $(this.message_div).removeClass('hidden').append("

"+ _.escape(message) + "

").focus(); $(this.message_div).fadeOut(6000, "linear"); }, showSuccess: function(caller_object){ return function(xhr){ - caller_object.showMessage(xhr.message); + caller_object.escapeAndShowMessage(xhr.message); }; }, @@ -93,11 +94,12 @@ return function(xhr){ try{ var response = JSON.parse(xhr.responseText); - caller_object.showMessage(response.message); + caller_object.escapeAndShowMessage(response.message); } catch(exception){ - caller_object.showMessage( - "Server Error, Please refresh the page and try again."); + caller_object.escapeAndShowMessage( + gettext("Server Error, Please refresh the page and try again.") + ); } }; } diff --git a/lms/static/js/certificates/views/certificate_whitelist_editor.js b/lms/static/js/certificates/views/certificate_whitelist_editor.js index 3c3ec763a3..4fd42bd58f 100644 --- a/lms/static/js/certificates/views/certificate_whitelist_editor.js +++ b/lms/static/js/certificates/views/certificate_whitelist_editor.js @@ -51,21 +51,23 @@ notes: notes, new: true }); + var message = ""; if(this.collection.findWhere(model)){ - this.showMessage( - (user_name || user_email) + " already in exception list." + message = gettext("<%= user %> already in exception list."); + this.escapeAndShowMessage( + _.template(message, {user: (user_name || user_email)}) ); } else if(certificate_exception.isValid()){ + message = gettext("<%= user %> has been successfully added to the exception list. Click Generate Exception Certificate below to send the certificate."); // jshint ignore:line certificate_exception.save( null, { success: this.showSuccess( this, true, - (user_name || user_email) + ' has been successfully added to the exception list.' + - ' Click Generate Exception Certificate below to send the certificate.' + _.template(message, {user: (user_name || user_email)}) ), error: this.showError(this) } @@ -73,7 +75,7 @@ } else{ - this.showMessage(certificate_exception.validationError); + this.escapeAndShowMessage(certificate_exception.validationError); } }, @@ -82,9 +84,9 @@ return re.test(email); }, - showMessage: function(message){ + escapeAndShowMessage: function(message){ $(this.message_div + ">p" ).remove(); - this.$(this.message_div).removeClass('hidden').append("

"+ gettext(message) + "

"); + this.$(this.message_div).removeClass('hidden').append("

"+ _.escape(message) + "

"); }, showSuccess: function(caller, add_model, message){ @@ -92,7 +94,7 @@ if(add_model){ caller.collection.add(model); } - caller.showMessage(message); + caller.escapeAndShowMessage(message); }; }, @@ -100,11 +102,11 @@ return function(model, response){ try{ var response_data = JSON.parse(response.responseText); - caller.showMessage(response_data.message); + caller.escapeAndShowMessage(response_data.message); } catch(exception){ - caller.showMessage("" + - "Server Error, Please refresh the page and try again." + caller.escapeAndShowMessage( + gettext("Server Error, Please refresh the page and try again.") ); } };