From 98254e5cec1096d2aba80108c14727923e50ceaa Mon Sep 17 00:00:00 2001 From: Bill DeRusha Date: Wed, 23 Mar 2016 12:05:09 -0400 Subject: [PATCH] Safe templatize: choose.html --- lms/templates/course_modes/choose.html | 24 ++++++++++------- .../lms/templates/course_modes/choose.html | 26 +++++++++++-------- 2 files changed, 29 insertions(+), 21 deletions(-) diff --git a/lms/templates/course_modes/choose.html b/lms/templates/course_modes/choose.html index f79fae05dc..16a6d13666 100644 --- a/lms/templates/course_modes/choose.html +++ b/lms/templates/course_modes/choose.html @@ -1,12 +1,15 @@ +<%page expression_filter="h"/> <%inherit file="../main.html" /> <%! from django.utils.translation import ugettext as _ from django.core.urlresolvers import reverse +from openedx.core.djangolib.js_utils import js_escaped_string +from openedx.core.djangolib.markup import HTML, Text %> <%block name="bodyclass">register verification-process step-select-track <%block name="pagetitle"> - ${_("Enroll In {} | Choose Your Track").format(course_name)} + ${_("Enroll In {course_name} | Choose Your Track").format(course_name=course_name)} <%block name="js_extra"> @@ -41,7 +44,8 @@ from django.core.urlresolvers import reverse % if use_ecommerce_payment_flow: $('input[name=verified_mode]').click(function(e){ e.preventDefault(); - window.location.href = '${ecommerce_payment_page}?sku=${sku}'; + window.location.href = '${ecommerce_payment_page | n, js_escaped_string}?sku=' + + encodeURIComponent('${sku | n, js_escaped_string}'); }); % endif }); @@ -75,7 +79,7 @@ from django.core.urlresolvers import reverse
<% - b_tag_kwargs = {'b_start': '', 'b_end': ''} + b_tag_kwargs = {'b_start': HTML(''), 'b_end': HTML('')} %> % if "verified" in modes:
@@ -91,9 +95,9 @@ from django.core.urlresolvers import reverse

${_("Benefits of a Verified Certificate")}

    -
  • ${_("{b_start}Eligible for credit:{b_end} Receive academic credit after successfully completing the course").format(**b_tag_kwargs)}
    • -
  • ${_("{b_start}Official:{b_end} Receive an instructor-signed certificate with the institution's logo").format(**b_tag_kwargs)}
    • -
  • ${_("{b_start}Easily shareable:{b_end} Add the certificate to your CV or resume, or post it directly on LinkedIn").format(**b_tag_kwargs)}
    • +
  • ${Text(_("{b_start}Eligible for credit:{b_end} Receive academic credit after successfully completing the course")).format(**b_tag_kwargs)}
    • +
  • ${Text(_("{b_start}Official:{b_end} Receive an instructor-signed certificate with the institution's logo")).format(**b_tag_kwargs)}
    • +
  • ${Text(_("{b_start}Easily shareable:{b_end} Add the certificate to your CV or resume, or post it directly on LinkedIn")).format(**b_tag_kwargs)}
@@ -117,9 +121,9 @@ from django.core.urlresolvers import reverse

${_("Benefits of a Verified Certificate")}

    -
  • ${_("{b_start}Official: {b_end}Receive an instructor-signed certificate with the institution's logo").format(**b_tag_kwargs)}
    • -
  • ${_("{b_start}Easily shareable: {b_end}Add the certificate to your CV or resume, or post it directly on LinkedIn").format(**b_tag_kwargs)}
    • -
  • ${_("{b_start}Motivating: {b_end}Give yourself an additional incentive to complete the course").format(**b_tag_kwargs)}
    • +
  • ${Text(_("{b_start}Official: {b_end}Receive an instructor-signed certificate with the institution's logo")).format(**b_tag_kwargs)}
    • +
  • ${Text(_("{b_start}Easily shareable: {b_end}Add the certificate to your CV or resume, or post it directly on LinkedIn")).format(**b_tag_kwargs)}
    • +
  • ${Text(_("{b_start}Motivating: {b_end}Give yourself an additional incentive to complete the course")).format(**b_tag_kwargs)}
@@ -169,7 +173,7 @@ from django.core.urlresolvers import reverse

${_("Audit This Course (No Certificate)")}

## Translators: b_start notes the beginning of a section of text bolded for emphasis, and b_end marks the end of the bolded text. -

${_("Audit this course for free and have complete access to all the course material, activities, tests, and forums. {b_start}Please note that this track does not offer a certificate for learners who earn a passing grade.{b_end}".format(**b_tag_kwargs))}

+

${Text(_("Audit this course for free and have complete access to all the course material, activities, tests, and forums. {b_start}Please note that this track does not offer a certificate for learners who earn a passing grade.{b_end}")).format(**b_tag_kwargs)}

diff --git a/themes/edx.org/lms/templates/course_modes/choose.html b/themes/edx.org/lms/templates/course_modes/choose.html index d023d02d9c..3b5cc89b85 100644 --- a/themes/edx.org/lms/templates/course_modes/choose.html +++ b/themes/edx.org/lms/templates/course_modes/choose.html @@ -1,12 +1,15 @@ +<%page expression_filter="h"/> <%inherit file="../main.html" /> <%! from django.utils.translation import ugettext as _ from django.core.urlresolvers import reverse +from openedx.core.djangolib.js_utils import js_escaped_string +from openedx.core.djangolib.markup import HTML, Text %> <%block name="bodyclass">register verification-process step-select-track <%block name="pagetitle"> - ${_("Enroll In {} | Choose Your Track").format(course_name)} + ${_("Enroll In {course_name} | Choose Your Track").format(course_name=course_name)} <%block name="js_extra"> @@ -41,7 +44,8 @@ from django.core.urlresolvers import reverse % if use_ecommerce_payment_flow: $('input[name=verified_mode]').click(function(e){ e.preventDefault(); - window.location.href = '${ecommerce_payment_page}?sku=${sku}'; + window.location.href = '${ecommerce_payment_page | n, js_escaped_string}?sku=' + + encodeURIComponent('${sku | n, js_escaped_string}'); }); % endif }); @@ -75,7 +79,7 @@ from django.core.urlresolvers import reverse <% - b_tag_kwargs = {'b_start': '', 'b_end': ''} + b_tag_kwargs = {'b_start': HTML(''), 'b_end': HTML('')} %> % if "verified" in modes:
@@ -91,9 +95,9 @@ from django.core.urlresolvers import reverse

${_("Benefits of a Verified Certificate")}

    -
  • ${_("{b_start}Eligible for credit:{b_end} Receive academic credit after successfully completing the course").format(**b_tag_kwargs)}
    • -
  • ${_("{b_start}Official:{b_end} Receive an instructor-signed certificate with the institution's logo").format(**b_tag_kwargs)}
    • -
  • ${_("{b_start}Easily shareable:{b_end} Add the certificate to your CV or resume, or post it directly on LinkedIn").format(**b_tag_kwargs)}
    • +
  • ${Text(_("{b_start}Eligible for credit:{b_end} Receive academic credit after successfully completing the course")).format(**b_tag_kwargs)}
    • +
  • ${Text(_("{b_start}Official:{b_end} Receive an instructor-signed certificate with the institution's logo")).format(**b_tag_kwargs)}
    • +
  • ${Text(_("{b_start}Easily shareable:{b_end} Add the certificate to your CV or resume, or post it directly on LinkedIn")).format(**b_tag_kwargs)}
@@ -117,10 +121,10 @@ from django.core.urlresolvers import reverse

${_("Benefits of a Verified Certificate")}

    -
  • ${_("{b_start}Official: {b_end}Receive an instructor-signed certificate with the institution's logo").format(**b_tag_kwargs)}
    • -
  • ${_("{b_start}Easily shareable: {b_end}Add the certificate to your CV or resume, or post it directly on LinkedIn").format(**b_tag_kwargs)}
    • -
  • ${_("{b_start}Motivating: {b_end}Give yourself an additional incentive to complete the course").format(**b_tag_kwargs)}
    • -
  • ${_("{b_start}Support our Mission: {b_end} EdX, a non-profit, relies on verified certificates to help fund free education for everyone globally").format(**b_tag_kwargs)}
    • +
  • ${Text(_("{b_start}Official: {b_end}Receive an instructor-signed certificate with the institution's logo")).format(**b_tag_kwargs)}
    • +
  • ${Text(_("{b_start}Easily shareable: {b_end}Add the certificate to your CV or resume, or post it directly on LinkedIn")).format(**b_tag_kwargs)}
    • +
  • ${Text(_("{b_start}Motivating: {b_end}Give yourself an additional incentive to complete the course")).format(**b_tag_kwargs)}
    • +
  • ${Text(_("{b_start}Support our Mission: {b_end} EdX, a non-profit, relies on verified certificates to help fund free education for everyone globally")).format(**b_tag_kwargs)}
@@ -170,7 +174,7 @@ from django.core.urlresolvers import reverse

${_("Audit This Course (No Certificate)")}

## Translators: b_start notes the beginning of a section of text bolded for emphasis, and b_end marks the end of the bolded text. -

${_("Audit this course for free and have complete access to all the course material, activities, tests, and forums. {b_start}Please note that this track does not offer a certificate for learners who earn a passing grade.{b_end}".format(**b_tag_kwargs))}

+

${Text(_("Audit this course for free and have complete access to all the course material, activities, tests, and forums. {b_start}Please note that this track does not offer a certificate for learners who earn a passing grade.{b_end}")).format(**b_tag_kwargs)}