From fde370bd92dbf173d76dfe02eef31d0ee6cefd19 Mon Sep 17 00:00:00 2001 From: Vik Paruchuri Date: Fri, 25 Jan 2013 09:55:47 -0500 Subject: [PATCH] Fix notification issue, sanitize input html --- common/lib/xmodule/xmodule/open_ended_module.py | 2 +- common/lib/xmodule/xmodule/openendedchild.py | 5 +++-- lms/djangoapps/courseware/tabs.py | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/common/lib/xmodule/xmodule/open_ended_module.py b/common/lib/xmodule/xmodule/open_ended_module.py index 02059dca1a..28dedef0b6 100644 --- a/common/lib/xmodule/xmodule/open_ended_module.py +++ b/common/lib/xmodule/xmodule/open_ended_module.py @@ -554,7 +554,7 @@ class OpenEndedModule(openendedchild.OpenEndedChild): # add new history element with answer and empty score and hint. self.new_history_entry(get['student_answer']) - get['student_answer'] = self.sanitize_html(get['student_answer']) + get['student_answer'] = OpenEndedModule.sanitize_html(get['student_answer']) self.send_to_grader(get['student_answer'], system) self.change_state(self.ASSESSING) diff --git a/common/lib/xmodule/xmodule/openendedchild.py b/common/lib/xmodule/xmodule/openendedchild.py index f2cc2ae295..01ab1017ff 100644 --- a/common/lib/xmodule/xmodule/openendedchild.py +++ b/common/lib/xmodule/xmodule/openendedchild.py @@ -131,7 +131,8 @@ class OpenEndedChild(object): return "" return self.history[-1].get('post_assessment', "") - def sanitize_html(self, answer): + @staticmethod + def sanitize_html(answer): cleaner = Cleaner(style=True, links=True, add_nofollow=True, page_structure=True, safe_attrs_only=True) clean_html = cleaner.clean_html(answer) return clean_html @@ -142,7 +143,7 @@ class OpenEndedChild(object): @param answer: The student supplied answer @return: None """ - answer = self.sanitize_html(answer) + answer = OpenEndedChild.sanitize_html(answer) self.history.append({'answer': answer}) def record_latest_score(self, score): diff --git a/lms/djangoapps/courseware/tabs.py b/lms/djangoapps/courseware/tabs.py index b2267e6cf5..24fb36200c 100644 --- a/lms/djangoapps/courseware/tabs.py +++ b/lms/djangoapps/courseware/tabs.py @@ -133,7 +133,7 @@ def _peer_grading(tab, user, course, active_page): return [] def _combined_open_ended_grading(tab, user, course, active_page): - if user.is_authenticated: + if user.is_authenticated(): link = reverse('open_ended_notifications', args=[course.id]) tab_name = "Open Ended Panel"