Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
0c2dfd136eafaae88a71df4eecdcacc3845fca45
edx-platform/lms/templates/shoppingcart/registration_code_redemption.html
Adeel Khan 298d3554fe Fix templates for XSS code injection via translations 
This would patch all templates (django/mako)
for a possible XSS code injection via
translation files by html escaping them..

LEARNER-4632
2019-06-25 14:22:42 +05:00

101 lines
3.9 KiB
HTML
Raw Blame History

<%page expression_filter="h"/>
<%!
from django.utils.translation import ugettext as _
from openedx.core.djangolib.markup import HTML, Text
from django.urls import reverse
from openedx.core.lib.courses import course_image_url
%>
<%inherit file="../main.html" />
<%namespace name='static' file='/static_content.html'/>
<%block name="pagetitle">${_("Confirm Enrollment")}</%block>
<%block name="content">
<div class="container">
<section class="wrapper confirm-enrollment">
<header class="page-header">
<h1 class="title">
${_("{site_name} - Confirm Enrollment").format(site_name=site_name)}
</h1>
</header>
<section>
<div class="course-image">
<img class="item-image" src="${course_image_url(course)}"
alt="${_("{course_number} {course_title} Cover Image").format(
course_number=course.display_number_with_default,
course_title=course.display_name_with_default,
)}" />
</div>
<div class="enrollment-details">
<div class="sub-title">
${Text(_("Confirm your enrollment for: {span_start}course dates{span_end}")).format(
span_start=HTML('<span class="course-date-label">'),
span_end=HTML('</span>')
)}
<div class="clearfix"></div>
</div>
<div class="course-title">
<h1>
${course.display_name}
</h1>
</div>
<hr>
<div>
<p class="enrollment-text">
% if reg_code_already_redeemed:
${Text(_(
"You've clicked a link for an enrollment code that has already "
"been used. Check your {link_start}course dashboard{link_end} "
"to see if you're enrolled in the course, or contact your "
"company's administrator."
)).format(
link_start=HTML(u'<a href="{url}">').format(url=reverse('dashboard')),
link_end=HTML('</a>'),
)}
% elif redemption_success:
${_(
"You have successfully enrolled in {course_name}. "
"This course has now been added to your dashboard."
).format(
course_name=course.display_name,
)}
% elif registered_for_course:
${Text(_(
"You're already enrolled for this course. "
"Visit your {link_start}dashboard{link_end} to see the course."
)).format(
link_start=HTML(u'<a href="{url}">').format(url=reverse('dashboard')),
link_end=HTML('</a>'),
)}
% elif redeem_code_error:
${_( "There was an error processing your redeem code.")}
% else:
${_(
"You're about to activate an enrollment code for {course_name} "
"by {site_name}. This code can only be used one time, so you "
"should only activate this code if you're its intended "
"recipient."
).format(
course_name=course.display_name,
site_name=site_name,
)}
% endif
</p>
</div>
</div>
% if not reg_code_already_redeemed:
%if redemption_success:
<a href="${reverse('dashboard')}" class="link-button course-link-bg-color">${_("View Dashboard")} <span class="icon fa fa-caret-right" aria-hidden="true"></span></a>
%elif not registered_for_course:
<form method="post">
<input type="hidden" name="csrfmiddlewaretoken" value="${ csrf_token }" aria-hidden="true">
<button type="submit"
id="id_active_course_enrollment"
name="active_course_enrollment">${_("Activate Course Enrollment")} <span class="icon fa fa-caret-right" aria-hidden="true"></span></button>
</form>
%endif
%endif
</section>
</section>
</div>
</%block>
Reference in New Issue View Git Blame Copy Permalink