From 1fc58b87cc547824bfddea46fa9c3782a7ebc752 Mon Sep 17 00:00:00 2001 From: Adeel Khan Date: Mon, 31 Dec 2018 15:25:22 +0500 Subject: [PATCH] Use xss-utils package for interpolate_html filters This would switch all reference of interpolate_html filter from credentials to xss-utils package. Also removing htmlescape filter to use django builtin force_escape. LEARNER-6899 --- edx_credentials_themes/__init__.py | 2 +- .../templates/edx.org/credentials/programs/base.html | 4 ++-- .../credentials/programs/micromasters/certificate.html | 10 +++++----- .../programs/professional-certificate/certificate.html | 8 ++++---- .../credentials/programs/xseries/certificate.html | 10 +++++----- edx_credentials_themes/templates/mitpe/_footer.html | 7 +++---- .../templates/mitpe/credentials/programs/base.html | 8 ++++---- 7 files changed, 24 insertions(+), 25 deletions(-) mode change 100644 => 100755 edx_credentials_themes/templates/edx.org/credentials/programs/base.html mode change 100644 => 100755 edx_credentials_themes/templates/edx.org/credentials/programs/micromasters/certificate.html mode change 100644 => 100755 edx_credentials_themes/templates/edx.org/credentials/programs/professional-certificate/certificate.html mode change 100644 => 100755 edx_credentials_themes/templates/edx.org/credentials/programs/xseries/certificate.html mode change 100644 => 100755 edx_credentials_themes/templates/mitpe/_footer.html mode change 100644 => 100755 edx_credentials_themes/templates/mitpe/credentials/programs/base.html diff --git a/edx_credentials_themes/__init__.py b/edx_credentials_themes/__init__.py index a96d65ab..641e1a8b 100644 --- a/edx_credentials_themes/__init__.py +++ b/edx_credentials_themes/__init__.py @@ -1 +1 @@ -__version__ = '0.1.25' +__version__ = '0.1.26' diff --git a/edx_credentials_themes/templates/edx.org/credentials/programs/base.html b/edx_credentials_themes/templates/edx.org/credentials/programs/base.html old mode 100644 new mode 100755 index 8a75b88e..fac32502 --- a/edx_credentials_themes/templates/edx.org/credentials/programs/base.html +++ b/edx_credentials_themes/templates/edx.org/credentials/programs/base.html @@ -1,7 +1,7 @@ {% extends 'credentials/programs/base.html' %} {% load i18n %} {% load i18n_assets %} -{% load html %} +{% load django_markup %} {% block background_watermark %} @@ -17,7 +17,7 @@

- {% trans "About edX" as tmsg %}{{ tmsg | htmlescape }} + {% trans "About edX" as tmsg %}{{ tmsg | force_escape }}

{% blocktrans trimmed asvar accomplishment_metadata_details %} diff --git a/edx_credentials_themes/templates/edx.org/credentials/programs/micromasters/certificate.html b/edx_credentials_themes/templates/edx.org/credentials/programs/micromasters/certificate.html old mode 100644 new mode 100755 index b9af50e3..1c57784e --- a/edx_credentials_themes/templates/edx.org/credentials/programs/micromasters/certificate.html +++ b/edx_credentials_themes/templates/edx.org/credentials/programs/micromasters/certificate.html @@ -1,9 +1,9 @@ {% extends 'edx.org/credentials/programs/base.html' %} {% load i18n %} -{% load html %} +{% load django_markup %} {% block message %} - {% filter htmlescape %} + {% filter force_escape %} {# Translators: MicroMasters should not be translated #} {% blocktrans trimmed with organization_name=program_details.organizations.0.key %} You worked hard to earn your MicroMasters Credential from {{ organization_name }}. @@ -13,17 +13,17 @@ {% block accomplishment_summary %} {# Translators: MicroMasters should not be translated, this phrase is preceded by the learner's name and followed by a program title #} - {% trans "has successfully completed all courses and received passing grades for a MicroMasters credential in" as tmsg %}{{ tmsg | htmlescape }} + {% trans "has successfully completed all courses and received passing grades for a MicroMasters credential in" as tmsg %}{{ tmsg | force_escape }} {% endblock %} {% block accomplishment_stamp_title %} {# Translators: MicroMasters should not be translated #} - {% trans "MicroMasters credential" as tmsg %}{{ tmsg | htmlescape }} + {% trans "MicroMasters credential" as tmsg %}{{ tmsg | force_escape }} {% endblock %} {% block accomplishment_metadata_title %} {# Translators: MicroMasters should not be translated #} - {% trans "About the edX MicroMasters credential" as tmsg %}{{ tmsg | htmlescape }} + {% trans "About the edX MicroMasters credential" as tmsg %}{{ tmsg | force_escape }} {% endblock %} {% block accomplishment_metadata %} diff --git a/edx_credentials_themes/templates/edx.org/credentials/programs/professional-certificate/certificate.html b/edx_credentials_themes/templates/edx.org/credentials/programs/professional-certificate/certificate.html old mode 100644 new mode 100755 index 255e0265..776a3f67 --- a/edx_credentials_themes/templates/edx.org/credentials/programs/professional-certificate/certificate.html +++ b/edx_credentials_themes/templates/edx.org/credentials/programs/professional-certificate/certificate.html @@ -1,18 +1,18 @@ {% extends 'edx.org/credentials/programs/base.html' %} {% load i18n %} -{% load html %} +{% load django_markup %} {% block accomplishment_summary %} {# Translators: This phrase is preceded by the learner's name and followed by a program title #} - {% trans "successfully completed all courses and received passing grades for a Professional Certificate in" as tmsg %}{{ tmsg | htmlescape }} + {% trans "successfully completed all courses and received passing grades for a Professional Certificate in" as tmsg %}{{ tmsg | force_escape }} {% endblock %} {% block accomplishment_stamp_title %} - {% trans "Professional Certificate" as tmsg %}{{ tmsg | htmlescape }} + {% trans "Professional Certificate" as tmsg %}{{ tmsg | force_escape }} {% endblock %} {% block accomplishment_metadata_title %} - {% trans "About the edX Professional Certificate" as tmsg %}{{ tmsg | htmlescape }} + {% trans "About the edX Professional Certificate" as tmsg %}{{ tmsg | force_escape }} {% endblock %} {% block accomplishment_metadata %} diff --git a/edx_credentials_themes/templates/edx.org/credentials/programs/xseries/certificate.html b/edx_credentials_themes/templates/edx.org/credentials/programs/xseries/certificate.html old mode 100644 new mode 100755 index 827d2251..8ac4af7d --- a/edx_credentials_themes/templates/edx.org/credentials/programs/xseries/certificate.html +++ b/edx_credentials_themes/templates/edx.org/credentials/programs/xseries/certificate.html @@ -1,9 +1,9 @@ {% extends 'edx.org/credentials/programs/base.html' %} {% load i18n %} -{% load html %} +{% load django_markup %} {% block message %} - {% filter htmlescape %} + {% filter force_escape %} {# Translators: XSeries should not be translated #} {% blocktrans trimmed with organization_name=program_details.organizations.0.key %} You worked hard to earn your XSeries Program certificate from {{ organization_name }}. @@ -13,17 +13,17 @@ {% block accomplishment_summary %} {# Translators: XSeries should not be translated, this phrase is preceded by the learner's name and followed by a program title #} - {% trans "has successfully completed all courses and received passing grades for an XSeries Program certificate in" as tmsg %}{{ tmsg | htmlescape }} + {% trans "has successfully completed all courses and received passing grades for an XSeries Program certificate in" as tmsg %}{{ tmsg | force_escape }} {% endblock %} {% block accomplishment_stamp_title %} {# Translators: XSeries should not be translated #} - {% trans "XSeries Program certificate" as tmsg %}{{ tmsg | htmlescape }} + {% trans "XSeries Program certificate" as tmsg %}{{ tmsg | force_escape }} {% endblock %} {% block accomplishment_metadata_title %} {# Translators: XSeries should not be translated #} - {% trans "About the edX XSeries Program certificate" as tmsg %}{{ tmsg | htmlescape }} + {% trans "About the edX XSeries Program certificate" as tmsg %}{{ tmsg | force_escape }} {% endblock %} {% block accomplishment_metadata %} diff --git a/edx_credentials_themes/templates/mitpe/_footer.html b/edx_credentials_themes/templates/mitpe/_footer.html old mode 100644 new mode 100755 index 6a8277a6..045a163d --- a/edx_credentials_themes/templates/mitpe/_footer.html +++ b/edx_credentials_themes/templates/mitpe/_footer.html @@ -1,6 +1,5 @@ {% load i18n %} {% load staticfiles %} -{% load html %}

diff --git a/edx_credentials_themes/templates/mitpe/credentials/programs/base.html b/edx_credentials_themes/templates/mitpe/credentials/programs/base.html old mode 100644 new mode 100755 index 0e0883ef..40001244 --- a/edx_credentials_themes/templates/mitpe/credentials/programs/base.html +++ b/edx_credentials_themes/templates/mitpe/credentials/programs/base.html @@ -27,11 +27,11 @@

- {% trans "This is to certify that" as tmsg %}{{ tmsg | htmlescape }} + {% trans "This is to certify that" as tmsg %}{{ tmsg | force_escape }} {{ user_data.name }} - {% trans "has successfully completed the" as tmsg %}{{ tmsg | htmlescape }} + {% trans "has successfully completed the" as tmsg %}{{ tmsg | force_escape }} PROFESSIONAL CERTIFICATE PROGRAM - {% trans "held during" as tmsg %}{{ tmsg | htmlescape }} + {% trans "held during" as tmsg %}{{ tmsg | force_escape }} {% block program_dates %}{% endblock %} @@ -55,7 +55,7 @@

-

{% trans "Noted by" as tmsg %}{{ tmsg | htmlescape }}

+

{% trans "Noted by" as tmsg %}{{ tmsg | force_escape }}

{% for signatory in user_credential.credential.signatories.all %}