add escaping

cms/templates/widgets/header.html

@@ -13,7 +13,7 @@
       <h2 class="info-course">
         <span class="sr">${_("Current Course:")}</span>
         <a class="course-link" href="${reverse('course_index', kwargs=dict(org=ctx_loc.org, course=ctx_loc.course, name=ctx_loc.name))}">
-          <span class="course-org">${context_course.display_org_with_default}</span><span class="course-number">${context_course.display_number_with_default}</span>
+          <span class="course-org">${context_course.display_org_with_default | h}</span><span class="course-number">${context_course.display_number_with_default | h}</span>
           <span class="course-title" title="${context_course.display_name_with_default}">${context_course.display_name_with_default}</span>
         </a>
       </h2>

common/lib/xmodule/xmodule/course_module.py

@@ -6,6 +6,7 @@ from path import path  # NOTE (THK): Only used for detecting presence of syllabu
 import requests
 from datetime import datetime
 import dateutil.parser
+import cgi
 
 from xmodule.modulestore import Location
 from xmodule.seq_module import SequenceDescriptor, SequenceModule
@@ -944,9 +945,9 @@ class CourseDescriptor(CourseFields, SequenceDescriptor):
         Return a display course number if it has been specified, otherwise return the 'course' that is in the location
         """
         if self.display_coursenumber:
-            return self.display_coursenumber
+            return cgi.escape(self.display_coursenumber)
 
-        return self.location.course
+        return self.number
 
     @property
     def org(self):
@@ -958,6 +959,6 @@ class CourseDescriptor(CourseFields, SequenceDescriptor):
         Return a display organization if it has been specified, otherwise return the 'org' that is in the location
         """
         if self.display_organization:
-            return self.display_organization
+            return cgi.escape(self.display_organization)
 
-        return self.location.org
+        return self.org

lms/templates/course.html

@@ -14,13 +14,13 @@ from courseware.courses import course_image_url, get_course_about_section
   <div class="inner-wrapper">
       <header class="course-preview">
         <hgroup>
-          <h2><span class="course-number">${course.display_number_with_default}</span> ${get_course_about_section(course, 'title')}</h2>
+          <h2><span class="course-number">${course.display_number_with_default | h}</span> ${get_course_about_section(course, 'title')}</h2>
         </hgroup>
         <div class="info-link">&#x2794;</div>
       </header>
       <section class="info">
         <div class="cover-image">
-          <img src="${course_image_url(course)}" alt="${course.display_number_with_default} ${get_course_about_section(course, 'title')} Cover Image" />
+          <img src="${course_image_url(course)}" alt="${course.display_number_with_default | h} ${get_course_about_section(course, 'title')} Cover Image" />
         </div>
         <div class="desc">
           <p>${get_course_about_section(course, 'short_description')}</p>

lms/templates/courseware/course_about.html

@@ -66,11 +66,15 @@
   <script src="${static.url('js/course_info.js')}"></script>
 </%block>
 
+<<<<<<< HEAD
 <<<<<<< HEAD
 <%block name="title"><title>${_("About {course.number}").format(course=course)}</title></%block>
 =======
 <%block name="title"><title>About ${course.display_number_with_default}</title></%block>
 >>>>>>> add display_coursenumber and display_organization fields on the CourseModule, with some property accessors. Update LMS/CMS pages to use those display strings as appropraite.
+=======
+<%block name="title"><title>About ${course.display_number_with_default | h}</title></%block>
+>>>>>>> add escaping
 
 <section class="course-info">
   <header class="course-profile">
@@ -79,7 +83,7 @@
       <section class="intro">
         <hgroup>
           <h1>
-            ${course.display_number_with_default}: ${get_course_about_section(course, "title")}
+            ${course.display_number_with_default | h}: ${get_course_about_section(course, "title")}
             % if not self.theme_enabled():
               <a href="#">${get_course_about_section(course, "university")}</a>
             % endif
@@ -101,11 +105,15 @@
                     </a>
                 %endif
         %else:
+<<<<<<< HEAD
 <<<<<<< HEAD
             <a href="#" class="register">${_("Register for {course.number}").format(course=course)}</a>
 =======
             <a href="#" class="register">Register for ${course.display_number_with_default}</a>
 >>>>>>> add display_coursenumber and display_organization fields on the CourseModule, with some property accessors. Update LMS/CMS pages to use those display strings as appropraite.
+=======
+            <a href="#" class="register">Register for ${course.display_number_with_default | h}</a>
+>>>>>>> add escaping
             <div id="register_error"></div>
         %endif
         </div>
@@ -174,11 +182,15 @@
         </header>
 
         <ol class="important-dates">
+<<<<<<< HEAD
 <<<<<<< HEAD
           <li><div class="icon course-number"></div><p>${_("Course Number")}</p><span class="course-number">${course.number}</span></li>
           <li><div class="icon start"></div><p>${_("Classes Start")}</p><span class="start-date">${course.start_date_text}</span></li>
 =======
           <li><div class="icon course-number"></div><p>Course Number</p><span class="course-number">${course.display_number_with_default}</span></li>
+=======
+          <li><div class="icon course-number"></div><p>Course Number</p><span class="course-number">${course.display_number_with_default | h}</span></li>
+>>>>>>> add escaping
           <li><div class="icon start"></div><p>Classes Start</p><span class="start-date">${course.start_date_text}</span></li>
 >>>>>>> add display_coursenumber and display_organization fields on the CourseModule, with some property accessors. Update LMS/CMS pages to use those display strings as appropraite.
 

lms/templates/courseware/courseware.html

@@ -2,7 +2,11 @@
 <%inherit file="/main.html" />
 <%namespace name='static' file='/static_content.html'/>
 <%block name="bodyclass">courseware ${course.css_class}</%block>
+<<<<<<< HEAD
 <%block name="title"><title>${_("{course_number} Courseware").format(course_number=course.display_number_with_default)}</title></%block>
+=======
+<%block name="title"><title>${course.display_number_with_default | h} Courseware</title></%block>
+>>>>>>> add escaping
 
 <%block name="headextra">
   <%static:css group='course'/>

lms/templates/courseware/info.html

@@ -7,7 +7,11 @@
   <%static:css group='course'/>
 </%block>
 
+<<<<<<< HEAD
 <%block name="title"><title>${_("{course.number} Course Info").format(course=course.display_number_with_default)}</title></%block>
+=======
+<%block name="title"><title>${course.display_number_with_default | h} Course Info</title></%block>
+>>>>>>> add escaping
 
 <%include file="/courseware/course_navigation.html" args="active_page='info'" />
 <%!

lms/templates/courseware/mktg_course_about.html

@@ -8,7 +8,11 @@
 
 <%inherit file="../mktg_iframe.html" />
 
+<<<<<<< HEAD
 <%block name="title"><title>${_("About {course_number}").format(course_number=course.display_number_with_default)}</title></%block>
+=======
+<%block name="title"><title>About ${course.display_number_with_default | h}</title></%block>
+>>>>>>> add escaping
 
 <%block name="bodyclass">view-partial-mktgregister</%block>
 
@@ -52,7 +56,11 @@
             <div class="action is-registered">${_("You Are Registered")}</div>
           %endif
         %elif allow_registration:
+<<<<<<< HEAD
           <a class="action action-register register" href="#">${_("Register for")} <strong>${course.display_number_with_default}</strong></a>
+=======
+          <a class="action action-register register" href="#">Register for <strong>${course.display_number_with_default | h}</strong></a>
+>>>>>>> add escaping
         %else:
           <div class="action registration-closed is-disabled">${_("Registration Is Closed")}</div>
         %endif

lms/templates/courseware/progress.html

@@ -8,7 +8,11 @@
 
 <%namespace name="progress_graph" file="/courseware/progress_graph.js"/>
 
+<<<<<<< HEAD
 <%block name="title"><title>${_("{course_number} Progress").format(course_number=course.display_number_with_default)}</title></%block>
+=======
+<%block name="title"><title>${course.display_number_with_default | h} Progress</title></%block>
+>>>>>>> add escaping
 
 <%!
     from django.core.urlresolvers import reverse

lms/templates/courseware/static_tab.html

@@ -6,7 +6,7 @@
   <%static:css group='course'/>
 </%block>
 
-<%block name="title"><title>${course.display_number_with_default} ${tab['name']}</title></%block>
+<%block name="title"><title>${course.display_number_with_default | h} ${tab['name']}</title></%block>
 
 <%include file="/courseware/course_navigation.html" args="active_page='static_tab_{0}'.format(tab['url_slug'])" />
 

lms/templates/courseware/syllabus.html

@@ -6,7 +6,11 @@
   <%static:css group='course'/>
 </%block>
 
+<<<<<<< HEAD
 <%block name="title"><title>${_("{course.display_number_with_default} Course Info").format(course=course)}</title></%block>
+=======
+<%block name="title"><title>${course.display_number_with_default | h} Course Info</title></%block>
+>>>>>>> add escaping
 
 <%include file="/courseware/course_navigation.html" args="active_page='syllabus'" />
 <%!

lms/templates/dashboard.html

@@ -140,6 +140,7 @@
 
           % if course.id in show_courseware_links_for:
             <a href="${course_target}" class="cover">
+<<<<<<< HEAD
 <<<<<<< HEAD
               <img src="${course_image_url(course)}" alt="${_('{course_number} {course_name} Cover Image').format(course_number='${course.number}', course_name='${course.display_name_with_default}')}" />
             </a>
@@ -153,6 +154,13 @@
             <div class="cover">
               <img src="${course_image_url(course)}" alt="${course.display_number_with_default} ${course.display_name_with_default} Cover Image" />
 >>>>>>> add display_coursenumber and display_organization fields on the CourseModule, with some property accessors. Update LMS/CMS pages to use those display strings as appropraite.
+=======
+              <img src="${course_image_url(course)}" alt="${course.display_number_with_default | h} ${course.display_name_with_default} Cover Image" />
+            </a>
+          % else:
+            <div class="cover">
+              <img src="${course_image_url(course)}" alt="${course.display_number_with_default | h} ${course.display_name_with_default} Cover Image" />
+>>>>>>> add escaping
             </div>
           % endif
 
@@ -170,9 +178,9 @@
               <h2 class="university">${get_course_about_section(course, 'university')}</h2>
               <h3>
                 % if course.id in show_courseware_links_for:
-                  <a href="${course_target}">${course.display_number_with_default} ${course.display_name_with_default}</a>
+                  <a href="${course_target}">${course.display_number_with_default | h} ${course.display_name_with_default}</a>
                 % else:
-                  <span>${course.display_number_with_default} ${course.display_name_with_default}</span>
+                  <span>${course.display_number_with_default | h} ${course.display_name_with_default}</span>
                 % endif
               </h3>
             </hgroup>
@@ -205,6 +213,7 @@
                     % endif
                     % if  registration.is_rejected:
                 <div class="message message-status is-shown exam-schedule">
+<<<<<<< HEAD
 <<<<<<< HEAD
                   <p class="message-copy">
                     <strong>${_("Your registration for the Pearson exam has been rejected. Please {link_start}see your registration status details{link_end}.").format(
@@ -218,6 +227,9 @@
 =======
                   <p class="message-copy"><strong>Your registration for the Pearson exam has been rejected. Please <a href="${testcenter_register_target}" id="exam_register_link">see your registration status details</a></strong>. Otherwise <a class="contact-link" href="mailto:exam-help@edx.org?subject=Pearson VUE Exam - ${get_course_about_section(course, 'university')} ${course.display_number_with_default}">contact edX at exam-help@edx.org</a> for further help.</p>
 >>>>>>> add display_coursenumber and display_organization fields on the CourseModule, with some property accessors. Update LMS/CMS pages to use those display strings as appropraite.
+=======
+                  <p class="message-copy"><strong>Your registration for the Pearson exam has been rejected. Please <a href="${testcenter_register_target}" id="exam_register_link">see your registration status details</a></strong>. Otherwise <a class="contact-link" href="mailto:exam-help@edx.org?subject=Pearson VUE Exam - ${get_course_about_section(course, 'university')} ${course.display_number_with_default | h}">contact edX at exam-help@edx.org</a> for further help.</p>
+>>>>>>> add escaping
                 </div>
                     % endif
                    	% if not registration.is_accepted and not registration.is_rejected:

lms/templates/discussion/single_thread.html

@@ -7,7 +7,11 @@
 <%inherit file="../main.html" />
 <%namespace name='static' file='../static_content.html'/>
 <%block name="bodyclass">discussion</%block>
+<<<<<<< HEAD
 <%block name="title"><title>${_("Discussion - {course_number}").format(course_number=course.display_number_with_default) | h}</title></%block>
+=======
+<%block name="title"><title>Discussion – ${course.display_number_with_default | h}</title></%block>
+>>>>>>> add escaping
 
 <%block name="headextra">
 <%static:css group='course'/>

lms/templates/instructor/staff_grading.html

@@ -7,7 +7,11 @@
   <%static:css group='course'/>
 </%block>
 
+<<<<<<< HEAD
 <%block name="title"><title>${_("{course_number} Staff Grading").format(course_number=course.display_number_with_default)}</title></%block>
+=======
+<%block name="title"><title>${course.display_number_with_default | h} Staff Grading</title></%block>
+>>>>>>> add escaping
 
 <%include file="/courseware/course_navigation.html" args="active_page='staff_grading'" />
 

lms/templates/navigation.html

@@ -50,7 +50,7 @@ site_status_msg = get_site_status_msg(course_id)
   </h1>
 
     % if course:
-      <h2><span class="provider">${course.display_org_with_default}:</span> ${course.display_number_with_default} ${course.display_name_with_default}</h2>
+      <h2><span class="provider">${course.display_org_with_default | h}:</span> ${course.display_number_with_default | h} ${course.display_name_with_default}</h2>
     % endif
 
     % if user.is_authenticated():

lms/templates/open_ended_problems/combined_notifications.html

@@ -7,7 +7,11 @@
 <%static:css group='course'/>
 </%block>
 
+<<<<<<< HEAD
 <%block name="title"><title>${_("{course_number} Combined Notifications").format(course_number=course.display_number_with_default)}</title></%block>
+=======
+<%block name="title"><title>${course.display_number_with_default | h} Combined Notifications</title></%block>
+>>>>>>> add escaping
 
 <%include file="/courseware/course_navigation.html" args="active_page='open_ended'" />
 

lms/templates/open_ended_problems/open_ended_flagged_problems.html

@@ -7,7 +7,11 @@
 <%static:css group='course'/>
 </%block>
 
+<<<<<<< HEAD
 <%block name="title"><title>${_("{course_number} Flagged Open Ended Problems").format(course_number=course.display_number_with_default)}</title></%block>
+=======
+<%block name="title"><title>${course.display_number_with_default | h} Flagged Open Ended Problems</title></%block>
+>>>>>>> add escaping
 
 <%include file="/courseware/course_navigation.html" args="active_page='open_ended_flagged_problems'" />
 

lms/templates/open_ended_problems/open_ended_problems.html

@@ -7,7 +7,11 @@
 <%static:css group='course'/>
 </%block>
 
+<<<<<<< HEAD
 <%block name="title"><title>${_("{course_number} Open Ended Problems").format(course_number=course.display_number_with_default)}</title></%block>
+=======
+<%block name="title"><title>${course.display_number_with_default | h} Open Ended Problems</title></%block>
+>>>>>>> add escaping
 
 <%include file="/courseware/course_navigation.html" args="active_page='open_ended_problems'" />
 

lms/templates/static_htmlbook.html

@@ -2,8 +2,12 @@
 
 <%inherit file="main.html" />
 <%namespace name='static' file='static_content.html'/>
+<<<<<<< HEAD
 <%block name="title"><title>${_('{course_number} Textbook').format(course_number=course.display_number_with_default)}</title>
 
+=======
+<%block name="title"><title>${course.display_number_with_default | h} Textbook</title>
+>>>>>>> add escaping
 </%block>
 
 <%block name="headextra">

lms/templates/static_pdfbook.html

@@ -3,10 +3,16 @@
 <%inherit file="main.html" />
 <%namespace name='static' file='static_content.html'/>
 <%block name="title">
+<<<<<<< HEAD
 <meta charset="utf-8">
 <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
 <title>${_('{course_number} Textbook').format(course_number=course.display_number_with_default)}</title>
 
+=======
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
+    <title>${course.display_number_with_default | h} Textbook</title>
+>>>>>>> add escaping
 </%block>
 
 <%block name="headextra">

lms/templates/staticbook.html

@@ -2,7 +2,11 @@
 
 <%inherit file="main.html" />
 <%namespace name='static' file='static_content.html'/>
+<<<<<<< HEAD
 <%block name="title"><title>${_("{course_number} Textbook").format(course_number=course.display_number_with_default)}</title></%block>
+=======
+<%block name="title"><title>${course.display_number_with_default | h} Textbook</title></%block>
+>>>>>>> add escaping
 
 <%block name="headextra">
 <%static:css group='course'/>