adding HTML escapes

4db765db · Tanner Prestegard · Alexander Pace · a83ed3e2 · 4db765db · 4db765db
Commit 4db765db authored 8 years ago by Tanner Prestegard Committed by Alexander Pace 8 years ago
--- a/userprofile/forms.py
+++ b/userprofile/forms.py
 from django import forms
 from django.utils.safestring import mark_safe
 from django.utils.encoding import force_text
+from django.utils.html import conditional_escape
 from django.forms.utils import ErrorList

 from .models import Trigger, Contact
@@ -57,9 +58,11 @@ def process_errors(err):
    out_errs = []
    if isinstance(err,ErrorList):
        for e in err:
-            out_errs.append('<p class="error">{0}</p>'.format(e))
+            out_errs.append('<p class="error">{0}</p>' \
+                .format(conditional_escape(e)))
    elif isinstance(err,str):
-        out_errs.append('<p class="error">{0}</p>'.format(err))
+        out_errs.append('<p class="error">{0}</p>' \
+                .format(conditional_escape(err)))
    else:
        out_errs.append(force_text(err))

@@ -68,8 +71,10 @@ def process_errors(err):
 class ContactForm(forms.ModelForm):
    # Adjust labels.
    desc = forms.CharField(label='Description')
-    call_phone = forms.BooleanField(label='Call', initial=False, required=False)
-    text_phone = forms.BooleanField(label='Text', initial=False, required=False)
+    call_phone = forms.BooleanField(label='Call', initial=False,
+                                    required=False)
+    text_phone = forms.BooleanField(label='Text', initial=False,
+                                    required=False)

    class Meta:
        model = Contact

--- a/userprofile/views.py
+++ b/userprofile/views.py
@@ -144,10 +144,9 @@ def createContact(request):
    # Explanatory HTML block.
    expl = ['<div style="padding: 10px;">',
            '<h4>Instructions:</h4>',
-            '<ul><li>Description is required.</li>',
+            '<ul><li>A description of your contact is required.</li>',
            '<li>Choose a contact method (e-mail, phone, or both).</li>',
-            ('<li>For phone alerts, mark call, text, or both, depending on how'
-             ' you want to receive the alerts.</li>'),
+            ('<li>For phone alerts, choose call, text, or both.</li>'),
            '</ul></div>'
           ]
    expl = mark_safe("\n".join(expl))