diff --git a/pybossa/view/admin.py b/pybossa/view/admin.py
index 63c14db52b..51af96c84b 100644
--- a/pybossa/view/admin.py
+++ b/pybossa/view/admin.py
@@ -26,6 +26,7 @@
from flask import url_for
from flask import current_app
from flask import Response
+from flask import Markup
from flask.ext.login import login_required, current_user
from flask.ext.babel import gettext
from flask_wtf.csrf import generate_csrf
@@ -137,8 +138,10 @@ def users(user_id=None):
if user.id != current_user.id]
[ensure_authorized_to('update', found_user) for found_user in found]
if not found:
- flash("Ooops! We didn't find a user "
- "matching your query: %s" % form.user.data)
+ markup = Markup('{} {} {}')
+ flash(markup.format(gettext("Ooops!"),
+ gettext("We didn't find a user matching your query:"),
+ form.user.data))
response = dict(template='/admin/users.html', found=found, users=users,
title=gettext("Manage Admin Users"),
form=form)
@@ -420,7 +423,8 @@ def respond():
announcement_repo.save(announcement)
msg_1 = gettext('Annnouncement created!')
- flash(' ' + msg_1, 'success')
+ markup = Markup(' {}')
+ flash(markup.format(msg_1), 'success')
return redirect_content_type(url_for('admin.announcement'))
@@ -458,7 +462,8 @@ def respond():
announcement_repo.update(announcement)
msg_1 = gettext('Announcement updated!')
- flash(' ' + msg_1, 'success')
+ markup = ' {}'
+ flash(markup.format(msg_1), 'success')
return redirect_content_type(url_for('admin.announcement'))
@@ -473,7 +478,9 @@ def delete_announcement(id):
ensure_authorized_to('delete', announcement)
announcement_repo.delete(announcement)
- flash(' ' + 'Announcement deleted!', 'success')
+ msg_1 = gettext('Announcement deleted!')
+ markup = ' {}'
+ flash(markup.format(msg_1), 'success')
return redirect_content_type(url_for('admin.announcement'))
diff --git a/pybossa/view/projects.py b/pybossa/view/projects.py
index 7300ebb397..3eee5150d3 100644
--- a/pybossa/view/projects.py
+++ b/pybossa/view/projects.py
@@ -26,6 +26,7 @@
from flask import Blueprint, request, url_for, flash, redirect, abort, Response, current_app
from flask import render_template, make_response, session
+from flask import Markup
from flask.ext.login import login_required, current_user
from flask.ext.babel import gettext
from flask_wtf.csrf import generate_csrf
@@ -271,13 +272,14 @@ def _description_from_long_description():
project_repo.save(project)
msg_1 = gettext('Project created!')
- flash(' ' + msg_1, 'success')
- flash(' ' +
- gettext('You can check the ') +
- '' +
- gettext('Guide and Documentation') +
- ' ' +
- gettext('for adding tasks, a thumbnail, using PYBOSSA.JS, etc.'),
+ flash(Markup(' {}').format(msg_1), 'success')
+ markup = Markup(' {} ' +
+ ' {}' +
+ ' {}')
+ flash(markup.format(
+ gettext('You can check the '),
+ gettext('Guide and Documentation'),
+ gettext('for adding tasks, a thumbnail, using PYBOSSA.JS, etc.')),
'success')
auditlogger.add_log_entry(None, project, current_user)
@@ -308,7 +310,8 @@ def task_presenter_editor(short_name):
auditlogger.add_log_entry(old_project, db_project, current_user)
project_repo.update(db_project)
msg_1 = gettext('Task presenter added!')
- flash(' ' + msg_1, 'success')
+ markup = Markup(' {}')
+ flash(markup.format(msg_1), 'success')
return redirect_content_type(url_for('.tasks',
short_name=project.short_name))
@@ -330,7 +333,7 @@ def task_presenter_editor(short_name):
url = ' %s' % (url_for('project.import_task',
short_name=project.short_name), msg_2)
msg = msg_1 + url + msg_3
- flash(msg, 'info')
+ flash(Markup(msg), 'info')
wrap = lambda i: "projects/presenters/%s.html" % i
pres_tmpls = map(wrap, current_app.config.get('PRESENTERS'))
@@ -361,7 +364,7 @@ def task_presenter_editor(short_name):
msg = 'Your code will be automagically rendered in \
the preview section. Click in the \
preview button!'
- flash(gettext(msg), 'info')
+ flash(Markup(gettext(msg)), 'info')
project_sanitized, owner_sanitized = sanitize_project_owner(project,
owner,
current_user,
@@ -772,7 +775,7 @@ def task_presenter(short_name, task_id):
msg = ("Oops! You have to sign in to participate in "
"%s"
"project" % project.name)
- flash(gettext(msg), 'warning')
+ flash(Markup(gettext(msg)), 'warning')
return redirect(url_for('account.signin',
next=url_for('.presenter',
short_name=project.short_name)))
@@ -781,10 +784,12 @@ def task_presenter(short_name, task_id):
"Ooops! You are an anonymous user and will not "
"get any credit"
" for your contributions.")
+ msg_2 = gettext('Sign in now!')
next_url = url_for('project.task_presenter',
short_name=short_name, task_id=task_id)
url = url_for('account.signin', next=next_url)
- flash(msg_1 + "Sign in now!", "warning")
+ markup = Markup('{{}} {{}}'.format(url))
+ flash(markup.format(msg_1, msg_2), "warning")
title = project_title(project, "Contribute")
project_sanitized, owner_sanitized = sanitize_project_owner(project, owner,
@@ -841,7 +846,7 @@ def respond(tmpl):
if not project.allow_anonymous_contributors and current_user.is_anonymous():
msg = "Oops! You have to sign in to participate in %s \
project" % project.name
- flash(gettext(msg), 'warning')
+ flash(Markup(gettext(msg)), 'warning')
return redirect(url_for('account.signin',
next=url_for('.presenter',
short_name=project.short_name)))
@@ -1003,8 +1008,8 @@ def delete_tasks(short_name):
n_volunteers = cached_projects.n_volunteers(project.id)
n_completed_tasks = cached_projects.n_completed_tasks(project.id)
project = add_custom_contrib_button_to(project, get_user_id_or_ip())
- project_sanitized, owner_sanitized = sanitize_project_owner(project,
- owner,
+ project_sanitized, owner_sanitized = sanitize_project_owner(project,
+ owner,
current_user,
ps)
response = dict(template='projects/tasks/delete.html',
@@ -1237,7 +1242,7 @@ def show_stats(short_name):
current_user,
ps)
- # Handle JSON project stats depending of output
+ # Handle JSON project stats depending of output
# (needs to be escaped for HTML)
if request.headers.get('Content-Type') == 'application/json':
handle_projectStats = projectStats
@@ -1545,7 +1550,7 @@ def respond():
cached_projects.delete_project(short_name)
msg_1 = gettext('Blog post created!')
- flash(' ' + msg_1, 'success')
+ flash(Markup(' {}').format(msg_1), 'success')
return redirect(url_for('.show_blogposts', short_name=short_name))
@@ -1594,7 +1599,7 @@ def respond():
cached_projects.delete_project(short_name)
msg_1 = gettext('Blog post updated!')
- flash(' ' + msg_1, 'success')
+ flash(Markup(' {}').format(msg_1), 'success')
return redirect(url_for('.show_blogposts', short_name=short_name))
@@ -1610,7 +1615,8 @@ def delete_blogpost(short_name, id):
ensure_authorized_to('delete', blogpost)
blog_repo.delete(blogpost)
cached_projects.delete_project(short_name)
- flash(' ' + 'Blog post deleted!', 'success')
+ msg_1 = gettext('Blog post deleted!')
+ flash(Markup(' {}').format(msg_1), 'success')
return redirect(url_for('.show_blogposts', short_name=short_name))
diff --git a/test/test_admin.py b/test/test_admin.py
index 1e4bd684fc..3c0d18adb4 100644
--- a/test/test_admin.py
+++ b/test/test_admin.py
@@ -414,7 +414,7 @@ def test_12_admin_user_search_json(self):
# warning should be issued for non-found users
data = {'user': 'nothingexists'}
res = self.app_post_json('/admin/users', data=data)
- warning = ("We didn't find")
+ warning = ("We didn't find")
err_msg = "a flash message should be returned for non-found users"
dat = json.loads(res.data)
assert warning in dat.get('flash'), (err_msg, dat)
diff --git a/test/test_web.py b/test/test_web.py
index d5460da1c8..954da614e7 100644
--- a/test/test_web.py
+++ b/test/test_web.py
@@ -4442,7 +4442,7 @@ def test_export_task_csv_ignore_keys(self):
# Now with a real project
project = ProjectFactory.create()
self.clear_temp_container(project.owner_id)
-
+
TaskFactory.create_batch(5, project=project, info={'question': 'qu',
'geojson':
'complexjson'})
@@ -5977,7 +5977,7 @@ def test_69_allow_anonymous_contributors(self):
res = self.app.get(url, follow_redirects=True)
err_msg = "User should be redirected to sign in"
project = db.session.query(Project).first()
- msg = "Oops! You have to sign in to participate in <strong>%s</strong>" % project.name
+ msg = "Oops! You have to sign in to participate in %s" % project.name
assert msg in res.data, err_msg
# As registered user