diff --git a/cms/static/js/views/baseview.js b/cms/static/js/views/baseview.js index a09f4a7e68..6263145096 100644 --- a/cms/static/js/views/baseview.js +++ b/cms/static/js/views/baseview.js @@ -44,6 +44,7 @@ define(['jquery', 'underscore', 'backbone', 'gettext', 'js/utils/handle_iframe_b this.options = options; var _this = this; + // xss-lint: disable=javascript-jquery-insertion this.render = _.wrap(this.render, function(render, options) { _this.beforeRender(); render(options); diff --git a/cms/static/js/views/video/transcripts/message_manager.js b/cms/static/js/views/video/transcripts/message_manager.js index 84d673410b..8c645e3a38 100644 --- a/cms/static/js/views/video/transcripts/message_manager.js +++ b/cms/static/js/views/video/transcripts/message_manager.js @@ -74,16 +74,15 @@ function($, Backbone, _, Utils, FileUploader, gettext) { return this; } - template = _.template(tplHtml); + template = edx.HtmlUtils.template(tplHtml); - this.$el.find('.transcripts-status') - .removeClass('is-invisible') - .find(this.elClass).html(template({ - component_locator: encodeURIComponent(this.component_locator), - html5_list: html5List, - grouped_list: groupedList, - subs_id: (params) ? params.subs : '' - })); + edx.HtmlUtils.setHtml( + this.$el.find('.transcripts-status').removeClass('is-invisible').find(this.elClass), template({ + component_locator: encodeURIComponent(this.component_locator), + html5_list: html5List, + grouped_list: groupedList, + subs_id: (params) ? params.subs : '' + })); this.fileUploader.render(); @@ -106,11 +105,7 @@ function($, Backbone, _, Utils, FileUploader, gettext) { if (err) { // Hide any other error messages. this.hideError(); - - $error - .html(gettext(err)) - .removeClass(this.invisibleClass); - + edx.HtmlUtils.setHtml($error, gettext(err)).removeClass(this.invisibleClass); if (hideButtons) { this.$el.find('.wrapper-transcripts-buttons') .addClass(this.invisibleClass);