Fix xss in course handout template

PROD-2002
2020-08-21 12:36:08 +05:00
parent 0ed780d657
commit 6887ab1c26
1 changed files with 6 additions and 6 deletions
--- a/cms/templates/js/course_info_handouts.underscore
+++ b/cms/templates/js/course_info_handouts.underscore
@@ -1,22 +1,22 @@
-<a href="#" class="edit-button"><span class="edit-icon"></span><%= gettext("Edit") %></a>
+<a href="#" class="edit-button"><span class="edit-icon"></span><%- gettext("Edit") %></a>

-<h2 class="title"><%= gettext("Course Handouts") %></h2>
+<h2 class="title"><%- gettext("Course Handouts") %></h2>
 <%if (model.get('data') != null) { %>
  <div class="handouts-content">

  </div>
 <% } else {%>
-  <p><%= gettext("You have no handouts defined") %></p>
+  <p><%- gettext("You have no handouts defined") %></p>
 <% } %>
 <form class="edit-handouts-form" style="display: block;">
  <div class="message message-status error" name="handout_html_error" id="handout_error">
-    <%= gettext("There is invalid code in your content. Please check to make sure it is valid HTML.") %>
+    <%- gettext("There is invalid code in your content. Please check to make sure it is valid HTML.") %>
  </div>
  <div class="row">
    <textarea class="handouts-content-editor text-editor"></textarea>
  </div>
  <div class="row">
-    <a href="#" class="save-button"><%= gettext("Save") %></a>
-    <a href="#" class="cancel-button"><%= gettext("Cancel") %></a>
+    <a href="#" class="save-button"><%- gettext("Save") %></a>
+    <a href="#" class="cancel-button"><%- gettext("Cancel") %></a>
  </div>
 </form>