From 6887ab1c260501e50e07547bb1a827dc189bd16f Mon Sep 17 00:00:00 2001
From: uzairr <uzairr@yahoo.com>
Date: Fri, 21 Aug 2020 12:36:08 +0500
Subject: [PATCH] Fix xss in course handout template

PROD-2002
---
 cms/templates/js/course_info_handouts.underscore | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/cms/templates/js/course_info_handouts.underscore b/cms/templates/js/course_info_handouts.underscore
index 16d48118da..dfa78587dd 100644
--- a/cms/templates/js/course_info_handouts.underscore
+++ b/cms/templates/js/course_info_handouts.underscore
@@ -1,22 +1,22 @@
-<a href="#" class="edit-button"><span class="edit-icon"></span><%= gettext("Edit") %></a>
+<a href="#" class="edit-button"><span class="edit-icon"></span><%- gettext("Edit") %></a>
 
-<h2 class="title"><%= gettext("Course Handouts") %></h2>
+<h2 class="title"><%- gettext("Course Handouts") %></h2>
 <%if (model.get('data') != null) { %>
   <div class="handouts-content">
 
   </div>
 <% } else {%>
-  <p><%= gettext("You have no handouts defined") %></p>
+  <p><%- gettext("You have no handouts defined") %></p>
 <% } %>
 <form class="edit-handouts-form" style="display: block;">
   <div class="message message-status error" name="handout_html_error" id="handout_error">
-    <%= gettext("There is invalid code in your content. Please check to make sure it is valid HTML.") %>
+    <%- gettext("There is invalid code in your content. Please check to make sure it is valid HTML.") %>
   </div>
   <div class="row">
     <textarea class="handouts-content-editor text-editor"></textarea>
   </div>
   <div class="row">
-    <a href="#" class="save-button"><%= gettext("Save") %></a>
-    <a href="#" class="cancel-button"><%= gettext("Cancel") %></a>
+    <a href="#" class="save-button"><%- gettext("Save") %></a>
+    <a href="#" class="cancel-button"><%- gettext("Cancel") %></a>
   </div>
 </form>