Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #189 from edx/security-fix/fix-xss-basesite

Browse Source 
Fix xss in base site template
This commit is contained in:
Uzair Rasheed
2020-07-30 10:59:53 +05:00
committed by GitHub
parent 314fae8928 4e94304c8c
commit bad3b29b6c
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cms/templates/admin/base_site.html
View File

@@ -7,13 +7,13 @@
{% block nav-global %}{% endblock %}
{% block userlinks %}
{% if site_url %}
<a href="{{ site_url }}">{% trans 'View site' %}</a> /
<a href="{{ site_url }}">{% trans 'View site' as tmsg%} {{tmsg|force_escape}}</a> /
{% endif %}
{% if user.is_active and user.is_staff %}
{% url 'django-admindocs-docroot' as docsroot %}
{% if docsroot %}
<a href="{{ docsroot }}">{% trans 'Documentation' %}</a> /
<a href="{{ docsroot }}">{% trans 'Documentation' as tmsg %} {{tmsg|force_escape}}</a> /
{% endif %}
{% endif %}
<a href="{% url 'admin:logout' %}">{% trans 'Log out' %}</a>
<a href="{% url 'admin:logout' %}">{% trans 'Log out' as tmsg %} {{tmsg|force_escape}}</a>
{% endblock %}