Fixed xss linter violations

PROD-1725 PROD-1726 PROD-1617
2020-07-22 16:05:26 +05:00
parent b7fdee226b
commit c8e0a28bab
3 changed files with 4 additions and 3 deletions
--- a/lms/djangoapps/support/static/support/js/views/enrollment_modal.js
+++ b/lms/djangoapps/support/static/support/js/views/enrollment_modal.js
@@ -21,6 +21,7 @@
            },

            render: function() {
+                // xss-lint: disable=javascript-jquery-html
                this.$el.html(_.template(this.template)({
                    enrollment: this.enrollment,
                    modes: this.modes,
--- a/lms/djangoapps/support/static/support/templates/enrollment.underscore
+++ b/lms/djangoapps/support/static/support/templates/enrollment.underscore
@@ -48,8 +48,8 @@
        <td>
          <button
              class="change-enrollment-btn"
-              data-modes="<%= _.pluck(enrollment.get('course_modes'), 'slug')%>"
-              data-course_id="<%= enrollment.get('course_id') %>"
+              data-modes="<%- _.pluck(enrollment.get('course_modes'), 'slug')%>"
+              data-course_id="<%- enrollment.get('course_id') %>"
          >
            <%- gettext('Change Enrollment') %>
          </button>
--- a/lms/templates/api_admin/api_access_request_form.html
+++ b/lms/templates/api_admin/api_access_request_form.html
@@ -16,7 +16,7 @@
    <div class="api-form-container">
      <form action="" method="post" class="api-form">
        <input type="hidden" id="csrf_token" name="csrfmiddlewaretoken" value="${csrf_token}">
-        ${form.as_p() | n}
+        ${form.as_p() | n, decode.utf8}
        <input id="api-access-submit" type="submit" value="${_('Request API Access')}"/>
      </form>
    </div>