From 3687d6aa62deb64a9ff6f99225ed1cf7a9677c11 Mon Sep 17 00:00:00 2001
From: Eric Fischer <efischer@edx.org>
Date: Thu, 30 Nov 2017 11:43:25 -0500
Subject: [PATCH] fix a few xss errors

---
 .../test_sites/test_site/templates/courseware/tabs.html     | 4 ++--
 .../test_site/templates/static_templates/contact.html       | 2 +-
 scripts/xsslint_thresholds.json                             | 6 +++---
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/common/test/test_sites/test_site/templates/courseware/tabs.html b/common/test/test_sites/test_site/templates/courseware/tabs.html
index cdcc96b1ee..2597ca2db9 100644
--- a/common/test/test_sites/test_site/templates/courseware/tabs.html
+++ b/common/test/test_sites/test_site/templates/courseware/tabs.html
@@ -18,8 +18,8 @@ def url_class(is_active):
     tab_class = url_class(tab_is_active)
   %>
   <li>
-  <a href="${tab.link_func(course, reverse) | h}" class="${tab_class}">
-  Test Site Tab: ${_(tab.name) | h}
+  <a href="${tab.link_func(course, reverse)}" class="${tab_class}">
+  Test Site Tab: ${_(tab.name)}
   % if tab_is_active:
       <span class="sr">, current location</span>
   %endif
diff --git a/common/test/test_sites/test_site/templates/static_templates/contact.html b/common/test/test_sites/test_site/templates/static_templates/contact.html
index b5ea1dfa02..a360a2563e 100644
--- a/common/test/test_sites/test_site/templates/static_templates/contact.html
+++ b/common/test/test_sites/test_site/templates/static_templates/contact.html
@@ -22,7 +22,7 @@ from django.core.urlresolvers import reverse
     </div>
     <div class="contacts">
       <h2>${_("Class Feedback")}</h2>
-      <p>${_("We are always seeking feedback to improve our courses. If you are an enrolled student and have any questions, feedback, suggestions, or any other issues specific to a particular class, please post on the discussion forums of that&nbsp;class.")}</p>
+      <p>${_("We are always seeking feedback to improve our courses. If you are an enrolled student and have any questions, feedback, suggestions, or any other issues specific to a particular class, please post on the discussion forums of that class.")}</p>
 
       <h2>${_("General Inquiries and Feedback")}</h2>
       <p>${_('If you have a general question about {platform_name} please email {email}. To see if your question has already been answered, visit our {faq_link_start}FAQ page{faq_link_end}. You can also join the discussion on our {fb_link_start}facebook page{fb_link_end}. Though we may not have a chance to respond to every email, we take all feedback into consideration.').format(
diff --git a/scripts/xsslint_thresholds.json b/scripts/xsslint_thresholds.json
index fd5ff18dc1..7d344841b4 100644
--- a/scripts/xsslint_thresholds.json
+++ b/scripts/xsslint_thresholds.json
@@ -8,7 +8,7 @@
         "javascript-jquery-insert-into-target": 23,
         "javascript-jquery-insertion": 19,
         "javascript-jquery-prepend": 7,
-        "mako-html-entities": 1,
+        "mako-html-entities": 0,
         "mako-invalid-html-filter": 11,
         "mako-invalid-js-filter": 192,
         "mako-js-html-string": 0,
@@ -17,7 +17,7 @@
         "mako-multiple-page-tags": 0,
         "mako-unknown-context": 0,
         "mako-unparseable-expression": 0,
-        "mako-unwanted-html-filter": 2,
+        "mako-unwanted-html-filter": 0,
         "python-close-before-format": 0,
         "python-concat-html": 24,
         "python-custom-escape": 13,
@@ -28,5 +28,5 @@
         "python-wrap-html": 226,
         "underscore-not-escaped": 507
     },
-    "total": 1754
+    "total": 1751
 }