Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #222 from edx/IM/security-fixes-11

Browse Source 
Incident Management Security Fixes 11
This commit is contained in:
Ali Akbar
2021-02-17 01:31:40 +05:00
committed by GitHub
parent 8ae7ae81c5 a2d2c0750b
commit d0d5cd7a1b
5 changed files with 26 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cms/templates/js/metadata-file-uploader-entry.underscore
View File

@@ -1,9 +1,9 @@
<div class="wrapper-comp-setting file-uploader">
<label class="label setting-label"><%= model.get('display_name') %></label>
<input type="hidden" id="<%= uniqueId %>" class="input setting-input" value="<%= model.get("value") %>">
<label class="label setting-label"><%- model.get('display_name') %></label>
<input type="hidden" id="<%- uniqueId %>" class="input setting-input" value="<%- model.get("value") %>">
<div class="wrapper-uploader-actions"></div>
<button class="action setting-clear inactive" type="button" name="setting-clear" value="<%= gettext("Clear") %>" data-tooltip="<%= gettext("Clear") %>">
<span class="icon fa fa-undo" aria-hidden="true"></span><span class="sr">"<%= gettext("Clear Value") %>"</span>
<button class="action setting-clear inactive" type="button" name="setting-clear" value="<%- gettext("Clear") %>" data-tooltip="<%- gettext("Clear") %>">
<span class="icon fa fa-undo" aria-hidden="true"></span><span class="sr">"<%- gettext("Clear Value") %>"</span>
</button>
</div>
<span class="tip setting-help"><%= model.get('help') %></span>
<span class="tip setting-help"><%- model.get('help') %></span>

12
cms/templates/js/metadata-list-entry.underscore
View File

@@ -1,17 +1,17 @@
<div class="wrapper-comp-setting metadata-list-enum">
<label class="label setting-label" for="<%= uniqueId %>"><%= model.get('display_name')%></label>
<div id="<%= uniqueId %>" class="wrapper-list-settings">
<label class="label setting-label" for="<%- uniqueId %>"><%- model.get('display_name')%></label>
<div id="<%- uniqueId %>" class="wrapper-list-settings">
<ol class="list-settings">
</ol>
<a href="#" class="create-action create-setting">
<span class="icon fa fa-plus" aria-hidden="true"></span><%= gettext("Add") %> <span class="sr"><%= model.get('display_name')%></span>
<span class="icon fa fa-plus" aria-hidden="true"></span><%- gettext("Add") %> <span class="sr"><%- model.get('display_name')%></span>
</a>
</div>
<button class="action setting-clear inactive" type="button" name="setting-clear" value="<%= gettext("Clear") %>" data-tooltip="<%= gettext("Clear") %>">
<button class="action setting-clear inactive" type="button" name="setting-clear" value="<%- gettext("Clear") %>" data-tooltip="<%- gettext("Clear") %>">
<span class="icon fa fa-undo" aria-hidden="true"></span>
<span class="sr">"<%= gettext("Clear Value") %>"</span>
<span class="sr">"<%- gettext("Clear Value") %>"</span>
</button>
</div>
<span class="tip setting-help"><%= model.get('help') %></span>
<span class="tip setting-help"><%- model.get('help') %></span>

6
cms/templates/js/video/metadata-translations-entry.underscore
View File

@@ -1,11 +1,11 @@
<div class="wrapper-comp-setting metadata-video-translations">
<label class="label setting-label"><%= model.get('display_name')%></label>
<label class="label setting-label"><%- model.get('display_name')%></label>
<input class="upload-transcript-input is-hidden" type="file" name="file" accept=".srt"/>
<div class="wrapper-translations-settings">
<ol class="list-settings"></ol>
<a href="#" class="create-action create-setting">
<span class="icon fa fa-plus" aria-hidden="true"></span><%= gettext("Add") %> <span class="sr"><%= model.get('display_name')%></span>
<span class="icon fa fa-plus" aria-hidden="true"></span><%- gettext("Add") %> <span class="sr"><%- model.get('display_name')%></span>
</a>
</div>
</div>
<span class="tip setting-help"><%= model.get('help') %></span>
<span class="tip setting-help"><%- model.get('help') %></span>

16
cms/templates/js/video/transcripts/metadata-videolist-entry.underscore
View File

@@ -1,20 +1,20 @@
<div class="wrapper-comp-setting metadata-videolist-enum">
<label class="label setting-label" for="<%= uniqueId %>"><%= model.get('display_name')%></label>
<label class="label setting-label" for="<%- uniqueId %>"><%- model.get('display_name')%></label>
<div class="wrapper-videolist-settings">
<div class="wrapper-videolist-url videolist-settings-item"><input type="text" id="<%= uniqueId %>" class="input videolist-url" value="<%= model.get('value')[0] %>"></div>
<div class="tip videolist-url-tip setting-help"><%= model.get('help') %></div>
<div class="wrapper-videolist-url videolist-settings-item"><input type="text" id="<%- uniqueId %>" class="input videolist-url" value="<%- model.get('value')[0] %>"></div>
<div class="tip videolist-url-tip setting-help"><%- model.get('help') %></div>
<div class="wrapper-videolist-urls">
<a href="#" class="collapse-action collapse-setting">
<span class="icon fa fa-plus" aria-hidden="true"></span><%= gettext("Add URLs for additional versions") %> <span class="sr"><%= model.get('display_name')%></span>
<span class="icon fa fa-plus" aria-hidden="true"></span><%- gettext("Add URLs for additional versions") %> <span class="sr"><%- model.get('display_name')%></span>
</a>
<div class="videolist-extra-videos">
<span class="tip videolist-extra-videos-tip setting-help"><%= gettext("To be sure all students can access the video, we recommend providing both an .mp4 and a .webm version of your video. Click below to add a URL for another version. These URLs cannot be YouTube URLs. The first listed video that's compatible with the student's computer will play.") %></span>
<span class="tip videolist-extra-videos-tip setting-help"><%- gettext("To be sure all students can access the video, we recommend providing both an .mp4 and a .webm version of your video. Click below to add a URL for another version. These URLs cannot be YouTube URLs. The first listed video that's compatible with the student's computer will play.") %></span>
<ol class="videolist-settings">
<li class="videolist-settings-item">
<input type="text" class="input" value="<%= model.get('value')[1] %>">
<input type="text" class="input" value="<%- model.get('value')[1] %>">
</li>
<li class="videolist-settings-item">
<input type="text" class="input" value="<%= model.get('value')[2] %>">
<input type="text" class="input" value="<%- model.get('value')[2] %>">
</li>
</ol>
</div>
@@ -22,6 +22,6 @@
</div>
</div>
<div class="transcripts-status is-invisible">
<label class="label setting-label transcripts-label"><%= gettext("Default Timed Transcript") %></label>
<label class="label setting-label transcripts-label"><%- gettext("Default Timed Transcript") %></label>
<div class="wrapper-transcripts-message"></div>
</div>

8
cms/templates/js/xblock-string-field-editor.underscore
View File

@@ -7,10 +7,10 @@
<div class="xblock-string-field-editor incontext-editor-form">
<form>
<% var formLabel = gettext("Edit %(display_name)s (required)"); %>
<label><span class="sr"><%= interpolate(formLabel, {display_name: fieldDisplayName}, true) %></span>
<input type="text" value="<%= value %>" class="xblock-field-input incontext-editor-input" data-metadata-name="<%= fieldName %>">
<label><span class="sr"><%= interpolate(formLabel, {display_name: fieldDisplayName}, true) %></span> <% // xss-lint: disable=underscore-not-escaped %>
<input type="text" value="<%= value %>" class="xblock-field-input incontext-editor-input" data-metadata-name="<%- fieldName %>"> <% // xss-lint: disable=underscore-not-escaped %>
</label>
<button class="sr action action-primary" name="submit" type="submit"><%= gettext("Save") %></button>
<button class="sr action action-secondary" name="cancel" type="button"><%= gettext("Cancel") %></button>
<button class="sr action action-primary" name="submit" type="submit"><%- gettext("Save") %></button>
<button class="sr action action-secondary" name="cancel" type="button"><%- gettext("Cancel") %></button>
</form>
</div>