Fix xss in transcript upload template

PROD-2014
2020-08-21 13:00:30 +05:00
parent 103a4f20a6
commit ef014f5d7f
1 changed files with 7 additions and 7 deletions
--- a/cms/templates/js/video/transcripts/messages/transcripts-uploaded.underscore
+++ b/cms/templates/js/video/transcripts/messages/transcripts-uploaded.underscore
@@ -1,16 +1,16 @@
-<div class="transcripts-message-status"><span class="icon fa fa-check" aria-hidden="true"></span><%= gettext("Timed Transcript Uploaded Successfully") %></div>
+<div class="transcripts-message-status"><span class="icon fa fa-check" aria-hidden="true"></span><%- gettext("Timed Transcript Uploaded Successfully") %></div>
 <p class="transcripts-message">
-<%= gettext("EdX has a timed transcript for this video. If you want to replace this transcript, upload a new .srt transcript file. If you want to edit this transcript, you can download, edit, and re-upload the existing transcript.") %>
+<%- gettext("EdX has a timed transcript for this video. If you want to replace this transcript, upload a new .srt transcript file. If you want to edit this transcript, you can download, edit, and re-upload the existing transcript.") %>
 </p>
 <div class="transcripts-file-uploader"></div>
 <p class="transcripts-error-message is-invisible">
-<%= gettext("Error.") %>
+<%- gettext("Error.") %>
 </p>
 <div class="wrapper-transcripts-buttons">
-    <button class="action setting-upload" type="button" name="setting-upload" value="<%= gettext("Upload New Transcript") %>" data-tooltip="<%= gettext("Upload New Transcript") %>">
-        <span><%= gettext("Upload New Transcript") %></span>
+    <button class="action setting-upload" type="button" name="setting-upload" value="<%- gettext("Upload New Transcript") %>" data-tooltip="<%- gettext("Upload New Transcript") %>">
+        <span><%- gettext("Upload New Transcript") %></span>
    </button>
-    <a class="action setting-download" href="/transcripts/download?locator=<%= component_locator %>" data-tooltip="<%= gettext("Download Transcript for Editing") %>">
-        <span><%= gettext("Download Transcript for Editing") %></span>
+    <a class="action setting-download" href="/transcripts/download?locator=<%- component_locator %>" data-tooltip="<%- gettext("Download Transcript for Editing") %>">
+        <span><%- gettext("Download Transcript for Editing") %></span>
    </a>
 </div>