From ef014f5d7f05b1a746f7bb518cf3d7a61f8950f5 Mon Sep 17 00:00:00 2001
From: uzairr <uzairr@yahoo.com>
Date: Fri, 21 Aug 2020 13:00:30 +0500
Subject: [PATCH] Fix xss in transcript upload template

PROD-2014
---
 .../messages/transcripts-uploaded.underscore       | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/cms/templates/js/video/transcripts/messages/transcripts-uploaded.underscore b/cms/templates/js/video/transcripts/messages/transcripts-uploaded.underscore
index 4740d280e5..5f93f1d28c 100644
--- a/cms/templates/js/video/transcripts/messages/transcripts-uploaded.underscore
+++ b/cms/templates/js/video/transcripts/messages/transcripts-uploaded.underscore
@@ -1,16 +1,16 @@
-<div class="transcripts-message-status"><span class="icon fa fa-check" aria-hidden="true"></span><%= gettext("Timed Transcript Uploaded Successfully") %></div>
+<div class="transcripts-message-status"><span class="icon fa fa-check" aria-hidden="true"></span><%- gettext("Timed Transcript Uploaded Successfully") %></div>
 <p class="transcripts-message">
-<%= gettext("EdX has a timed transcript for this video. If you want to replace this transcript, upload a new .srt transcript file. If you want to edit this transcript, you can download, edit, and re-upload the existing transcript.") %>
+<%- gettext("EdX has a timed transcript for this video. If you want to replace this transcript, upload a new .srt transcript file. If you want to edit this transcript, you can download, edit, and re-upload the existing transcript.") %>
 </p>
 <div class="transcripts-file-uploader"></div>
 <p class="transcripts-error-message is-invisible">
-<%= gettext("Error.") %>
+<%- gettext("Error.") %>
 </p>
 <div class="wrapper-transcripts-buttons">
-    <button class="action setting-upload" type="button" name="setting-upload" value="<%= gettext("Upload New Transcript") %>" data-tooltip="<%= gettext("Upload New Transcript") %>">
-        <span><%= gettext("Upload New Transcript") %></span>
+    <button class="action setting-upload" type="button" name="setting-upload" value="<%- gettext("Upload New Transcript") %>" data-tooltip="<%- gettext("Upload New Transcript") %>">
+        <span><%- gettext("Upload New Transcript") %></span>
     </button>
-    <a class="action setting-download" href="/transcripts/download?locator=<%= component_locator %>" data-tooltip="<%= gettext("Download Transcript for Editing") %>">
-        <span><%= gettext("Download Transcript for Editing") %></span>
+    <a class="action setting-download" href="/transcripts/download?locator=<%- component_locator %>" data-tooltip="<%- gettext("Download Transcript for Editing") %>">
+        <span><%- gettext("Download Transcript for Editing") %></span>
     </a>
 </div>