fix xss in grading editor template

PROD-2024
2020-08-21 13:19:46 +05:00
parent 1c737b3dd9
commit ffd585cfab
1 changed files with 4 additions and 4 deletions
--- a/cms/templates/js/grading-editor.underscore
+++ b/cms/templates/js/grading-editor.underscore
@@ -1,12 +1,12 @@
-<h3 class="modal-section-title"><%= gettext('Grading') %></h3>
+<h3 class="modal-section-title"><%- gettext('Grading') %></h3>
 <div class="modal-section-content grading-type">
    <ul class="list-fields list-input">
        <li class="field field-grading-type field-select">
-            <label for="grading_type" class="label"><%= gettext('Grade as:') %></label>
+            <label for="grading_type" class="label"><%- gettext('Grade as:') %></label>
            <select class="input" id="grading_type">
-                <option value="notgraded"><%= gettext('Not Graded') %></option>
+                <option value="notgraded"><%- gettext('Not Graded') %></option>
                <% _.each(graderTypes, function(grader) { %>
-                  <option value="<%= grader %>"><%= grader %></option>
+                  <option value="<%- grader %>"><%- grader %></option>
                <% }); %>
            </select>
        </li>