Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
079f43f40d399cfc0da17039b6dede4e06bda2fb
edx-platform/lms/templates/support/certificates.html
Adeel Khan 298d3554fe Fix templates for XSS code injection via translations 
This would patch all templates (django/mako)
for a possible XSS code injection via
translation files by html escaping them..

LEARNER-4632
2019-06-25 14:22:42 +05:00

30 lines
846 B
HTML
Raw Blame History

<%page expression_filter="h"/>
<%!
from django.urls import reverse
from django.utils.translation import ugettext as _
from openedx.core.djangolib.js_utils import js_escaped_string
%>
<%namespace name='static' file='../static_content.html'/>
<%inherit file="../main.html" />
<%block name="js_extra">
<%static:require_module module_name="support/js/certificates_factory" class_name="CertificatesFactory">
new CertificatesFactory({
userFilter: '${ user_filter | n, js_escaped_string}',
courseFilter: '${course_filter | n, js_escaped_string}'
});
</%static:require_module>
</%block>
<%block name="pagetitle">
${_("Student Support")}
</%block>
<%block name="content">
<section class="container outside-app">
<h1>${_("Student Support: Certificates")}</h1>
<div class="certificates-content"></div>
</section>
</%block>
Reference in New Issue View Git Blame Copy Permalink