Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ecdf774e75dbb0f0fe84494de18dfdf946c14552
edx-platform/lms/templates/wiki/create.html
Adeel Khan 298d3554fe Fix templates for XSS code injection via translations 
This would patch all templates (django/mako)
for a possible XSS code injection via
translation files by html escaping them..

LEARNER-4632
2019-06-25 14:22:42 +05:00

51 lines
1.5 KiB
HTML
Raw Blame History

{% extends "wiki/base.html" %}
{% load wiki_tags i18n sekizai_tags %}
{% block pagetitle %}{% trans "Add new article" as tmsg %}{{tmsg|force_escape}}{% endblock %}
{% block wiki_contents %}
{% addtoblock "js" %}
<script type="text/javascript" src="{{ STATIC_URL }}js/vendor/urlify.js "></script>
<script type="text/javascript">
//<![CDATA[
(function($) {
$(document).ready(function (){
$("#id_title").keyup(function () {
var e = $("#id_slug")[0];
if(!e._changed) {
e.value = URLify(this.value, 64);
}
});
});
})(jQuery);
//]]>
</script>
{% endaddtoblock %}
<article class="main-article new-article">
{% include "wiki/includes/editormedia.html" %}
<h1 class="page-header">{% trans "Add new article" as tmsg%}{{tmsg|force_escape}}</h1>
<form method="POST" class="form-horizontal">
{% wiki_form create_form %}
<div class="form-actions">
<button type="submit" name="save_changes" class="btn btn-primary btn-large">
<span class="icon fa fa-plus" aria-hidden="true"></span>
{% trans "Create article" as tmsg%}{{tmsg|force_escape}}
</button>
<a href="{% url 'wiki:get' path=parent_urlpath.path %}" class="btn btn-large back">
<span class="icon fa fa-circle-arrow-left" aria-hidden="true"></span>
{% trans "Go back" as tmsg%}{{tmsg|force_escape}}
</a>
</div>
{% include "wiki/includes/cheatsheet.html" %}
</form>
</article>
{% endblock %}
Reference in New Issue View Git Blame Copy Permalink