Skip to content

E
edx-platform
Commit 259b73e1 by christopher lee
Options

XSS fixes 

cms/templates/js/xblock-outline.underscore
parent 17453acb
Showing with 18 additions and 18 deletions
cms/templates/js/xblock-outline.underscore
<% if (parentInfo) { %> <% if (parentInfo) { %>
<li class="outline-item outline-item-<%= xblockType %> <%= includesChildren ? 'is-collapsible' : '' %> is-draggable <%= isCollapsed ? 'is-collapsed' : '' %>" <li class="outline-item outline-item-<%- xblockType %> <%- includesChildren ? 'is-collapsible' : '' %> is-draggable <%- isCollapsed ? 'is-collapsed' : '' %>"
data-parent="<%= parentInfo.get('id') %>" data-locator="<%= xblockInfo.get('id') %>"> data-parent="<%- parentInfo.get('id') %>" data-locator="<%- xblockInfo.get('id') %>">
<span class="draggable-drop-indicator draggable-drop-indicator-before"><span class="icon fa fa-caret-right" aria-hidden="true"></span></span> <span class="draggable-drop-indicator draggable-drop-indicator-before"><span class="icon fa fa-caret-right" aria-hidden="true"></span></span>
<div class="wrapper-xblock-header"> <div class="wrapper-xblock-header">
<div class="wrapper-xblock-header-primary"> <div class="wrapper-xblock-header-primary">
<% if (includesChildren) { %> <% if (includesChildren) { %>
<h3 class="xblock-title expand-collapse <%= isCollapsed ? 'expand' : 'collapse' %>" <h3 class="xblock-title expand-collapse <%- isCollapsed ? 'expand' : 'collapse' %>"
title="<%= interpolate( title="<%- interpolate(
gettext('Collapse/Expand this %(xblock_type)s'), { xblock_type: xblockTypeDisplayName }, true gettext('Collapse/Expand this %(xblock_type)s'), { xblock_type: xblockTypeDisplayName }, true
) %>" ) %>"
> >
...@@ -17,7 +17,7 @@ ...@@ -17,7 +17,7 @@
<% } %> <% } %>
<% if (xblockInfo.get('studio_url') && xblockInfo.get('category') !== 'chapter') { %> <% if (xblockInfo.get('studio_url') && xblockInfo.get('category') !== 'chapter') { %>
<a href="<%= xblockInfo.get('studio_url') %>"><%- xblockInfo.get('display_name') %></a> <a href="<%- xblockInfo.get('studio_url') %>"><%- xblockInfo.get('display_name') %></a>
<% } else { %> <% } else { %>
<span class="wrapper-xblock-field is-editable" data-field="display_name"> <span class="wrapper-xblock-field is-editable" data-field="display_name">
<span class="xblock-field-value"><%- xblockInfo.get('display_name') %></span> <span class="xblock-field-value"><%- xblockInfo.get('display_name') %></span>
...@@ -28,9 +28,9 @@ ...@@ -28,9 +28,9 @@
<div class="item-actions"> <div class="item-actions">
<ul class="actions-list"> <ul class="actions-list">
<li class="action-item action-delete"> <li class="action-item action-delete">
<a href="#" data-tooltip="<%= gettext('Delete') %>" class="delete-button action-button"> <a href="#" data-tooltip="<%- gettext('Delete') %>" class="delete-button action-button">
<span class="icon fa fa-remove" aria-hidden="true"></span> <span class="icon fa fa-remove" aria-hidden="true"></span>
<span class="sr"><%= gettext('Delete') %></span> <span class="sr"><%- gettext('Delete') %></span>
</a> </a>
</li> </li>
</ul> </ul>
...@@ -40,7 +40,7 @@ ...@@ -40,7 +40,7 @@
<% if (xblockInfo.get('release_date')) { %> <% if (xblockInfo.get('release_date')) { %>
<div class="meta-info"> <div class="meta-info">
<span class="icon fa fa-clock-o" aria-hidden="true"></span> <span class="icon fa fa-clock-o" aria-hidden="true"></span>
<%= gettext('Released:') %> <%= xblockInfo.get('release_date') %> <%- gettext('Released:') %> <%- xblockInfo.get('release_date') %>
</div> </div>
<% } %> <% } %>
...@@ -54,30 +54,30 @@ ...@@ -54,30 +54,30 @@
<% } %> <% } %>
<% if (!parentInfo && xblockInfo.get('child_info') && xblockInfo.get('child_info').children.length === 0) { %> <% if (!parentInfo && xblockInfo.get('child_info') && xblockInfo.get('child_info').children.length === 0) { %>
<div class="no-content add-xblock-component"> <div class="no-content add-xblock-component">
<p><%= gettext("You haven't added any content to this course yet.") %> <p><%- gettext("You haven't added any content to this course yet.") %>
<a href="#" class="button button-new" data-category="<%= childCategory %>" <a href="#" class="button button-new" data-category="<%- childCategory %>"
data-parent="<%= xblockInfo.get('id') %>" data-default-name="<%= defaultNewChildName %>" data-parent="<%- xblockInfo.get('id') %>" data-default-name="<%- defaultNewChildName %>"
title="<%= interpolate( title="<%- interpolate(
gettext('Click to add a new %(xblock_type)s'), { xblock_type: defaultNewChildName }, true gettext('Click to add a new %(xblock_type)s'), { xblock_type: defaultNewChildName }, true
) %>" ) %>"
> >
<span class="icon fa fa-plus" aria-hidden="true"></span><%= addChildLabel %> <span class="icon fa fa-plus" aria-hidden="true"></span><%- addChildLabel %>
</a> </a>
</p> </p>
</div> </div>
<% } else { %> <% } else { %>
<ol class="sortable-list sortable-<%= xblockType %>-list"> <ol class="sortable-list sortable-<%- xblockType %>-list">
</ol> </ol>
<% if (childType) { %> <% if (childType) { %>
<div class="add-xblock-component"> <div class="add-xblock-component">
<a href="#" class="button button-new" data-category="<%= childCategory %>" <a href="#" class="button button-new" data-category="<%- childCategory %>"
data-parent="<%= xblockInfo.get('id') %>" data-default-name="<%= defaultNewChildName %>" data-parent="<%- xblockInfo.get('id') %>" data-default-name="<%- defaultNewChildName %>"
title="<%= interpolate( title="<%- interpolate(
gettext('Click to add a new %(xblock_type)s'), { xblock_type: defaultNewChildName }, true gettext('Click to add a new %(xblock_type)s'), { xblock_type: defaultNewChildName }, true
) %>" ) %>"
> >
<span class="icon fa fa-plus" aria-hidden="true"></span><%= addChildLabel %> <span class="icon fa fa-plus" aria-hidden="true"></span><%- addChildLabel %>
</a> </a>
</div> </div>
<% } %> <% } %>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment