Skip to content

E
edx-platform
Commit 7922dcbb by Calen Pennington
Options

XSS escape cms/templates/js/asset.underscore

parent 485c5428
Showing with 11 additions and 11 deletions
cms/templates/js/asset.underscore
<td class="thumb-col"> <td class="thumb-col">
<div class="thumb"> <div class="thumb">
<% if (thumbnail !== '') { %> <% if (thumbnail !== '') { %>
<img src="<%= thumbnail %>" alt="<%= gettext('No description available') %>"> <img src="<%- thumbnail %>" alt="<%- gettext('No description available') %>">
<% } %> <% } %>
</div> </div>
</td> </td>
<td class="name-col"> <td class="name-col">
<span class="title"><a data-tooltip="<%= gettext('Open/download this file') %>" href="<%= url %>" class="filename"><%= display_name %></a></span> <span class="title"><a data-tooltip="<%- gettext('Open/download this file') %>" href="<%- url %>" class="filename"><%- display_name %></a></span>
<div class="embeddable-xml"></div> <div class="embeddable-xml"></div>
</td> </td>
<td class="type-col"> <td class="type-col">
<%= asset_type %> <%- asset_type %>
</td> </td>
<td class="date-col"> <td class="date-col">
<%= date_added %> <%- date_added %>
</td> </td>
<td class="embed-col"> <td class="embed-col">
<ul> <ul>
<li class="embed-url"> <li class="embed-url">
<label> <label>
<span class="label"><%= gettext('Studio:') %></span> <span class="label"><%- gettext('Studio:') %></span>
<input type="text" class="embeddable-xml-input" value="<%= portable_url %>" readonly> <input type="text" class="embeddable-xml-input" value="<%- portable_url %>" readonly>
</label> </label>
</li> </li>
<li class="external-url"> <li class="external-url">
<label> <label>
<span class="label"><%= gettext('Web:') %></span> <span class="label"><%- gettext('Web:') %></span>
<input type="text" class="embeddable-xml-input" value="<%= external_url %>" readonly> <input type="text" class="embeddable-xml-input" value="<%- external_url %>" readonly>
</label> </label>
</li> </li>
</ul> </ul>
...@@ -36,11 +36,11 @@ ...@@ -36,11 +36,11 @@
<td class="actions-col"> <td class="actions-col">
<ul class="actions-list"> <ul class="actions-list">
<li class="action-item action-delete"> <li class="action-item action-delete">
<a href="#" data-tooltip="<%= gettext('Delete this asset') %>" class="remove-asset-button action-button"><i class="icon fa fa-times-circle" aria-hidden="true"></i> <span class="sr"><%= gettext('Delete this asset') %></span></a> <a href="#" data-tooltip="<%- gettext('Delete this asset') %>" class="remove-asset-button action-button"><i class="icon fa fa-times-circle" aria-hidden="true"></i> <span class="sr"><%- gettext('Delete this asset') %></span></a>
</li> </li>
<li class="action-item action-lock"> <li class="action-item action-lock">
<label for="<%= uniqueId %>"><span class="sr"><%= gettext('Lock this asset') %></span></label> <label for="<%- uniqueId %>"><span class="sr"><%- gettext('Lock this asset') %></span></label>
<input type="checkbox" id="<%= uniqueId %>" class="lock-checkbox" data-tooltip="<%= gettext('Lock/unlock file') %>" /> <input type="checkbox" id="<%- uniqueId %>" class="lock-checkbox" data-tooltip="<%- gettext('Lock/unlock file') %>" />
<div class="action-button"><i class="icon fa fa-lock"></i><i class="icon fa fa-unlock-alt" aria-hidden="true"></i></div> <div class="action-button"><i class="icon fa fa-lock"></i><i class="icon fa fa-unlock-alt" aria-hidden="true"></i></div>
</li> </li>
</ul> </ul>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment