Fix template to escape rendered strings

85fc5871 · Brian Jacobel · GitHub · b3674b34 · 85fc5871
Commit 85fc5871 authored Mar 13, 2017 by Brian Jacobel Committed by GitHub Mar 13, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

common/static/common/templates/discussion/forum-actions.underscore
+3 -3

No files found.
--- a/common/static/common/templates/discussion/forum-actions.underscore
+++ b/common/static/common/templates/discussion/forum-actions.underscore
 <% if (!readOnly) { %>
-    <ul class="<%= contentType %>-actions-list">
+    <ul class="<%- contentType %>-actions-list">
        <% _.each(primaryActions, function(action) { print(_.template($('#forum-action-' + action).html())({})) }) %>
        <li class="actions-item is-visible">
            <div class="more-wrapper">
-                <button class="btn-link action-button action-more" aria-label="<%- gettext('More') %>" aria-haspopup="true" aria-controls="action-menu-<%= contentType %>-<%= contentId %>">
+                <button class="btn-link action-button action-more" aria-label="<%- gettext('More') %>" aria-haspopup="true" aria-controls="action-menu-<%- contentType %>-<%- contentId %>">
                    <span class="action-label"><%- gettext('More') %></span>
                    <span class="action-icon"><span class="icon fa fa-ellipsis-h" aria-hidden="true"></span></span>
                </button>
-                <div class="actions-dropdown" id="action-menu-<%= contentType %>-<%= contentId %>" aria-expanded="false">
+                <div class="actions-dropdown" id="action-menu-<%- contentType %>-<%- contentId %>" aria-expanded="false">
                  <ul class="actions-dropdown-list">
                    <% _.each(secondaryActions, function(action) { print(_.template($('#forum-action-' + action).html())({})) }) %>
                  </ul>