Merge pull request #193 from edx/aehsan/fixed_xss_linter_violations

Fixed xss linter violations

Merge pull request #193 from edx/aehsan/fixed_xss_linter_violations
fa71eecc · adeelehsan · GitHub · 6802b741 · c8e0a28b · fa71eecc
Unverified Commit fa71eecc authored 4 years ago by adeelehsan Committed by GitHub 4 years ago
--- a/lms/djangoapps/support/static/support/js/views/enrollment_modal.js
+++ b/lms/djangoapps/support/static/support/js/views/enrollment_modal.js
@@ -21,6 +21,7 @@
            },

            render: function() {
+                // xss-lint: disable=javascript-jquery-html
                this.$el.html(_.template(this.template)({
                    enrollment: this.enrollment,
                    modes: this.modes,

--- a/lms/djangoapps/support/static/support/templates/enrollment.underscore
+++ b/lms/djangoapps/support/static/support/templates/enrollment.underscore
@@ -48,8 +48,8 @@
        <td>
          <button
              class="change-enrollment-btn"
-              data-modes="<%= _.pluck(enrollment.get('course_modes'), 'slug')%>"
-              data-course_id="<%= enrollment.get('course_id') %>"
+              data-modes="<%- _.pluck(enrollment.get('course_modes'), 'slug')%>"
+              data-course_id="<%- enrollment.get('course_id') %>"
          >
            <%- gettext('Change Enrollment') %>
          </button>

--- a/lms/templates/api_admin/api_access_request_form.html
+++ b/lms/templates/api_admin/api_access_request_form.html
@@ -16,7 +16,7 @@
    <div class="api-form-container">
      <form action="" method="post" class="api-form">
        <input type="hidden" id="csrf_token" name="csrfmiddlewaretoken" value="${csrf_token}">
-        ${form.as_p() | n}
+        ${form.as_p() | n, decode.utf8}
        <input id="api-access-submit" type="submit" value="${_('Request API Access')}"/>
      </form>
    </div>