Skip to content

Commit

Permalink
Fix xss in edit member template
Browse files Browse the repository at this point in the history
  • Loading branch information
@uzairr
uzairr committed Jul 23, 2020
1 parent bdcb806 commit 6b8f903
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions lms/djangoapps/teams/static/teams/templates/edit-team-member.underscore
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
<li class="team-member">
<a class="member-profile" href="<%= memberProfileUrl %>">
<img class="image-url" src="<%= imageUrl %>" alt="<%= username %>'s profile page" />
<a class="member-profile" href="<%= memberProfileUrl /* xss-lint: disable=underscore-not-escaped */%>">
<img class="image-url" src="<%= imageUrl /* xss-lint: disable=underscore-not-escaped */%>" alt="<%= username /* xss-lint: disable=underscore-not-escaped */%>'s profile page" />
</a>
<div class="member-info-container">
<span class="primary"><%= username %></span>
<span class="primary"><%= username /* xss-lint: disable=underscore-not-escaped */%></span>
<div class="secondary">
<span id="date-joined"><%= dateJoined %></span>
<span id="date-joined"><%= dateJoined /* xss-lint: disable=underscore-not-escaped */%></span>
<span> | </span>
<span id="last-active"><%= lastActive %></span>
<span id="last-active"><%= lastActive /* xss-lint: disable=underscore-not-escaped */%></span>
</div>
</div>
<button class="action-remove-member" data-username="<%= username %>">
<%- gettext("Remove") %><span class="sr">&nbsp;<%= username %></span>
<button class="action-remove-member" data-username="<%= username /* xss-lint: disable=underscore-not-escaped */%>">
<%- gettext("Remove") %><span class="sr">&nbsp;<%= username /* xss-lint: disable=underscore-not-escaped */%></span>
</button>
</li>

0 comments on commit 6b8f903

Please sign in to comment.