Skip to content

Commit

Permalink
Fix XSS vulnerability in the Certificates Support page
Browse files Browse the repository at this point in the history
This has already been patched in the upstream master branch
  • Loading branch information
Guruprasad Lakshmi Narayanan committed Jul 2, 2019
1 parent 040ea63 commit b22d886
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions lms/templates/support/certificates.html
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
<%page expression_filter="h"/>
<%!
from django.urls import reverse
from django.utils.translation import ugettext as _
from openedx.core.djangolib.js_utils import js_escaped_string
%>
<%namespace name='static' file='../static_content.html'/>

Expand All @@ -9,8 +11,8 @@
<%block name="js_extra">
<%static:require_module module_name="support/js/certificates_factory" class_name="CertificatesFactory">
new CertificatesFactory({
userFilter: '${ user_filter }',
courseFilter: '${course_filter}'
userFilter: '${ user_filter | n, js_escaped_string }',
courseFilter: '${ course_filter | n, js_escaped_string }'
});
</%static:require_module>
</%block>
Expand Down

0 comments on commit b22d886

Please sign in to comment.