Skip to content

Commit

Permalink
Merge pull request #184 from edx/security-fix/fix-xss-tos
Browse files Browse the repository at this point in the history
Fix XSS while prepending html
  • Loading branch information
uzairr authored Jul 30, 2020
2 parents bad3b29 + 71b5ef4 commit 4cf3c00
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions themes/stanford-style/lms/templates/static_templates/tos.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
## mako
<%page expression_filter="h"/>
<%!
from django.utils.translation import ugettext as _
%>
Expand Down Expand Up @@ -27,6 +28,7 @@ <h2 id="copyright">${_('Copyright')}</h2>
<script>
$(document).ready(function() {
var print_tos = '<input type="button" value="Print Terms of Service" class="print">';
// xss-lint: disable=javascript-jquery-prepend, javascript-jquery-append
$('#content section.tos').prepend(print_tos).append(print_tos);
$('#content section.tos input.print').click(function() {
window.print();
Expand Down

0 comments on commit 4cf3c00

Please sign in to comment.