Fix XSS while prepending html

open-craft · Aug 7, 2020 · 072076a · 072076a
1 parent 6143852
commit 072076a
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/themes/stanford-style/lms/templates/static_templates/tos.html b/themes/stanford-style/lms/templates/static_templates/tos.html
@@ -1,4 +1,5 @@
 ## mako
+<%page expression_filter="h"/>
 <%!
   from django.utils.translation import ugettext as _
 %>
@@ -27,6 +28,7 @@ <h2 id="copyright">${_('Copyright')}</h2>
 <script>
     $(document).ready(function() {
         var print_tos = '<input type="button" value="Print Terms of Service" class="print">';
+        // xss-lint: disable=javascript-jquery-prepend, javascript-jquery-append
         $('#content section.tos').prepend(print_tos).append(print_tos);
         $('#content section.tos input.print').click(function() {
             window.print();