From 1e2ed05bed4c6ae6dce43385aec304915242de88 Mon Sep 17 00:00:00 2001
From: Jakob Ackermann <jakob.ackermann@overleaf.com>
Date: Wed, 17 Mar 2021 14:29:56 +0100
Subject: [PATCH] Merge pull request #3760 from overleaf/jpa-xss-5

[views] mitigate Angular XSS on new project from template POST gateway

GitOrigin-RevId: a19de060cad0baf2822d1b6df419bbe1a2361ea4
---
 services/web/app/views/project/editor/new_from_template.pug | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/web/app/views/project/editor/new_from_template.pug b/services/web/app/views/project/editor/new_from_template.pug
index dcfa382538..041cce4e68 100644
--- a/services/web/app/views/project/editor/new_from_template.pug
+++ b/services/web/app/views/project/editor/new_from_template.pug
@@ -13,7 +13,7 @@ block content
         span.loading-screen-ellip .
         span.loading-screen-ellip .
 
-  form(id='create_form' method='POST' action='/project/new/template/')
+  form(id='create_form' method='POST' action='/project/new/template/' ng-non-bindable)
     input(type="hidden", name="_csrf", value=csrfToken)
     input(type="hidden" name="templateId" value=templateId)
     input(type="hidden" name="templateVersionId" value=templateVersionId)