Skip to content

E
edx-platform
Commit 4ffaa883 by Rocky Duan
Options

fix potential <script> tag escape bug

parent 6f7dc671
Showing with 2 additions and 1 deletions
common/lib/xmodule/xmodule/seq_module.py
...@@ -80,7 +80,8 @@ class SequenceModule(XModule): ...@@ -80,7 +80,8 @@ class SequenceModule(XModule):
# Split </script> tags -- browsers handle this as end # Split </script> tags -- browsers handle this as end
# of script, even if it occurs mid-string. Do this after json.dumps()ing # of script, even if it occurs mid-string. Do this after json.dumps()ing
# so that we can be sure of the quotations being used # so that we can be sure of the quotations being used
params = {'items': json.dumps(contents).replace('</script>', '<"+"/script>'), import re
params = {'items': re.sub(r'</(script)', r'\u003c/\1', json.dumps(contents), flags=re.IGNORECASE),
'element_id': self.location.html_id(), 'element_id': self.location.html_id(),
'item_id': self.id, 'item_id': self.id,
'position': self.position, 'position': self.position,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment