Merge pull request #2241 from edx/waheed/ora256-reflected-xss-in-ora-submissions-fix

Fixed allowing for execution of arbitrary Javascript in student response

common/lib/xmodule/xmodule/js/src/combinedopenended/display.coffee

@@ -368,6 +368,7 @@ class @CombinedOpenEnded
       @rub.initialize(@location)
       @child_state = 'assessing'
       @find_assessment_elements()
+      @answer_area.val(response.student_response)
       @rebind()
       answer_area_div = @$(@answer_area_div_sel)
       answer_area_div.html(response.student_response)