be sure to encode the display strings

e41554b2 · Chris Dodge · ebbeeb16 · e41554b2
Commit e41554b2 authored Aug 01, 2013 by Chris Dodge
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletions

lms/djangoapps/course_wiki/views.py
+2 -1

No files found.
--- a/lms/djangoapps/course_wiki/views.py
+++ b/lms/djangoapps/course_wiki/views.py
 import logging
 import re
+import cgi

 from django.conf import settings
 from django.contrib.sites.models import Site
@@ -95,7 +96,7 @@ def course_wiki_redirect(request, course_id):
            root,
            course_slug,
            title=course_slug,
-            content="This is the wiki for **{0}**'s _{1}_.".format(course.display_org_with_default, course.display_name_with_default),
+            content=cgi.escape("This is the wiki for **{0}**'s _{1}_.".format(course.display_org_with_default, course.display_name_with_default)),
            user_message="Course page automatically created.",
            user=None,
            ip_address=None,