diff --git a/lms/templates/courses_list.html b/lms/templates/courses_list.html
index f6448050aa..5eeaeca2bb 100644
--- a/lms/templates/courses_list.html
+++ b/lms/templates/courses_list.html
@@ -7,14 +7,14 @@
% if settings.FEATURES.get('COURSES_ARE_BROWSABLE'):
-
+
% for bundle in journal_info.get('journal_bundles'):
-
<%include file="journals/bundle_card.html" args="bundle=bundle"/>
% endfor
-
+
%for journal in journal_info.get('journals'):
-
<%include file="journals/journal_card.html" args="journal=journal" />
diff --git a/lms/templates/courseware/courses.html b/lms/templates/courseware/courses.html
index 1e0c7e391c..06f6bbf2d3 100644
--- a/lms/templates/courseware/courses.html
+++ b/lms/templates/courseware/courses.html
@@ -1,7 +1,8 @@
+<%page expression_filter="h"/>
<%!
import json
from django.utils.translation import ugettext as _
- from openedx.core.djangolib.js_utils import dump_js_escaped_json
+ from openedx.core.djangolib.js_utils import js_escaped_string, dump_js_escaped_json
%>
<%inherit file="../main.html" />
<%
@@ -21,8 +22,8 @@
DiscoveryFactory(
${course_discovery_meanings | n, dump_js_escaped_json},
getParameterByName('search_query'),
- "${user_language}",
- "${user_timezone}"
+ "${user_language | n, js_escaped_string}",
+ "${user_timezone | n, js_escaped_string}"
);
@@ -56,14 +57,14 @@
% endif
-
+
% for bundle in journal_info.get('journal_bundles'):
-
<%include file="../journals/bundle_card.html" args="bundle=bundle" />
% endfor
-
+
%for journal in journal_info.get('journals'):
-
<%include file="../journals/journal_card.html" args="journal=journal" />