From 15e5a7dbf101fe692a82fe34d361a720fdc74054 Mon Sep 17 00:00:00 2001
From: Nimisha Asthagiri <nasthagiri@edx.org>
Date: Wed, 23 Mar 2016 11:57:17 -0400
Subject: [PATCH] XSS Safe by default - vert_module.html

---
 lms/templates/vert_module.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lms/templates/vert_module.html b/lms/templates/vert_module.html
index c5b02ff55b..df882124e1 100644
--- a/lms/templates/vert_module.html
+++ b/lms/templates/vert_module.html
@@ -1,3 +1,4 @@
+<%page expression_filter="h"/>
 
 % if show_bookmark_button:
     <%include file='bookmark_button.html' args="bookmark_id=bookmark_id, is_bookmarked=bookmarked"/>
@@ -6,7 +7,7 @@
 <div class="vert-mod">
 % for idx, item in enumerate(items):
   <div class="vert vert-${idx}" data-id="${item['id']}">
-    ${item['content']}
+    ${item['content'] | n, unicode}
   </div>
 % endfor
 </div>