From 03c801255ffe198a6fc8da5790b8a821123610e5 Mon Sep 17 00:00:00 2001
From: muzaffaryousaf <muzaffar.yousaf@arbisoft.com>
Date: Tue, 5 Apr 2016 18:18:50 +0500
Subject: [PATCH] Safe  template for edxnotes.

---
 lms/templates/edxnotes/toggle_notes.html | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lms/templates/edxnotes/toggle_notes.html b/lms/templates/edxnotes/toggle_notes.html
index 51e03b3e41..7ea4c4c50c 100644
--- a/lms/templates/edxnotes/toggle_notes.html
+++ b/lms/templates/edxnotes/toggle_notes.html
@@ -1,10 +1,10 @@
+<%page args="course" expression_filter="h"/>
 <%!
-import json
 from django.utils.translation import ugettext as _
 from django.core.urlresolvers import reverse
+from openedx.core.djangolib.js_utils import dump_js_escaped_json, js_escaped_string
 %>
 <%namespace name='static' file='/static_content.html'/>
-<%page args="course"/>
 
 <%
   edxnotes_visibility = course.edxnotes_visibility
@@ -23,5 +23,8 @@ from django.core.urlresolvers import reverse
 </div>
 
 <%static:require_module module_name="js/edxnotes/views/notes_visibility_factory" class_name="NotesVisibilityFactory">
-    NotesVisibilityFactory.ToggleVisibilityView(${json.dumps(edxnotes_visibility)}, '${edxnotes_visibility_url}');
+    NotesVisibilityFactory.ToggleVisibilityView(
+        ${edxnotes_visibility | n, dump_js_escaped_json},
+        '${edxnotes_visibility_url | n, js_escaped_string}'
+    );
 </%static:require_module>