From 53a29609415cf39b44e45d67ae1fe6a394784e77 Mon Sep 17 00:00:00 2001
From: Calen Pennington <cale@edx.org>
Date: Wed, 23 Mar 2016 15:31:25 -0400
Subject: [PATCH] XSS escape cms/templates/component.html

---
 cms/templates/component.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cms/templates/component.html b/cms/templates/component.html
index f753f22cfa..0bd2a11467 100644
--- a/cms/templates/component.html
+++ b/cms/templates/component.html
@@ -1,3 +1,4 @@
+<%page expression_filter="h"/>
 <%! from django.utils.translation import ugettext as _ %>
 <%namespace name='static' file='static_content.html'/>
 
@@ -27,4 +28,4 @@
     </ul>
 </div>
 <span data-tooltip="${_("Drag to reorder")}" class="drag-handle action"></span>
-${preview}
+${preview | n}