Merge pull request #195 from dementrock/master

Minor bug fix. Properly handles script tags where there are spaces before closing brace. Code is also more elegant than original. Note that this is not a security bug, as the fix indicated.
2012-07-17 14:49:34 -07:00
parent aded6a4fce ef2a8467e8
commit b0328b245f
1 changed files with 2 additions and 1 deletions
--- a/common/lib/xmodule/xmodule/seq_module.py
+++ b/common/lib/xmodule/xmodule/seq_module.py
@@ -80,7 +80,8 @@ class SequenceModule(XModule):
        # Split </script> tags -- browsers handle this as end
        # of script, even if it occurs mid-string. Do this after json.dumps()ing
        # so that we can be sure of the quotations being used
-        params = {'items': json.dumps(contents).replace('</script>', '<"+"/script>'),
+        import re
+        params = {'items': re.sub(r'</(script)', r'\u003c/\1', json.dumps(contents), flags=re.IGNORECASE),
                  'element_id': self.location.html_id(),
                  'item_id': self.id,
                  'position': self.position,