Merge pull request #2241 from edx/waheed/ora256-reflected-xss-in-ora-submissions-fix

Fixed allowing for execution of arbitrary Javascript in student response
2014-01-30 04:14:28 -08:00
parent a077dc815c d12e7e8877
commit c21e012d8b
1 changed files with 1 additions and 0 deletions
--- a/common/lib/xmodule/xmodule/js/src/combinedopenended/display.coffee
+++ b/common/lib/xmodule/xmodule/js/src/combinedopenended/display.coffee
@@ -368,6 +368,7 @@ class @CombinedOpenEnded
      @rub.initialize(@location)
      @child_state = 'assessing'
      @find_assessment_elements()
+      @answer_area.val(response.student_response)
      @rebind()
      answer_area_div = @$(@answer_area_div_sel)
      answer_area_div.html(response.student_response)