From d12e7e887790afa47f820286c4d95afa2acbb398 Mon Sep 17 00:00:00 2001
From: Waheed Ahmed <waheed.ahmed@arbisoft.com>
Date: Tue, 21 Jan 2014 18:51:25 +0500
Subject: [PATCH] Fixed allowing for execution of arbitrary Javascript in
 student response. ORA-256

---
 .../lib/xmodule/xmodule/js/src/combinedopenended/display.coffee  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/common/lib/xmodule/xmodule/js/src/combinedopenended/display.coffee b/common/lib/xmodule/xmodule/js/src/combinedopenended/display.coffee
index 3ed8ba226d..7a3c366e22 100644
--- a/common/lib/xmodule/xmodule/js/src/combinedopenended/display.coffee
+++ b/common/lib/xmodule/xmodule/js/src/combinedopenended/display.coffee
@@ -368,6 +368,7 @@ class @CombinedOpenEnded
       @rub.initialize(@location)
       @child_state = 'assessing'
       @find_assessment_elements()
+      @answer_area.val(response.student_response)
       @rebind()
       answer_area_div = @$(@answer_area_div_sel)
       answer_area_div.html(response.student_response)