From e41554b24ce75b093e699dfcaa448d23624e3e23 Mon Sep 17 00:00:00 2001
From: Chris Dodge <cdodge@edx.org>
Date: Thu, 1 Aug 2013 11:58:37 -0400
Subject: [PATCH] be sure to encode the display strings

---
 lms/djangoapps/course_wiki/views.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lms/djangoapps/course_wiki/views.py b/lms/djangoapps/course_wiki/views.py
index e92598a9a5..1884ab7f11 100644
--- a/lms/djangoapps/course_wiki/views.py
+++ b/lms/djangoapps/course_wiki/views.py
@@ -1,5 +1,6 @@
 import logging
 import re
+import cgi
 
 from django.conf import settings
 from django.contrib.sites.models import Site
@@ -95,7 +96,7 @@ def course_wiki_redirect(request, course_id):
             root,
             course_slug,
             title=course_slug,
-            content="This is the wiki for **{0}**'s _{1}_.".format(course.display_org_with_default, course.display_name_with_default),
+            content=cgi.escape("This is the wiki for **{0}**'s _{1}_.".format(course.display_org_with_default, course.display_name_with_default)),
             user_message="Course page automatically created.",
             user=None,
             ip_address=None,