fix potential <script> tag escape bug

2012-07-17 17:00:36 -04:00
parent ba6346cb22
commit ef2a8467e8
1 changed files with 2 additions and 1 deletions
--- a/common/lib/xmodule/xmodule/seq_module.py
+++ b/common/lib/xmodule/xmodule/seq_module.py
@@ -80,7 +80,8 @@ class SequenceModule(XModule):
        # Split </script> tags -- browsers handle this as end
        # of script, even if it occurs mid-string. Do this after json.dumps()ing
        # so that we can be sure of the quotations being used
-        params = {'items': json.dumps(contents).replace('</script>', '<"+"/script>'),
+        import re
+        params = {'items': re.sub(r'</(script)', r'\u003c/\1', json.dumps(contents), flags=re.IGNORECASE),
                  'element_id': self.location.html_id(),
                  'item_id': self.id,
                  'position': self.position,