From 40a2c3e6c702ffef643a6a81c52f880921245dd8 Mon Sep 17 00:00:00 2001
From: Charlotte Van Petegem <charlotte.vanpetegem@ugent.be>
Date: Tue, 9 Aug 2022 14:41:31 +0200
Subject: [PATCH] Fix XSS in course copy

---
 app/assets/javascripts/course.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/assets/javascripts/course.js b/app/assets/javascripts/course.js
index e686204fe4..9df9fece31 100644
--- a/app/assets/javascripts/course.js
+++ b/app/assets/javascripts/course.js
@@ -271,7 +271,7 @@ function initCourseNew() {
             $(this)
                 .closest(".panel")
                 .find(".answer")
-                .html($(this).data("answer"));
+                .text($(this).data("answer"));
             fetch(`/courses/new.js?copy_options[base_id]=${$(this).data("course_id")}`)
                 .then(req => req.text())
                 .then(resp => eval(resp));