From 2899ed4453065f875760563dda0ef5431f8b8b51 Mon Sep 17 00:00:00 2001
From: Simon Coggins <simon.coggins@totaralms.com>
Date: Mon, 29 Sep 2014 15:16:15 +1300
Subject: [PATCH] Fix XSS in page content editor

Change-Id: I9f5aefb3a1c57344631eb53a86d6b95d9ac1b52f
---
 htdocs/js/views.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/js/views.js b/htdocs/js/views.js
index 09aca283..ef499b6 100644
--- a/htdocs/js/views.js
+++ b/htdocs/js/views.js
@@ -517,7 +517,7 @@
         var element = $('#column-container > .row').eq(parseInt(position[0]) - 1).find('.column').eq(parseInt(position[1]) - 1);
         var options = [get_string('blockordertop')];
         element.find('.column-content .blockinstance .blockinstance-header').each(function() {
-            options.push(get_string('blockorderafter', $(this).find('h2.title').text()));
+            options.push(get_string('blockorderafter', $(this).find('h2.title').html()));
         });
         var selectbox = $('#addblock_position');
         selectbox.html('<option>' + options.join('</option><option>') + '</option>');
-- 
1.8.3.2