From 4d4b5106570de3c62f657611178dff2d4ae2d86b Mon Sep 17 00:00:00 2001
From: Taimoor  Ahmed <taimoor.ahmed@A006-01434.local>
Date: Thu, 7 Nov 2024 23:50:20 +0500
Subject: [PATCH] Fix: Course title string in program detail page

---
 .../learner_dashboard/views/course_entitlement_view.js   | 9 +++++++++
 lms/templates/learner_dashboard/course_card.underscore   | 4 ++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/lms/static/js/learner_dashboard/views/course_entitlement_view.js b/lms/static/js/learner_dashboard/views/course_entitlement_view.js
index 3f2e65f4c28d..690a9c59fa54 100644
--- a/lms/static/js/learner_dashboard/views/course_entitlement_view.js
+++ b/lms/static/js/learner_dashboard/views/course_entitlement_view.js
@@ -90,6 +90,15 @@ class CourseEntitlementView extends Backbone.View {
     });
   }
 
+  escapeHtml(unsafe) {
+    return unsafe
+        .replace(/&/g, "&amp;")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;")
+        .replace(/"/g, "&quot;")
+        .replace(/'/g, "&#39;");
+  }
+
   handleEnrollChange() {
     /*
     Handles enrolling in a course, unenrolling in a session and changing session.
diff --git a/lms/templates/learner_dashboard/course_card.underscore b/lms/templates/learner_dashboard/course_card.underscore
index f15b7c4881bd..485f94adabf1 100644
--- a/lms/templates/learner_dashboard/course_card.underscore
+++ b/lms/templates/learner_dashboard/course_card.underscore
@@ -5,10 +5,10 @@
                 <h5 class="course-title">
                     <% if (course_title_link) { %>
                         <a href="<%- course_title_link %>" class="course-title-link">
-                            <%- title %>
+                            <%- escapeHtml(title) %>
                         </a>
                     <% } else { %>
-                        <%- title %>
+                        <%- escapeHtml(title) %>
                     <% } %>
                 </h5>
                 <div class="course-text">