I just noticed you can enter XSS code as a course update in the CMS <script> and it will show on the LMS for the users. This also happen if you want to add a new page to the course
Does anyone have a fix? This is a big issue for us Thanks -- You received this message because you are subscribed to the Google Groups "General Open edX discussion" group. To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/0841c8d3-6b69-4fbb-a3c3-1a7ab61e2645%40googlegroups.com.
