CalvinBackup/erpnext
1
0
Fork 0
mirror of https://github.com/frappe/erpnext.git synced 2026-03-19 18:25:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(search): Fix possible reflected XSS attack vector (#16522)

Browse Source
This commit is contained in:
Aditya Hase
2019-01-30 19:56:04 +05:30
committed by Sagar Vora
parent 78fc158b39
commit 245b73b94f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
erpnext/templates/pages/product_search.html
View File

@@ -10,7 +10,7 @@
<script>
frappe.ready(function() {
var txt = frappe.utils.get_url_arg("search");
$(".search-results").html('{{ _("Search results for") + ": " + html2text(frappe.form_dict.search or "")|trim }}');
$(".search-results").html('{{ _("Search results for") + ": " + html2text(frappe.form_dict.search or "") | e | trim }}');
window.search = txt;
window.start = 0;
window.get_product_list();