fix(help): escape query (backport #53192) (#53193)

fix(help): escape query (#53192) (cherry picked from commit 702adda000) Signed-off-by: Akhil Narang <me@akhilnarang.dev> Co-authored-by: Akhil Narang <me@akhilnarang.dev>
2026-03-29 17:11:33 +02:00 · 2026-03-05 18:40:44 +05:30
parent e1674d2017
commit f6d3a811ed
1 changed files with 1 additions and 1 deletions
--- a/erpnext/templates/pages/help.html
+++ b/erpnext/templates/pages/help.html
@@ -8,7 +8,7 @@
 	<form action="/search_help" style="display: flex;">
 	<input name='q' class='form-control' type='text'
 		style='max-width: 400px; display: inline-block; margin-right: 10px;'
-		value='{{ frappe.form_dict.q or ''}}'
+		value='{{ (frappe.form_dict.q or '') | e }}'
 		{% if not frappe.form_dict.q%}placeholder="{{ _("What do you need help with?") }}"{% endif %}>
 	<input type='submit'
 		class='btn btn-sm btn-light btn-search' value="{{ _("Search") }}">