Merge pull request #622 from pateljannat/issues

fix: sanitized inputs for people and course creation page
frappe · Sep 25, 2023 · 5614a62 · 5614a62
2 parents 1c0644a + 5727b7c
commit 5614a62
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/lms/www/courses/create.js b/lms/www/courses/create.js
@@ -51,8 +51,13 @@ const create_tag = (e) => {
 	if ($(e.target).val() == "") {
 		return;
 	}
+
+	let tag_value = $(e.target)
+		.val()
+		.replace(/</g, "&lt;")
+		.replace(/>/g, "&gt;");
 	let tag = `<button class="btn btn-secondary btn-sm mr-2 text-uppercase">
-		${$(e.target).val()}
+		${tag_value}
 		<span class="btn-remove">
 			<svg class="icon  icon-sm">
 				<use class="" href="#icon-close"></use>

diff --git a/lms/www/people/index.js b/lms/www/people/index.js
@@ -36,7 +36,12 @@ const search = (e) => {
 				$("#load-more").removeClass("hide");
 			else $("#search-empty-state").removeClass("hide");
 
-			$(".member-parent").append(data.message.user_details);
+			let user_details = data.message.user_details;
+			user_details
+				.replace(/&/g, "&amp;")
+				.replace(/</g, "&lt;")
+				.replace(/"/g, "&quot;");
+			$(".member-parent").append(user_details);
 			update_load_more_state(data);
 		},
 	});