schuetz3/schuetz3-erpnext
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(send_message): escape HTML in the text

Browse Source 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
This commit is contained in:
Akhil Narang
2025-02-19 12:23:10 +05:30
parent 5fed3866b6
commit 448a5db20f
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
erpnext/templates/utils.py
View File

@@ -3,6 +3,7 @@
import frappe import frappe
from frappe.utils import escape_html
@frappe.whitelist(allow_guest=True) @frappe.whitelist(allow_guest=True)
@@ -11,6 +12,8 @@ def send_message(sender, message, subject="Website Query"):
website_send_message(sender, message, subject) website_send_message(sender, message, subject)
message = escape_html(message)
lead = customer = None lead = customer = None
customer = frappe.db.sql( customer = frappe.db.sql(
"""select distinct dl.link_name from `tabDynamic Link` dl """select distinct dl.link_name from `tabDynamic Link` dl