MIDNIGHT/enlight-lms
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: sanitize html of all description fields

Browse Source
This commit is contained in:
Jannat Patel
2025-12-10 17:25:56 +05:30
parent 316e739dd6
commit 0877e32e1b
6 changed files with 40 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
frontend/src/pages/BatchForm.vue
View File

@@ -340,11 +340,12 @@ import { sessionStore } from '../stores/session'
import MultiSelect from '@/components/Controls/MultiSelect.vue'
import Link from '@/components/Controls/Link.vue'
import {
openSettings,
escapeHTML,
getMetaInfo,
openSettings,
sanitizeHTML,
updateMetaInfo,
validateFile,
escapeHTML,
} from '@/utils'
const router = useRouter()
@@ -502,6 +503,9 @@ const imageResource = createResource({
})
const validateFields = () => {
batch.description = sanitizeHTML(batch.description)
batch.batch_details = sanitizeHTML(batch.batch_details)
Object.keys(batch).forEach((key) => {
if (
!['description', 'batch_details'].includes(key) &&

7
frontend/src/pages/CourseForm.vue
View File

@@ -353,11 +353,12 @@ import { capture, startRecording, stopRecording } from '@/telemetry'
import { useOnboarding } from 'frappe-ui/frappe'
import { sessionStore } from '../stores/session'
import {
openSettings,
escapeHTML,
getMetaInfo,
openSettings,
sanitizeHTML,
updateMetaInfo,
validateFile,
escapeHTML,
} from '@/utils'
import Link from '@/components/Controls/Link.vue'
import CourseOutline from '@/components/CourseOutline.vue'
@@ -539,6 +540,8 @@ const imageResource = createResource({
})
const validateFields = () => {
course.description = sanitizeHTML(course.description)
Object.keys(course).forEach((key) => {
if (key != 'description' && typeof course[key] === 'string') {
course[key] = escapeHTML(course[key])

3
frontend/src/pages/JobForm.vue
View File

@@ -158,7 +158,7 @@ import { computed, onMounted, reactive, inject } from 'vue'
import { FileText, X } from 'lucide-vue-next'
import { sessionStore } from '@/stores/session'
import { useRouter } from 'vue-router'
import { escapeHTML, getFileSize, validateFile } from '@/utils'
import { escapeHTML, getFileSize, sanitizeHTML, validateFile } from '@/utils'
const user = inject('$user')
const router = useRouter()
@@ -314,6 +314,7 @@ const editJobDetails = () => {
}
const validateJobFields = () => {
job.description = sanitizeHTML(job.description)
Object.keys(job).forEach((key) => {
if (key != 'description' && typeof job[key] === 'string') {
job[key] = escapeHTML(job[key])