fix: escape HTML in forms

2025-11-11 12:17:26 +05:30
parent c951732eb4
commit ab366837a2
10 changed files with 514 additions and 456 deletions
--- a/frontend/src/components/Controls/MultiSelect.vue
+++ b/frontend/src/components/Controls/MultiSelect.vue
@@ -20,8 +20,6 @@
 								}
 							"
 							autocomplete="off"
-							@focus="() => togglePopover()"
-							@keydown.delete.capture.stop="removeLastValue"
 						/>
 					</template>
 					<template #body="{ isOpen, close }">
@@ -58,7 +56,7 @@
 									<div class="h-10"></div>
 									<div
 										v-if="attrs.onCreate"
-										class="absolute bottom-2 left-1 w-[99%] pt-2 bg-white border-t"
+										class="absolute bottom-2 left-1 w-[95%] pt-2 bg-white border-t"
 									>
 										<Button
 											variant="ghost"
@@ -180,6 +178,7 @@ const filterOptions = createResource({
 })

 const options = computed(() => {
+	setFocus()
 	return filterOptions.data || []
 })

@@ -225,25 +224,6 @@ const removeValue = (value) => {
 	values.value = values.value.filter((v) => v !== value)
 }

-const removeLastValue = () => {
-	if (query.value) return
-
-	let emailRef = emails.value[emails.value.length - 1]?.$el
-	if (document.activeElement === emailRef) {
-		values.value.pop()
-		nextTick(() => {
-			if (values.value.length) {
-				emailRef = emails.value[emails.value.length - 1].$el
-				emailRef?.focus()
-			} else {
-				setFocus()
-			}
-		})
-	} else {
-		emailRef?.focus()
-	}
-}
-
 function setFocus() {
 	search.value.$el.focus()
 }
--- a/frontend/src/components/Modals/AssignmentForm.vue
+++ b/frontend/src/components/Modals/AssignmentForm.vue
@@ -66,6 +66,7 @@
 <script setup lang="ts">
 import { Button, Dialog, FormControl, TextEditor, toast } from 'frappe-ui'
 import { computed, reactive, watch } from 'vue'
+import { escapeHTML } from '@/utils'

 const show = defineModel()
 const assignments = defineModel<Assignments>('assignments')
@@ -121,35 +122,48 @@ watch(show, (newVal) => {
 	}
 })

+const validateTitle = () => {
+	assignment.title = escapeHTML(assignment.title.trim())
+}
+
 const saveAssignment = () => {
+	validateTitle()
 	if (props.assignmentID == 'new') {
-		assignments.value.insert.submit(
-			{
-				...assignment,
-			},
-			{
-				onSuccess() {
-					show.value = false
-					toast.success(__('Assignment created successfully'))
-				},
-			}
-		)
+		createAssignment()
 	} else {
-		assignments.value.setValue.submit(
-			{
-				...assignment,
-				name: props.assignmentID,
-			},
-			{
-				onSuccess() {
-					show.value = false
-					toast.success(__('Assignment updated successfully'))
-				},
-			}
-		)
+		updateAssignment()
 	}
 }

+const createAssignment = () => {
+	assignments.value.insert.submit(
+		{
+			...assignment,
+		},
+		{
+			onSuccess() {
+				show.value = false
+				toast.success(__('Assignment created successfully'))
+			},
+		}
+	)
+}
+
+const updateAssignment = () => {
+	assignments.value.setValue.submit(
+		{
+			...assignment,
+			name: props.assignmentID,
+		},
+		{
+			onSuccess() {
+				show.value = false
+				toast.success(__('Assignment updated successfully'))
+			},
+		}
+	)
+}
+
 const assignmentOptions = computed(() => {
 	return [
 		{ label: 'PDF', value: 'PDF' },