MIDNIGHT/frappe-lms
2
0
Fork 0
mirror of https://github.com/frappe/lms.git synced 2026-05-02 13:39:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix(lesson): sanitize lesson server side

Browse Source
This commit is contained in:
Raizaaa
2026-05-01 01:34:05 +05:30
parent 47b5b603c7
commit 07ca95caa8
2 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lms/lms/doctype/course_lesson/course_lesson.py
+1 -20
View File
@@ -7,10 +7,9 @@ import frappe
from frappe import _
from frappe.model.document import Document
from frappe.realtime import get_website_room
from frappe.utils.html_utils import sanitize_html
from frappe.utils.telemetry import capture
from lms.lms.utils import get_course_progress, is_demo_course, recalculate_course_progress
from lms.lms.utils import get_course_progress, is_demo_course, recalculate_course_progress, sanitize_editorjs
from ...md import find_macros
@@ -74,24 +73,6 @@ class CourseLesson(Document):
)
def sanitize_editorjs(raw):
try:
data = json.loads(raw)
except (TypeError, ValueError):
return raw
return json.dumps(sanitize_json(data), separators=(",", ":"))
def sanitize_json(node):
if isinstance(node, dict):
return {k: sanitize_json(v) for k, v in node.items()}
if isinstance(node, list):
return [sanitize_json(v) for v in node]
if isinstance(node, str) and ("<" in node or ">" in node):
return sanitize_html(node, always_sanitize=True)
return node
@frappe.whitelist()
def save_progress(lesson: str, course: str, scorm_details: dict = None):
"""
lms/lms/utils.py
+19
View File
@@ -25,6 +25,7 @@ from frappe.utils import (
rounded,
validate_email_address,
)
from frappe.utils.html_utils import sanitize_html
from pypika import Case
from pypika import functions as fn
@@ -2398,3 +2399,21 @@ def get_field_meta(doctype, fieldnames):
def is_demo_course(course: str) -> bool:
title = frappe.db.get_value("LMS Course", course, "title")
return title == "A guide to Frappe Learning"
def sanitize_editorjs(raw):
try:
data = json.loads(raw)
except (TypeError, ValueError):
return raw
return json.dumps(sanitize_json(data), separators=(",", ":"))
def sanitize_json(node):
if isinstance(node, dict):
return {k: sanitize_json(v) for k, v in node.items()}
if isinstance(node, list):
return [sanitize_json(v) for v in node]
if isinstance(node, str) and ("<" in node or ">" in node):
return sanitize_html(node, always_sanitize=True)
return node