fix: prevent stored XSS decoding in _lms.py

This commit is contained in:
raizasafeel
2026-03-12 00:37:29 +05:30
parent 82f0bb40ef
commit efda159191

View File

@@ -3,6 +3,7 @@ import re
import frappe
from bs4 import BeautifulSoup
from frappe import _
from frappe.utils.data import escape_html
from frappe.utils.telemetry import capture
from lms.lms.utils import get_lms_path, get_lms_route
@@ -109,7 +110,7 @@ def get_meta_from_document(app_path):
if course.description:
soup = BeautifulSoup(course.description, "html.parser")
course.description = soup.get_text()
course.description = escape_html(soup.get_text())
return {
"title": course.title,
@@ -136,7 +137,7 @@ def get_meta_from_document(app_path):
if batch.batch_details:
soup = BeautifulSoup(batch.batch_details, "html.parser")
batch.batch_details = soup.get_text()
batch.batch_details = escape_html(soup.get_text())
return {
"title": batch.title,
@@ -163,7 +164,7 @@ def get_meta_from_document(app_path):
if batch.batch_details:
soup = BeautifulSoup(batch.batch_details, "html.parser")
batch.batch_details = soup.get_text()
batch.batch_details = escape_html(soup.get_text())
return {
"title": batch.title,
@@ -191,7 +192,7 @@ def get_meta_from_document(app_path):
if job_opening.description:
soup = BeautifulSoup(job_opening.description, "html.parser")
job_opening.description = soup.get_text()
job_opening.description = escape_html(soup.get_text())
return {
"title": job_opening.job_title,
@@ -221,7 +222,7 @@ def get_meta_from_document(app_path):
if user.bio:
soup = BeautifulSoup(user.bio, "html.parser")
user.bio = soup.get_text()
user.bio = escape_html(soup.get_text())
return {
"title": user.full_name,