fix: prevent xss in meta data

2026-05-02 13:39:31 +03:00 · 2026-04-06 20:40:17 +05:30
parent 90d4f32c47
commit f244a6c9ff
2 changed files with 17 additions and 14 deletions
@@ -1550,6 +1550,9 @@ def update_meta_info(meta_type: str, route: str, meta_tags: list):
 def validate_meta_tags(meta_tags: list):
 	if not isinstance(meta_tags, list):
 		frappe.throw(_("Meta tags should be a list."))
+	for tag in meta_tags:
+		if tag.get("value"):
+			tag["value"] = frappe.utils.strip_html_tags(str(tag["value"]))


 def create_meta(parent_name: str, tag_properties: dict):