MIDNIGHT/frappe-lms
2
0
Fork 0
mirror of https://github.com/frappe/lms.git synced 2026-05-02 13:39:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: prevent xss in meta data

Browse Source
This commit is contained in:
raizasafeel
2026-04-06 20:40:17 +05:30
parent 90d4f32c47
commit f244a6c9ff
2 changed files with 17 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/index.html
+14 -14
View File
@@ -201,26 +201,26 @@
media="(device-width: 320px) and (device-height: 568px) and (-webkit-device-pixel-ratio: 2) and (orientation: landscape)" media="(device-width: 320px) and (device-height: 568px) and (-webkit-device-pixel-ratio: 2) and (orientation: landscape)"
/> />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>{{ title }}</title> <title>{{ title | e }}</title>
<meta name="title" content="{{ meta.title }}" /> <meta name="title" content="{{ meta.title | e }}" />
<meta name="image" content="{{ meta.image }}" /> <meta name="image" content="{{ meta.image | e }}" />
<meta name="description" content="{{ meta.description }}" /> <meta name="description" content="{{ meta.description | e }}" />
<meta name="keywords" content="{{ meta.keywords }}" /> <meta name="keywords" content="{{ meta.keywords | e }}" />
<meta property="og:title" content="{{ meta.title }}" /> <meta property="og:title" content="{{ meta.title | e }}" />
<meta property="og:image" content="{{ meta.image }}" /> <meta property="og:image" content="{{ meta.image | e }}" />
<meta property="og:description" content="{{ meta.description }}" /> <meta property="og:description" content="{{ meta.description | e }}" />
<meta name="twitter:title" content="{{ meta.title }}" /> <meta name="twitter:title" content="{{ meta.title | e }}" />
<meta name="twitter:image" content="{{ meta.image }}" /> <meta name="twitter:image" content="{{ meta.image | e }}" />
<meta name="twitter:description" content="{{ meta.description }}" /> <meta name="twitter:description" content="{{ meta.description | e }}" />
</head> </head>
<body class="sm:overscroll-y-none no-scrollbar"> <body class="sm:overscroll-y-none no-scrollbar">
<div id="app"> <div id="app">
<div id="seo-content"> <div id="seo-content">
<h1>{{ meta.title }}</h1> <h1>{{ meta.title | e }}</h1>
<p> <p>
{{ meta.description }} {{ meta.description | e }}
</p> </p>
<a href="{{ meta.link }}">Know More</a> <a href="{{ meta.link | e }}">Know More</a>
</div> </div>
</div> </div>
<script> <script>
lms/lms/api.py
+3
View File
@@ -1550,6 +1550,9 @@ def update_meta_info(meta_type: str, route: str, meta_tags: list):
def validate_meta_tags(meta_tags: list): def validate_meta_tags(meta_tags: list):
if not isinstance(meta_tags, list): if not isinstance(meta_tags, list):
frappe.throw(_("Meta tags should be a list.")) frappe.throw(_("Meta tags should be a list."))
for tag in meta_tags:
if tag.get("value"):
tag["value"] = frappe.utils.strip_html_tags(str(tag["value"]))
def create_meta(parent_name: str, tag_properties: dict): def create_meta(parent_name: str, tag_properties: dict):