chore: escape instead of sanitizing

2023-09-11 18:01:09 +05:30 · 2023-09-11 18:01:09 +05:30 · 3e8a192828
commit 3e8a192828
parent 35000c2e4f
2 changed files with 2 additions and 2 deletions
--- a/frappe/templates/includes/navbar/navbar_search.html
+++ b/frappe/templates/includes/navbar/navbar_search.html
@ -3,7 +3,7 @@
 		<form action='/search'>
 		<input name='q' class='form-control navbar-search' type='text'
 			value='{{ frappe.form_dict.q|e if frappe.form_dict.q else ''}}'
-			{% if not frappe.form_dict.q%}placeholder="{{ _("Search...") }}"{% endif %}>
+			{% if not frappe.form_dict.q %}placeholder="{{ _("Search...") }}"{% endif %}>
 		</form>
 	</li>
 {% endif %}
--- a/frappe/templates/includes/search_template.html
+++ b/frappe/templates/includes/search_template.html
@ -28,7 +28,7 @@
 				</div>
 			</div>
 			{% if frappe.form_dict.scope %}
-				<input type="text" hidden name="scope" value="{{ frappe.sanitize_html(frappe.form_dict.scope) }}">
+				<input type="text" hidden name="scope" value="{{ frappe.utils.escape_html(frappe.form_dict.scope) }}">
 			{% endif %}
 		</form>
 	</div>