Merge pull request #34281 from sokumon/template-injection-xss

fix(xss): sanitize on input itself
2025-10-06 17:25:11 +05:30 · 2025-10-06 17:25:11 +05:30 · 73ff731b41
commit 73ff731b41
parent c33849ffee 4a8391a6fc
1 changed files with 1 additions and 0 deletions
--- a/frappe/public/js/frappe/ui/toolbar/awesome_bar.js
+++ b/frappe/public/js/frappe/ui/toolbar/awesome_bar.js
@ -66,6 +66,7 @@ frappe.search.AwesomeBar = class AwesomeBar {
 			"input",
 			frappe.utils.debounce(function (e) {
 				var value = e.target.value;
+				value = frappe.utils.xss_sanitise(value);
 				var txt = value.trim().replace(/\s\s+/g, " ");
 				var last_space = txt.lastIndexOf(" ");
 				me.global_results = [];