vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix(user): strip html tags from user name

Browse source 
Signed-off-by: Akhil Narang <me@akhilnarang.dev>
This commit is contained in:
Akhil Narang 2025-01-15 11:54:09 +05:30
parent 8b631dc0ed
commit 89c945f902
No known key found for this signature in database
GPG key ID: 9DCC61E211BF645F
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
frappe/core/doctype/user/user.py
View file

@ -182,6 +182,7 @@ class User(Document):
self.populate_role_profile_roles()
self.check_roles_added()
self.set_system_user()
self.clean_name()
self.set_full_name()
self.check_enable_disable()
self.ensure_unique_roles()
@ -310,6 +311,11 @@ class User(Document):
"""Return True if current user is the session user."""
return self.name == frappe.session.user
def clean_name(self):
self.first_name = escape_html(self.first_name)
self.middle_name = escape_html(self.middle_name)
self.last_name = escape_html(self.last_name)
def set_full_name(self):
self.full_name = " ".join(filter(None, [self.first_name, self.last_name]))