From 1ffb0b1d7ccaf48e22ceb450384322ec6b002dc4 Mon Sep 17 00:00:00 2001
From: Ankush Menat <ankush@iwebnotes.com>
Date: Fri, 6 Aug 2021 12:52:12 +0530
Subject: [PATCH 1/2] fix: validate code fields of children too

---
 frappe/model/document.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/frappe/model/document.py b/frappe/model/document.py
index 7443c92ab4..9a1fb775f7 100644
--- a/frappe/model/document.py
+++ b/frappe/model/document.py
@@ -507,6 +507,7 @@ class Document(BaseDocument):
 			d._validate_selects()
 			d._validate_non_negative()
 			d._validate_length()
+			d._validate_code_fields()
 			d._extract_images_from_text_editor()
 			d._sanitize_content()
 			d._save_passwords()

From a85744be271836b49f6883edb84942b373f7e2da Mon Sep 17 00:00:00 2001
From: Ankush Menat <ankush@iwebnotes.com>
Date: Fri, 6 Aug 2021 15:01:06 +0530
Subject: [PATCH 2/2] test: Python syntax validation "integration" test

---
 .../core/doctype/server_script/test_server_script.py   | 10 ++++++++++
 frappe/workflow/doctype/workflow/test_workflow.py      | 10 ++++++++++
 2 files changed, 20 insertions(+)

diff --git a/frappe/core/doctype/server_script/test_server_script.py b/frappe/core/doctype/server_script/test_server_script.py
index c39fcfa0d0..ed6b5539c5 100644
--- a/frappe/core/doctype/server_script/test_server_script.py
+++ b/frappe/core/doctype/server_script/test_server_script.py
@@ -109,3 +109,13 @@ class TestServerScript(unittest.TestCase):
 		"""Raise AttributeError if method not found in Namespace"""
 		note = frappe.get_doc({"doctype": "Note", "title": "Test Note: Server Script"})
 		self.assertRaises(AttributeError, note.insert)
+
+	def test_syntax_validation(self):
+		server_script = scripts[0]
+		server_script["script"] = "js || code.?"
+
+		with self.assertRaises(frappe.ValidationError) as se:
+			frappe.get_doc(doctype="Server Script", **server_script).insert()
+
+		self.assertTrue("invalid python code" in str(se.exception).lower(),
+				msg="Python code validation not working")
diff --git a/frappe/workflow/doctype/workflow/test_workflow.py b/frappe/workflow/doctype/workflow/test_workflow.py
index 9bafd377fc..cd36fd2d0b 100644
--- a/frappe/workflow/doctype/workflow/test_workflow.py
+++ b/frappe/workflow/doctype/workflow/test_workflow.py
@@ -121,6 +121,16 @@ class TestWorkflow(unittest.TestCase):
 		self.workflow.states[1].doc_status = 0
 		self.workflow.save()
 
+	def test_syntax_error_in_transition_rule(self):
+		self.workflow.transitions[0].condition = 'doc.status =! "Closed"'
+
+		with self.assertRaises(frappe.ValidationError) as se:
+			self.workflow.save()
+
+		self.assertTrue("invalid python code" in str(se.exception).lower(),
+				msg="Python code validation not working")
+
+
 def create_todo_workflow():
 	if frappe.db.exists('Workflow', 'Test ToDo'):
 		frappe.delete_doc('Workflow', 'Test ToDo')