10000 fix: strip html instead of escaping when creating/updating workspace by sagarvora · Pull Request #24284 · frappe/frappe · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

fix: strip html instead of escaping when creating/updating workspace #24284

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 12, 2024
Merged

fix: strip html instead of escaping when creating/updating workspace #24284

merged 1 commit into from
Jan 12, 2024

Conversation

sagarvora
Copy link
Contributor
@sagarvora sagarvora commented Jan 12, 2024
edited
Loading

Closes #23555
Closes #23556

  • Strip HTML instead of escaping
  • Strip in backend for completeness
  • Patch for existing workspaces with issue

@sagarvora sagarvora requested review from a team, surajshetty3416 and shariquerik and removed request for a team and surajshetty3416 January 12, 2024 09:22
@codecov Codecov
Copy link
codecov bot commented Jan 12, 2024
edited
Loading

Codecov Report

Attention: 1 lines in your changes are missing coverage. Please review.

Comparison is base (d267f3f) 62.00% compared to head (d5610d3) 62.08%.
Report is 4 commits behind head on develop.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop   #24284      +/-   ##
===========================================
+ Coverage    62.00%   62.08%   +0.08%     
===========================================
  Files          786      786              
  Lines        74911    74914       +3     
  Branches      6418     6418              
===========================================
+ Hits         46445    46511      +66     
+ Misses       24796    24737      -59     
+ Partials      3670     3666       -4
Flag Coverage Δ
server 70.88% <33.33%> (+<0.01%) ⬆️
server-ui 27.11% <66.66%> (+0.02%) ⬆️
ui-tests 51.18% <100.00%> (+0.22%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@sagarvora sagarvora changed the title fix: sanitize html instead of escaping when creating/updating workspace fix: strip html instead of escaping when creating/updating workspace Jan 12, 2024
@ankush ankush merged commit 9c91f79 into frappe:develop Jan 12, 2024
@casesolved-co-uk
Copy link

Awesome work @sagarvora, many thanks!

@sagarvora sagarvora deleted the fix-workspace-title branch January 12, 2024 18:54
@sagarvora sagarvora added backport version-14-hotfix backport to version 14 backport version-15-hotfix Backport the PR to v15 labels Jan 12, 2024
mergify bot pushed a commit that referenced this pull request Jan 12, 2024
@sagarvora @mergify
fix: sanitize html instead of escaping when creating/updating workspa…
3e60295 
…ce (#24284)

(cherry picked from commit 9c91f79)

# Conflicts:
#	frappe/patches.txt
mergify bot pushed a commit that referenced this pull request Jan 12, 2024
@sagarvora @mergify
fix: sanitize html instead of escaping when creating/updating workspa…
0be6579 
…ce (#24284)

(cherry picked from commit 9c91f79)
This was referenced Jan 12, 2024
Merged
Merged
sagarvora added a commit that referenced this pull request Jan 12, 2024
@sagarvora
Merge pull request #24300 from frappe/mergify/bp/version-15-hotfix/pr…
b109048 
…-24284

fix: strip html instead of escaping when creating/updating workspace (backport #24284)
sagarvora added a commit that referenced this pull request Jan 12, 2024
@mergify @sagarvora
fix: strip html instead of escaping when creating/updating workspace …
8000 8207559 
…(backport #24284)

Co-authored-by: Sagar Vora <sagar@resilient.tech>
frappe-pr-bot pushed a commit that referenced this pull request Jan 16, 2024
@frappe-bot
chore(release): Bumped to Version 14.62.3
0b4b59e 
## [14.62.3](v14.62.2...v14.62.3) (2024-01-16)

### Bug Fixes

* add a check for `gpg` existing ([db2fb36](db2fb36))
* collapse sidebar on picking workspace ([#24312](#24312)) ([#24313](#24313)) ([898c803](898c803))
* delete existing children first to avoid `UniqueValidationError` (backport [#24140](#24140)) ([0363371](0363371))
* don't update docstatus (backport [#24216](#24216)) ([#24220](#24220)) ([6d4dcf9](6d4dcf9))
* Error when displaying dashboard with number card using average and sum methods ([#24244](#24244)) ([7d75ed3](7d75ed3))
* Handle edge case while searching in current context ([b4d23ed](b4d23ed))
* include workspaces without domain restriction ([90d4734](90d4734))
* **minor:** add optional chaining for this.$input ([#24339](#24339)) ([65a642f](65a642f))
* **minor:** check if markdown_preview exists ([#24335](#24335)) ([8fbda2c](8fbda2c))
* **minor:** increase rate limit for web form ([#24295](#24295)) ([#24296](#24296)) ([49ddaa0](49ddaa0))
* misc (backport [#24303](#24303)) ([#24304](#24304)) ([bd3f89b](bd3f89b))
* mobile sidebar disappearing ([#24316](#24316)) ([#24341](#24341)) ([b5811b5](b5811b5))
* **mobile-ui:** tabs should scroll instead of stack (backport [#24309](#24309)) ([#24310](#24310)) ([5db8d08](5db8d08))
* **MultiCheck:** Use df.sort_options to enable/disable sort ([#24202](#24202)) ([#24290](#24290)) ([1aa1de2](1aa1de2))
* pass parent doctype on dashboard chart ([#24236](#24236)) ([#24237](#24237)) ([e9c10f4](e9c10f4))
* 
8000
print perm check logs from DB query (backport [#24263](#24263)) ([#24267](#24267)) ([ce9fd66](ce9fd66))
* remove unknown column `indicator_color` ([8f6be35](8f6be35))
* **response:** fixup non-ASCII character filenames ([9dc059b](9dc059b))
* set correct recipient when reply to own email ([#24256](#24256)) ([#24259](#24259)) ([97fea1f](97fea1f))
* strip html instead of escaping when creating/updating workspace (backport [#24284](#24284)) ([8207559](8207559))
* **UX:** show status indicator in moblie view ([#24306](#24306)) ([#24307](#24307)) ([d74b5fc](d74b5fc))

### Reverts

* Revert "fix(Data Import): show failed import logs" ([56c9383](56c9383))
frappe-pr-bot pushed a commit that referenced this pull request Jan 16, 2024
@frappe-bot
chore(release): Bumped to Version 15.10.0
32e0294 
# [15.10.0](v15.9.0...v15.10.0) (2024-01-16)

### Bug Fixes

* add a check for `gpg` existing ([f0d65f1](f0d65f1))
* add empty space for notification mark read ([#24276](#24276)) ([e566f51](e566f51))
* check if autoname is promt before setting __newname ([9f08ab2](9f08ab2))
* collapse sidebar on picking workspace ([#24312](#24312)) ([#24314](#24314)) ([b3ef407](b3ef407))
* convert status field data to String before guessing the style ([#24226](#24226)) ([#24289](#24289)) ([1f5fb04](1f5fb04))
* don't add fallback for child table ([#24105](#24105)) ([1de3db8](1de3db8))
* Error when displaying dashboard with number card using average and sum functions ([#23883](#23883)) ([#24287](#24287)) ([5cc2281](5cc2281))
* Handle edge case while searching in current context ([460e1c2](460e1c2))
* include workspaces without domain restriction ([2f21a76](2f21a76))
* Make as_iterator work when there are no child queries ([55a26bf](55a26bf))
* **minor:** add optional chaining for this.$input ([#24340](#24340)) ([1302f08](1302f08))
* **minor:** check if markdown_preview exists ([#24336](#24336)) ([b512ad9](b512ad9))
* **minor:** increase rate limit for web form ([#24295](#24295)) ([#24297](#24297)) ([f1c139d](f1c139d))
* **minor:** return if no steps are defined. ([#24338](#24338)) ([373b0d4](373b0d4))
* misc ([#24303](#24303)) ([#24305](#24305)) ([3d515f2](3d515f2))
* mobile sidebar disappearing ([#24316](#24316)) ([#24342](#24342)) ([b21671b](b21671b))
* **mobile-ui:** tabs should scroll instead of stack ([#24309](#24309)) ([#24311](#24311)) ([fccf204](fccf204))
* **MultiCheck:** Use df.sort_options to enable/disable sort ([#24202](#24202)) ([#24291](#24291)) ([2a87904](2a87904))
* pass parent doctype on dashboard chart ([#24236](#24236)) ([#24238](#24238)) ([5a506dd](5a506dd))
* print perm check logs from DB query (backport [#24263](#24263)) ([#24268](#24268)) ([74eaaa5](74eaaa5))
* **response:** fixup non-ASCII character filenames ([9c6a58e](9c6a58e))
* sanitize html instead of escaping when creating/updating workspace ([#24284](#24284)) ([0be6579](0be6579))
* select field should not have debounce ([dc076e1](dc076e1))
* **sentry:** set scope for background jobs ([ed21f11](ed21f11))
* set correct recipient when reply to own email ([#24256](#24256)) ([#24260](#24260)) ([0b5923f](0b5923f))
* translate show all activity label ([#24363](#24363)) ([#24364](#24364)) ([4d2c3e5](4d2c3e5))
* **UX:** show status indicator in moblie view ([#24306](#24306)) ([#24308](#24308)) ([5940ce5](5940ce5))

### Features

* `frappe.db.sql` results `as_iterator` (backport [#19810](#19810)) ([#24346](#24346)) ([99a3a35](99a3a35)), closes [#24365](#24365)
* Skip locked rows while selecting ([#24298](#24298)) ([#24302](#24302)) ([09ef3d6](09ef3d6))
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 27, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@shariquerik shariquerik Awaiting requested review from shariquerik

Assignees
No one assigned
Labels
backport version-14-hotfix backport to version 14 backport version-15-hotfix Backport the PR to v15 squash
Projects
None yet
Milestone
No milestone
3 participants
@sagarvora @casesolved-co-uk @ankush
0