fix(Update GSTIN): remove '.__' from template (#17062)

'.__' Avoid Server Side Template Injection
2026-05-27 17:04:47 +00:00 · 2019-03-30 12:11:01 +05:30
parent 43d79eaa92
commit 20c17b8229
1 changed files with 1 additions and 1 deletions
--- a/erpnext/templates/pages/regional/india/update-gstin.html
+++ b/erpnext/templates/pages/regional/india/update-gstin.html
@@ -32,7 +32,7 @@
 	<p class='text-muted'>Please update your GSTIN for us to issue correct tax invoice</p>
 	<form method='GET' action='/regional/india/update-gstin.html'>
 		<input type='hidden' value='{{ party.name }}' name='party'>
-		{% for address in party.__onload.addr_list %}
+		{% for address in party.get_onload('addr_list') %}
 		<div class='bordered' style='max-width: 300px; margin-bottom: 15px;'>
 			{{ address.display }}
 			<p><input type='text' class='form-control'