nsinnovations/erpnext
2
0
Fork 0
mirror of https://github.com/frappe/erpnext.git synced 2026-04-13 11:55:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(templates): escape attachment file_url and file_name in order.html and projects.html

Browse Source 
(cherry picked from commit d9760bbf4f)
This commit is contained in:
diptanilsaha
2026-03-25 14:46:50 +05:30
committed by Mergify
parent 64956ab59c
commit 7b9f2626f8
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
erpnext/templates/pages/order.html
View File

@@ -140,7 +140,7 @@
<div class="col-sm-12"> <div class="col-sm-12">
{% for attachment in attachments %} {% for attachment in attachments %}
<p class="small"> <p class="small">
<a href="{{ attachment.file_url }}" target="blank"> {{ attachment.file_name }} </a> <a href="{{ attachment.file_url|e }}" target="blank"> {{ attachment.file_name|e }} </a>
</p> </p>
{% endfor %} {% endfor %}
</div> </div>

4
erpnext/templates/pages/projects.html
View File

@@ -82,11 +82,11 @@
<div class="project-attachments"> <div class="project-attachments">
{% for attachment in doc.attachments %} {% for attachment in doc.attachments %}
<div class="attachment"> <div class="attachment">
<a class="no-decoration attachment-link" href="{{ attachment.file_url }}" target="blank"> <a class="no-decoration attachment-link" href="{{ attachment.file_url|e }}" target="blank">
<div class="row"> <div class="row">
<div class="col-xs-9"> <div class="col-xs-9">
<span class="indicator red file-name"> <span class="indicator red file-name">
{{ attachment.file_name }}</span> {{ attachment.file_name|e }}</span>
</div> </div>
<div class="col-xs-3"> <div class="col-xs-3">
<span class="pull-right file-size">{{ attachment.file_size }}</span> <span class="pull-right file-size">{{ attachment.file_size }}</span>