Skip to content

Commit

Permalink
fix: escpae filename
Browse files Browse the repository at this point in the history 
filenamexss
  • Loading branch information
@ranjit-git
ranjit-git committed Oct 19, 2023
1 parent 7101719 commit 3351dd9
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions frappe/core/doctype/file/file.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,14 +40,14 @@ frappe.ui.form.on("File", {
$preview = $(`<div class="img_preview">
<img
class="img-responsive"
src="${frm.doc.file_url}"
src="${frappe.utils.escape_html(frm.doc.file_url)}"
onerror="${frm.toggle_display("preview", false)}"
/>
</div>`);
} else if (frappe.utils.is_video_file(frm.doc.file_url)) {
$preview = $(`<div class="img_preview">
<video width="480" height="320" controls>
<source src="${frm.doc.file_url}">
<source src="${frappe.utils.escape_html(frm.doc.file_url)}">
${__("Your browser does not support the video element.")}
</video>
</div>`);
Expand All @@ -58,14 +58,14 @@ frappe.ui.form.on("File", {
style="background:#323639;"
width="100%"
height="1190"
src="${frm.doc.file_url}" type="application/pdf"
src="${frappe.utils.escape_html(frm.doc.file_url)}" type="application/pdf"
>
</object>
</div>`);
} else if (file_extension === "mp3") {
$preview = $(`<div class="img_preview">
<audio width="480" height="60" controls>
<source src="${frm.doc.file_url}" type="audio/mpeg">
<source src="${frappe.utils.escape_html(frm.doc.file_url)}" type="audio/mpeg">
${__("Your browser does not support the audio element.")}
</audio >
</div>`);
Expand Down

0 comments on commit 3351dd9

Please sign in to comment.