Skip to content

Commit

Permalink
Revert "fix: escape text types before setting disp area (#25520) (#25523
Browse files Browse the repository at this point in the history 
)" (#25603) (#25606)

This reverts commit bc83b24.

(cherry picked from commit bbf55df)

Co-authored-by: Ankush Menat <ankush@frappe.io>
  • Loading branch information
@mergify @ankush
mergify[bot] and ankush committed Mar 22, 2024
1 parent b3473e3 commit 987ae2b
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions frappe/public/js/frappe/form/controls/base_input.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,12 +146,11 @@ frappe.ui.form.ControlInput = class ControlInput extends frappe.ui.form.Control
} else {
value = this.value || value;
}
if (["Data", "Long Text", "Small Text", "Text", "Password"].includes(this.df.fieldtype)) {
if (this.df.fieldtype === "Data") {
value = frappe.utils.escape_html(value);
}
let doc = this.doc || (this.frm && this.frm.doc);
let display_value = frappe.format(value, this.df, { no_icon: true, inline: true }, doc);
// This is used to display formatted output AND showing values in read only fields
this.disp_area && $(this.disp_area).html(display_value);
}
set_label(label) {
Expand Down

1 comment on commit 987ae2b

@AhmadReda
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please return this line again if (["Data", "Long Text", "Small Text", "Text", "Password"].includes(this.df.fieldtype)) {} instead of if (this.df.fieldtype === "Data") {}
as it make XSS Security Issue

Please sign in to comment.