Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix(security): prevent xss attack in search (#18847)
  • Loading branch information
jll-02 committed Nov 11, 2022
1 parent 668a730 commit bfab719
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions frappe/templates/includes/navbar/navbar_search.html
Expand Up @@ -2,8 +2,8 @@
<li>
<form action='/search'>
<input name='q' class='form-control navbar-search' type='text'
value='{{ frappe.form_dict.q or ''}}'
value='{{ frappe.form_dict.q|e or ''}}'
{% if not frappe.form_dict.q%}placeholder="{{ _("Search...") }}"{% endif %}>
</form>
</li>
{% endif %}
{% endif %}

0 comments on commit bfab719

Please sign in to comment.