fix: sanitize all-products search before displaying results (#21764) Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>

commit: 49b2b155b6122ade55bb723c2d979a96e568446d [log] [tgz]
author: Chinmay Pai <chinmaydpai@gmail.com> Tue May 26 18:21:11 2020 +0530
committer: GitHub <noreply@github.com> Tue May 26 18:21:11 2020 +0530
tree: 3586261268b7e16ff1787dc5984428b8dea01bc3
parent: c0b4ec52de7e2c03fc0e478825750d2c060b618b [diff]
diff --git a/erpnext/www/all-products/index.html b/erpnext/www/all-products/index.html
index f090214..0126b59 100644
--- a/erpnext/www/all-products/index.html
+++ b/erpnext/www/all-products/index.html

@@ -11,7 +11,7 @@
 		<div class="input-group input-group-sm mb-3">
 			<input type="search" class="form-control" placeholder="{{_('Search')}}"
 				aria-label="{{_('Product Search')}}" aria-describedby="product-search"
-				value="{{ frappe.form_dict.search or '' }}"
+				value="{{ frappe.sanitize_html(frappe.form_dict.search) or '' }}"
 			>
 		</div>
 	</div>
commit	49b2b155b6122ade55bb723c2d979a96e568446d	[log] [tgz]
author	Chinmay Pai <chinmaydpai@gmail.com>	Tue May 26 18:21:11 2020 +0530
committer	GitHub <noreply@github.com>	Tue May 26 18:21:11 2020 +0530
tree	3586261268b7e16ff1787dc5984428b8dea01bc3
parent	c0b4ec52de7e2c03fc0e478825750d2c060b618b [diff]