[fix] sanitize html of product bundle description
diff --git a/erpnext/patches.txt b/erpnext/patches.txt
index efcceb3..1b9cbe5 100644
--- a/erpnext/patches.txt
+++ b/erpnext/patches.txt
@@ -257,4 +257,5 @@
execute:frappe.delete_doc_if_exists("Web Form", "contact") #2016-03-10
erpnext.patches.v6_20x.remove_fiscal_year_from_holiday_list
erpnext.patches.v6_24.map_customer_address_to_shipping_address_on_po
-erpnext.patches.v6_27.fix_recurring_order_status
\ No newline at end of file
+erpnext.patches.v6_27.fix_recurring_order_status
+erpnext.patches.v6_20x.update_product_bundle_description
diff --git a/erpnext/patches/v6_20x/update_product_bundle_description.py b/erpnext/patches/v6_20x/update_product_bundle_description.py
new file mode 100644
index 0000000..1fac44b
--- /dev/null
+++ b/erpnext/patches/v6_20x/update_product_bundle_description.py
@@ -0,0 +1,11 @@
+from __future__ import unicode_literals
+import frappe
+from frappe.utils import sanitize_html
+
+def execute():
+ for product_bundle in frappe.get_all('Product Bundle'):
+ doc = frappe.get_doc('Product Bundle', product_bundle.name)
+ for item in doc.items:
+ if item.description:
+ description = sanitize_html(item.description)
+ item.db_set('description', description, update_modified=False)