Python Code Review

R3zk0n ยท October 2, 2025

Research
Contents

    Unauthenticated Functions

    • @frappe.whitelist(allow_guest=True)
    frappe.website.doctype.website_settings.website_settings.is_chat_enabled
apps/frappe/frappe/website/doctype/website_settings/website_settings.py

    Cross-site Scripting

    Advisory: https://github.com/advisories/GHSA-65xw-pcqw-hjrh
<button type="button" class="btn" onclick="location.href = '{{ origin }}'; return false">Cancel</button>

    Twitter, Facebook