From de446f2d8d7585335b87a9b550df03be4627e841 Mon Sep 17 00:00:00 2001
From: Bread Genie <msuhailbh07@gmail.com>
Date: Sat, 29 Jun 2024 11:48:23 +0530
Subject: [PATCH] fix(saas-signup): sanitize first name and last name

---
 press/api/saas.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/press/api/saas.py b/press/api/saas.py
index 6d3ab2cba0..cf2e34eb69 100644
--- a/press/api/saas.py
+++ b/press/api/saas.py
@@ -33,6 +33,8 @@ def account_request(
 	"""
 	return: Stripe setup intent and AR key if stripe flow, else None
 	"""
+	from frappe.utils import sanitize_html
+
 	email = email.strip().lower()
 	frappe.utils.validate_email_address(email, True)
 
@@ -61,8 +63,8 @@ def account_request(
 				"subdomain": subdomain,
 				"email": email,
 				"role": "Press Admin",
-				"first_name": first_name,
-				"last_name": last_name,
+				"first_name": sanitize_html(first_name),
+				"last_name": sanitize_html(last_name),
 				"country": country,
 				"url_args": url_args or json.dumps({}),
 				"send_email": True,