From 337564eea26956aae50fa57820df3ed8010deece Mon Sep 17 00:00:00 2001
From: rohitwaghchaure <rohitw1991@gmail.com>
Date: Mon, 25 Dec 2017 16:26:25 +0530
Subject: [PATCH 1/3] [Fix] Sent email not displaying in the list (#4668)

---
 frappe/core/doctype/communication/email.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/frappe/core/doctype/communication/email.py b/frappe/core/doctype/communication/email.py
index d1b1a05e79..f37e351428 100755
--- a/frappe/core/doctype/communication/email.py
+++ b/frappe/core/doctype/communication/email.py
@@ -304,17 +304,17 @@ def set_incoming_outgoing_accounts(doc):
 		doc.incoming_email_account = frappe.db.get_value("Email Account",
 			{"default_incoming": 1, "enable_incoming": 1},  "email_id")
 
-	if not doc.outgoing_email_account:
-		doc.outgoing_email_account = frappe.db.get_value("Email Account",
-			{"default_outgoing": 1, "enable_outgoing": 1},
-			["email_id", "always_use_account_email_id_as_sender", "name", "send_unsubscribe_message"],as_dict=True) or frappe._dict()
-
 	if not doc.outgoing_email_account:
 		# if from address is not the default email account
 		doc.outgoing_email_account = frappe.db.get_value("Email Account",
 			{"email_id": doc.sender, "enable_outgoing": 1},
 			["email_id", "always_use_account_email_id_as_sender", "name", "send_unsubscribe_message"], as_dict=True) or frappe._dict()
 
+	if not doc.outgoing_email_account:
+		doc.outgoing_email_account = frappe.db.get_value("Email Account",
+			{"default_outgoing": 1, "enable_outgoing": 1},
+			["email_id", "always_use_account_email_id_as_sender", "name", "send_unsubscribe_message"],as_dict=True) or frappe._dict()
+
 	if doc.sent_or_received == "Sent":
 		doc.db_set("email_account", doc.outgoing_email_account.name)
 

From b5bf7ca6fe542727534c15e7a2deae26fcdadfae Mon Sep 17 00:00:00 2001
From: Faris Ansari <netchampfaris@users.noreply.github.com>
Date: Mon, 25 Dec 2017 18:23:54 +0530
Subject: [PATCH 2/3] FIx XSS Sanitize (#4678)

---
 frappe/public/js/frappe/misc/common.js | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/frappe/public/js/frappe/misc/common.js b/frappe/public/js/frappe/misc/common.js
index 97a91e68da..15e698f498 100644
--- a/frappe/public/js/frappe/misc/common.js
+++ b/frappe/public/js/frappe/misc/common.js
@@ -262,7 +262,6 @@ frappe.utils.xss_sanitise = function (string, options) {
 		strategies: ['html', 'js'] // use all strategies.
 	}
 	const HTML_ESCAPE_MAP = {
-		'&': '&amp',
 		'<': '&lt',
 		'>': '&gt',
 		'"': '&quot',
@@ -271,16 +270,16 @@ frappe.utils.xss_sanitise = function (string, options) {
 	};
 	const REGEX_SCRIPT     = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi; // used in jQuery 1.7.2 src/ajax.js Line 14
 	options          	   = Object.assign({ }, DEFAULT_OPTIONS, options); // don't deep copy, immutable beauty.
-	
+
 	// Rule 1
 	if ( options.strategies.includes('html') ) {
-		// By far, the best thing that has ever happened to JS - Object.keys
-		Object.keys(HTML_ESCAPE_MAP).map((char, escape) => {
+		for (let char in HTML_ESCAPE_MAP) {
+			const escape = HTML_ESCAPE_MAP[char];
 			const regex = new RegExp(char, "g");
 			sanitised = sanitised.replace(regex, escape);
-		});
+		}
 	}
-	
+
 	// Rule 3 - TODO: Check event handlers?
 	if ( options.strategies.includes('js') ) {
 		sanitised = sanitised.replace(REGEX_SCRIPT, "");

From 289b48fcdfdd9768b62618683e26ac1a24c57b47 Mon Sep 17 00:00:00 2001
From: Nabin Hait <nabinhait@gmail.com>
Date: Mon, 25 Dec 2017 18:56:17 +0600
Subject: [PATCH 3/3] bumped to version 10.0.1

---
 frappe/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frappe/__init__.py b/frappe/__init__.py
index 306591d1c8..d5ece4a417 100644
--- a/frappe/__init__.py
+++ b/frappe/__init__.py
@@ -14,7 +14,7 @@ import os, sys, importlib, inspect, json
 from .exceptions import *
 from .utils.jinja import get_jenv, get_template, render_template, get_email_from_template
 
-__version__ = '10.0.0'
+__version__ = '10.0.1'
 __title__ = "Frappe Framework"
 
 local = Local()