Merge branch 'hotfix'

frappe/__init__.py

@@ -14,7 +14,7 @@ import os, sys, importlib, inspect, json
 from .exceptions import *
 from .utils.jinja import get_jenv, get_template, render_template, get_email_from_template
 
-__version__ = '10.0.0'
+__version__ = '10.0.1'
 __title__ = "Frappe Framework"
 
 local = Local()

frappe/core/doctype/communication/email.py

@@ -304,17 +304,17 @@ def set_incoming_outgoing_accounts(doc):
 		doc.incoming_email_account = frappe.db.get_value("Email Account",
 			{"default_incoming": 1, "enable_incoming": 1},  "email_id")
 
-	if not doc.outgoing_email_account:
-		doc.outgoing_email_account = frappe.db.get_value("Email Account",
-			{"default_outgoing": 1, "enable_outgoing": 1},
-			["email_id", "always_use_account_email_id_as_sender", "name", "send_unsubscribe_message"],as_dict=True) or frappe._dict()
-
 	if not doc.outgoing_email_account:
 		# if from address is not the default email account
 		doc.outgoing_email_account = frappe.db.get_value("Email Account",
 			{"email_id": doc.sender, "enable_outgoing": 1},
 			["email_id", "always_use_account_email_id_as_sender", "name", "send_unsubscribe_message"], as_dict=True) or frappe._dict()
 
+	if not doc.outgoing_email_account:
+		doc.outgoing_email_account = frappe.db.get_value("Email Account",
+			{"default_outgoing": 1, "enable_outgoing": 1},
+			["email_id", "always_use_account_email_id_as_sender", "name", "send_unsubscribe_message"],as_dict=True) or frappe._dict()
+
 	if doc.sent_or_received == "Sent":
 		doc.db_set("email_account", doc.outgoing_email_account.name)
 

frappe/public/js/frappe/misc/common.js

@@ -262,7 +262,6 @@ frappe.utils.xss_sanitise = function (string, options) {
 		strategies: ['html', 'js'] // use all strategies.
 	}
 	const HTML_ESCAPE_MAP = {
-		'&': '&amp',
 		'<': '&lt',
 		'>': '&gt',
 		'"': '&quot',
@@ -271,16 +270,16 @@ frappe.utils.xss_sanitise = function (string, options) {
 	};
 	const REGEX_SCRIPT     = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi; // used in jQuery 1.7.2 src/ajax.js Line 14
 	options          	   = Object.assign({ }, DEFAULT_OPTIONS, options); // don't deep copy, immutable beauty.
-	
+
 	// Rule 1
 	if ( options.strategies.includes('html') ) {
-		// By far, the best thing that has ever happened to JS - Object.keys
-		Object.keys(HTML_ESCAPE_MAP).map((char, escape) => {
+		for (let char in HTML_ESCAPE_MAP) {
+			const escape = HTML_ESCAPE_MAP[char];
 			const regex = new RegExp(char, "g");
 			sanitised = sanitised.replace(regex, escape);
-		});
+		}
 	}
-	
+
 	// Rule 3 - TODO: Check event handlers?
 	if ( options.strategies.includes('js') ) {
 		sanitised = sanitised.replace(REGEX_SCRIPT, "");