🔒 Some XSS vulnerabilities https://github.com/siyuan-note/siyuan/issues/13171

2025-02-28 05:32:52 +00:00 · 2024-11-17 11:34:38 +08:00
parent 74db798a04
commit 096fea2c8f
4 changed files with 14 additions and 14 deletions
--- a/kernel/sql/block.go
+++ b/kernel/sql/block.go
@@ -253,11 +253,11 @@ func nodeStaticContent(node *ast.Node, excludeTypes []string, includeTextMarkATi
 			if n.IsTextMarkType("a") && includeTextMarkATitleURL {
 				// 搜索不到超链接元素的 URL 和标题 https://github.com/siyuan-note/siyuan/issues/7352
 				if "" != n.TextMarkATitle {
-					buf.WriteString(" " + html.UnescapeHTMLStr(n.TextMarkATitle))
+					buf.WriteString(" " + util.UnescapeHTML(n.TextMarkATitle))
 				}

 				if !strings.HasPrefix(n.TextMarkAHref, "assets/") || includeAssetPath {
-					buf.WriteString(" " + html.UnescapeHTMLStr(n.TextMarkAHref))
+					buf.WriteString(" " + util.UnescapeHTML(n.TextMarkAHref))
 				}
 			}
 		case ast.NodeBackslashContent: