renun/siyuan
1
0
Fork 0
mirror of https://github.com/siyuan-note/siyuan.git synced 2025-02-28 05:32:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

🎨 Fix XSS in the tag name https://github.com/siyuan-note/siyuan/issues/13168

Browse Source
This commit is contained in:
Daniel
2024-11-18 15:19:41 +08:00
parent a3e3809e07
commit 732ee2eef3
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kernel/sql/asset.go
View File

@@ -21,9 +21,8 @@ import (
"path/filepath"
"strings"
"github.com/siyuan-note/filelock"
"github.com/88250/lute/ast"
"github.com/siyuan-note/filelock"
"github.com/siyuan-note/logging"
"github.com/siyuan-note/siyuan/kernel/treenode"
"github.com/siyuan-note/siyuan/kernel/util"
@@ -45,14 +44,15 @@ func docTagSpans(n *ast.Node) (ret []*Span) {
if tagsVal := n.IALAttr("tags"); "" != tagsVal {
tags := strings.Split(tagsVal, ",")
for _, tag := range tags {
markdown := "#" + tag + "#"
escaped := util.EscapeHTML(tag)
markdown := "#" + escaped + "#"
span := &Span{
ID: ast.NewNodeID(),
BlockID: n.ID,
RootID: n.ID,
Box: n.Box,
Path: n.Path,
Content: tag,
Content: escaped,
Markdown: markdown,
Type: "tag",
IAL: "",