Andreas/siyuan
1
0
Fork 0
mirror of https://github.com/siyuan-note/siyuan.git synced 2025-12-16 22:50:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

🔒 Some XSS vulnerabilities https://github.com/siyuan-note/siyuan/issues/13171

Browse source
This commit is contained in:
Daniel 2024-11-17 11:34:38 +08:00
parent 74db798a04
commit 096fea2c8f
No known key found for this signature in database
GPG key ID: 86211BA83DF03017
4 changed files with 14 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

4
kernel/sql/block.go
View file

@ -253,11 +253,11 @@ func nodeStaticContent(node *ast.Node, excludeTypes []string, includeTextMarkATi
if n.IsTextMarkType("a") && includeTextMarkATitleURL {
// 搜索不到超链接元素的 URL 和标题 https://github.com/siyuan-note/siyuan/issues/7352
if "" != n.TextMarkATitle {
buf.WriteString(" " + html.UnescapeHTMLStr(n.TextMarkATitle))
buf.WriteString(" " + util.UnescapeHTML(n.TextMarkATitle))
}
if !strings.HasPrefix(n.TextMarkAHref, "assets/") || includeAssetPath {
buf.WriteString(" " + html.UnescapeHTMLStr(n.TextMarkAHref))
buf.WriteString(" " + util.UnescapeHTML(n.TextMarkAHref))
}
}
case ast.NodeBackslashContent: