🔒 XSS through emoji name https://github.com/siyuan-note/siyuan/issues/15034

2026-03-06 12:50:16 +01:00 · 2025-06-25 13:15:55 +08:00 · 2025-06-25 13:15:55 +08:00 · 0a17b83372
commit 0a17b83372
parent 9718d3b1c8
5 changed files with 11 additions and 38 deletions
--- a/kernel/model/file.go
+++ b/kernel/model/file.go
@ -80,12 +80,7 @@ func (box *Box) docFromFileInfo(fileInfo *FileInfo, ial map[string]string) (ret
 	ret.Path = fileInfo.path
 	ret.Size = uint64(fileInfo.size)
 	ret.Name = ial["title"] + ".sy"
-	icon := ial["icon"]
-	if strings.Contains(icon, ".") {
-		// XSS through emoji name https://github.com/siyuan-note/siyuan/issues/15034
-		icon = util.FilterUploadEmojiFileName(icon)
-	}
-	ret.Icon = icon
+	ret.Icon = ial["icon"]
 	ret.ID = ial["id"]
 	ret.Name1 = ial["name"]
 	ret.Alias = ial["alias"]