Andreas/siyuan
1
0
Fork 0
mirror of https://github.com/siyuan-note/siyuan.git synced 2026-02-20 05:58:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

🔒 Do not execute scripts in assets SVG by default to prevent XSS https://github.com/siyuan-note/siyuan/issues/16844

Browse source 
Signed-off-by: Daniel <845765@qq.com>
This commit is contained in:
Daniel 2026-01-16 18:11:55 +08:00
parent 65532aec99
commit 11115da3d0
No known key found for this signature in database
GPG key ID: 86211BA83DF03017
23 changed files with 125 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/src/types/config.d.ts vendored
View file

@ -350,6 +350,11 @@ declare namespace Config {
*/
export interface IEditor {
/**
* Whether to allow to execute javascript in the SVG
*/
allowSVGScript: boolean;
/**
* Whether to allow to execute javascript in the HTML block
*/