🔒 Do not execute scripts in assets SVG by default to prevent XSS https://github.com/siyuan-note/siyuan/issues/16844

Signed-off-by: Daniel <845765@qq.com>
This commit is contained in:
Daniel 2026-01-16 18:11:55 +08:00
parent 65532aec99
commit 11115da3d0
No known key found for this signature in database
GPG key ID: 86211BA83DF03017
23 changed files with 125 additions and 3 deletions

View file

@ -350,6 +350,11 @@ declare namespace Config {
*/
export interface IEditor {
/**
* Whether to allow to execute javascript in the SVG
*/
allowSVGScript: boolean;
/**
* Whether to allow to execute javascript in the HTML block
*/