Andreas/siyuan
1
0
Fork 0
mirror of https://github.com/siyuan-note/siyuan.git synced 2026-02-25 16:34:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

🔒 Do not execute scripts in assets SVG by default to prevent XSS https://github.com/siyuan-note/siyuan/issues/16844

Browse source 
Signed-off-by: Daniel <845765@qq.com>
This commit is contained in:
Daniel 2026-01-16 18:11:55 +08:00
parent 65532aec99
commit 11115da3d0
No known key found for this signature in database
GPG key ID: 86211BA83DF03017
23 changed files with 125 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
kernel/conf/editor.go
View file

@ -19,6 +19,7 @@ package conf
import "github.com/siyuan-note/siyuan/kernel/util"
type Editor struct {
AllowSVGScript bool `json:"allowSVGScript"` // 允许执行 SVG 内脚本
AllowHTMLBLockScript bool `json:"allowHTMLBLockScript"` // 允许执行 HTML 块内脚本
FontSize int `json:"fontSize"` // 字体大小
FontSizeScrollZoom bool `json:"fontSizeScrollZoom"` // 字体大小是否支持滚轮缩放