mirror of
https://github.com/siyuan-note/siyuan.git
synced 2026-02-25 16:34:06 +01:00
🔒 Do not execute scripts in assets SVG by default to prevent XSS https://github.com/siyuan-note/siyuan/issues/16844
Signed-off-by: Daniel <845765@qq.com>
This commit is contained in:
parent
65532aec99
commit
11115da3d0
23 changed files with 125 additions and 3 deletions
|
|
@ -19,6 +19,7 @@ package conf
|
|||
import "github.com/siyuan-note/siyuan/kernel/util"
|
||||
|
||||
type Editor struct {
|
||||
AllowSVGScript bool `json:"allowSVGScript"` // 允许执行 SVG 内脚本
|
||||
AllowHTMLBLockScript bool `json:"allowHTMLBLockScript"` // 允许执行 HTML 块内脚本
|
||||
FontSize int `json:"fontSize"` // 字体大小
|
||||
FontSizeScrollZoom bool `json:"fontSizeScrollZoom"` // 字体大小是否支持滚轮缩放
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue