🔒 XSS in inline-memo https://github.com/siyuan-note/siyuan/issues/15280

2025-12-30 13:28:48 +01:00 · 2025-07-12 11:12:47 +08:00 · 2025-07-12 11:12:47 +08:00 · 2ea8743fbf
commit 2ea8743fbf
parent 9ae785e6e3
1 changed files with 14 additions and 0 deletions
--- a/app/src/protyle/util/onGet.ts
+++ b/app/src/protyle/util/onGet.ts
@ -133,6 +133,20 @@ const setHTML = (options: {
    if (protyle.contentElement.classList.contains("fn__none") && protyle.wysiwyg.element.innerHTML !== "") {
        return;
    }
+
+    if (DOMPurify) {
+        // XSS in inline-memo https://github.com/siyuan-note/siyuan/issues/15280
+        const parser = new DOMParser();
+        const doc = parser.parseFromString(options.content, "text/html");
+        doc.querySelectorAll("[data-inline-memo-content]").forEach(item => {
+            const content = item.getAttribute("data-inline-memo-content");
+            if (content) {
+                item.setAttribute("data-inline-memo-content", DOMPurify.sanitize(content));
+            }
+        });
+        options.content = doc.body.innerHTML;
+    }
+
    protyle.block.showAll = options.action.includes(Constants.CB_GET_ALL);
    const REMOVED_OVER_HEIGHT = protyle.contentElement.clientHeight * 8;
    const updateReadonly = typeof options.updateReadonly === "undefined" ? protyle.wysiwyg.element.innerHTML === "" : options.updateReadonly;