From 2ea8743fbfc54619bd54b71a0bd66abdf002b52a Mon Sep 17 00:00:00 2001
From: Daniel <845765@qq.com>
Date: Sat, 12 Jul 2025 11:12:47 +0800
Subject: [PATCH] :lock: XSS in inline-memo
 https://github.com/siyuan-note/siyuan/issues/15280

---
 app/src/protyle/util/onGet.ts | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/app/src/protyle/util/onGet.ts b/app/src/protyle/util/onGet.ts
index 22a919d4e..0f94e040f 100644
--- a/app/src/protyle/util/onGet.ts
+++ b/app/src/protyle/util/onGet.ts
@@ -133,6 +133,20 @@ const setHTML = (options: {
     if (protyle.contentElement.classList.contains("fn__none") && protyle.wysiwyg.element.innerHTML !== "") {
         return;
     }
+
+    if (DOMPurify) {
+        // XSS in inline-memo https://github.com/siyuan-note/siyuan/issues/15280
+        const parser = new DOMParser();
+        const doc = parser.parseFromString(options.content, "text/html");
+        doc.querySelectorAll("[data-inline-memo-content]").forEach(item => {
+            const content = item.getAttribute("data-inline-memo-content");
+            if (content) {
+                item.setAttribute("data-inline-memo-content", DOMPurify.sanitize(content));
+            }
+        });
+        options.content = doc.body.innerHTML;
+    }
+
     protyle.block.showAll = options.action.includes(Constants.CB_GET_ALL);
     const REMOVED_OVER_HEIGHT = protyle.contentElement.clientHeight * 8;
     const updateReadonly = typeof options.updateReadonly === "undefined" ? protyle.wysiwyg.element.innerHTML === "" : options.updateReadonly;