From 9661dbc4b2406f902c7dfb3e8b5451082fef05d3 Mon Sep 17 00:00:00 2001
From: Daniel <845765@qq.com>
Date: Wed, 8 May 2024 11:08:26 +0800
Subject: [PATCH] :art: Improve database text field content escaping
 https://github.com/siyuan-note/siyuan/issues/11255

---
 kernel/model/attribute_view.go | 4 ++++
 kernel/treenode/node.go        | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/kernel/model/attribute_view.go b/kernel/model/attribute_view.go
index be14292c4..a7985513f 100644
--- a/kernel/model/attribute_view.go
+++ b/kernel/model/attribute_view.go
@@ -1087,6 +1087,10 @@ func renderAttributeViewTable(attrView *av.AttributeView, view *av.View, query s
 				if nil != tableCell.Value && nil != tableCell.Value.Relation {
 					tableCell.Value.Relation.Contents = nil
 				}
+			case av.KeyTypeText: // 渲染文本列
+				if nil != tableCell.Value && nil != tableCell.Value.Text {
+					tableCell.Value.Text.Content = util.EscapeHTML(tableCell.Value.Text.Content)
+				}
 			}
 
 			treenode.FillAttributeViewTableCellNilValue(tableCell, rowID, col.ID)
diff --git a/kernel/treenode/node.go b/kernel/treenode/node.go
index 5fbc14ce1..fd9d5f3b7 100644
--- a/kernel/treenode/node.go
+++ b/kernel/treenode/node.go
@@ -722,6 +722,10 @@ func renderAttributeViewTable(attrView *av.AttributeView, view *av.View) (ret *a
 				if nil != tableCell.Value && nil != tableCell.Value.Relation {
 					tableCell.Value.Relation.Contents = nil
 				}
+			case av.KeyTypeText: // 渲染文本列
+				if nil != tableCell.Value && nil != tableCell.Value.Text {
+					tableCell.Value.Text.Content = util.EscapeHTML(tableCell.Value.Text.Content)
+				}
 			}
 
 			FillAttributeViewTableCellNilValue(tableCell, rowID, col.ID)