From 83209e6ab2156effd71ab14f3369ebacb38fabf2 Mon Sep 17 00:00:00 2001 From: Daniel <845765@qq.com> Date: Wed, 8 May 2024 19:52:10 +0800 Subject: [PATCH] :art: Improve database text, email, url and phone field content escaping https://github.com/siyuan-note/siyuan/issues/11255 --- kernel/model/attribute_view.go | 14 +++++++++++++- kernel/treenode/node.go | 14 +++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/kernel/model/attribute_view.go b/kernel/model/attribute_view.go index a7985513f..cbdf535ef 100644 --- a/kernel/model/attribute_view.go +++ b/kernel/model/attribute_view.go @@ -1087,10 +1087,22 @@ func renderAttributeViewTable(attrView *av.AttributeView, view *av.View, query s if nil != tableCell.Value && nil != tableCell.Value.Relation { tableCell.Value.Relation.Contents = nil } - case av.KeyTypeText: // 渲染文本列 + case av.KeyTypeText: if nil != tableCell.Value && nil != tableCell.Value.Text { tableCell.Value.Text.Content = util.EscapeHTML(tableCell.Value.Text.Content) } + case av.KeyTypeEmail: + if nil != tableCell.Value && nil != tableCell.Value.Email { + tableCell.Value.Email.Content = util.EscapeHTML(tableCell.Value.Email.Content) + } + case av.KeyTypeURL: + if nil != tableCell.Value && nil != tableCell.Value.URL { + tableCell.Value.URL.Content = util.EscapeHTML(tableCell.Value.URL.Content) + } + case av.KeyTypePhone: + if nil != tableCell.Value && nil != tableCell.Value.Phone { + tableCell.Value.Phone.Content = util.EscapeHTML(tableCell.Value.Phone.Content) + } } treenode.FillAttributeViewTableCellNilValue(tableCell, rowID, col.ID) diff --git a/kernel/treenode/node.go b/kernel/treenode/node.go index fd9d5f3b7..72d1a2bb5 100644 --- a/kernel/treenode/node.go +++ b/kernel/treenode/node.go @@ -722,10 +722,22 @@ func renderAttributeViewTable(attrView *av.AttributeView, view *av.View) (ret *a if nil != tableCell.Value && nil != tableCell.Value.Relation { tableCell.Value.Relation.Contents = nil } - case av.KeyTypeText: // 渲染文本列 + case av.KeyTypeText: if nil != tableCell.Value && nil != tableCell.Value.Text { tableCell.Value.Text.Content = util.EscapeHTML(tableCell.Value.Text.Content) } + case av.KeyTypeEmail: + if nil != tableCell.Value && nil != tableCell.Value.Email { + tableCell.Value.Email.Content = util.EscapeHTML(tableCell.Value.Email.Content) + } + case av.KeyTypeURL: + if nil != tableCell.Value && nil != tableCell.Value.URL { + tableCell.Value.URL.Content = util.EscapeHTML(tableCell.Value.URL.Content) + } + case av.KeyTypePhone: + if nil != tableCell.Value && nil != tableCell.Value.Phone { + tableCell.Value.Phone.Content = util.EscapeHTML(tableCell.Value.Phone.Content) + } } FillAttributeViewTableCellNilValue(tableCell, rowID, col.ID)