Andreas/siyuan
1
0
Fork 0
mirror of https://github.com/siyuan-note/siyuan.git synced 2025-12-29 04:48:48 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

🎨 https://github.com/siyuan-note/siyuan/issues/15293

Browse source
This commit is contained in:
Vanessa 2025-07-18 11:25:51 +08:00
parent b1a04d67d9
commit 8befb8d691
3 changed files with 15 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/src/protyle/toolbar/index.ts
View file

@ -1053,7 +1053,7 @@ export class Toolbar {
}
inlineMemoElements.forEach((item) => {
if (item.nodeType !== 3) {
item.setAttribute("data-inline-memo-content", Lute.EscapeHTMLStr(textElement.value));
item.setAttribute("data-inline-memo-content", window.DOMPurify.sanitize(textElement.value));
}
});
} else {
@ -1131,7 +1131,7 @@ export class Toolbar {
}
} else if (item.nodeType !== 3) {
// 行级备注自动移除换行 https://ld246.com/article/1664205917326
item.setAttribute("data-inline-memo-content", Lute.EscapeHTMLStr(textElement.value));
item.setAttribute("data-inline-memo-content", window.DOMPurify.sanitize(textElement.value));
}
});
} else if (types.includes("inline-math")) {

22
app/src/protyle/util/onGet.ts
View file

@ -134,18 +134,16 @@ const setHTML = (options: {
return;
}
if (DOMPurify) {
// XSS in inline memo elements https://github.com/siyuan-note/siyuan/issues/15280
const parser = new DOMParser();
const doc = parser.parseFromString(options.content, "text/html");
doc.querySelectorAll("[data-inline-memo-content]").forEach(item => {
const content = item.getAttribute("data-inline-memo-content");
if (content) {
item.setAttribute("data-inline-memo-content", DOMPurify.sanitize(content));
}
});
options.content = doc.body.innerHTML;
}
// XSS in inline memo elements https://github.com/siyuan-note/siyuan/issues/15280
const parser = new DOMParser();
const doc = parser.parseFromString(options.content, "text/html");
doc.querySelectorAll("[data-inline-memo-content]").forEach(item => {
const content = item.getAttribute("data-inline-memo-content");
if (content) {
item.setAttribute("data-inline-memo-content", window.DOMPurify.sanitize(content));
}
});
options.content = doc.body.innerHTML;
protyle.block.showAll = options.action.includes(Constants.CB_GET_ALL);
const REMOVED_OVER_HEIGHT = protyle.contentElement.clientHeight * 8;

3
app/src/types/index.d.ts vendored
View file

@ -140,6 +140,9 @@ interface CSSStyleDeclarationElectron extends CSSStyleDeclaration {
}
interface Window {
DOMPurify: {
sanitize(dirty: string): string;
};
echarts: {
init(element: Element, theme?: string, options?: {
width: number