Andreas/siyuan
1
0
Fork 0
mirror of https://github.com/siyuan-note/siyuan.git synced 2026-02-17 04:28:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

🎨 Improve escaping https://github.com/siyuan-note/siyuan/issues/13135

Browse source
This commit is contained in:
Daniel 2024-11-15 22:42:33 +08:00
parent 7b342fc004
commit a2a46f8f39
No known key found for this signature in database
GPG key ID: 86211BA83DF03017
3 changed files with 4 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

7
kernel/model/search.go
View file

@ -618,11 +618,11 @@ func FindReplace(keyword, replacement string, replaceTypes map[string]bool, ids
if 0 == method {
if strings.Contains(n.TextMarkTextContent, escapedKey) {
n.TextMarkTextContent = strings.ReplaceAll(n.TextMarkTextContent, escapedKey, replacement)
n.TextMarkTextContent = strings.ReplaceAll(n.TextMarkTextContent, escapedKey, util.EscapeHTML(replacement))
}
} else if 3 == method {
if nil != escapedR && escapedR.MatchString(n.TextMarkTextContent) {
n.TextMarkTextContent = escapedR.ReplaceAllString(n.TextMarkTextContent, replacement)
n.TextMarkTextContent = escapedR.ReplaceAllString(n.TextMarkTextContent, util.EscapeHTML(replacement))
}
}
} else if n.IsTextMarkType("a") {
@ -1559,12 +1559,11 @@ func fromSQLBlock(sqlBlock *sql.Block, terms string, beforeLen int) (block *Bloc
}
}
content = util.EscapeHTML(content) // Search dialog XSS https://github.com/siyuan-note/siyuan/issues/8525
content, _ = markSearch(content, terms, beforeLen)
content = maxContent(content, 5120)
tag, _ := markSearch(sqlBlock.Tag, terms, beforeLen)
markdown := maxContent(sqlBlock.Markdown, 5120)
fContent := util.EscapeHTML(sqlBlock.FContent) // fContent 会用于和 content 对比,在反链计算时用于判断是否是列表项下第一个子块,所以也需要转义 https://github.com/siyuan-note/siyuan/issues/11001
fContent := sqlBlock.FContent
block = &Block{
Box: sqlBlock.Box,
Path: sqlBlock.Path,