🐛 Breadcrumb XSS https://github.com/siyuan-note/siyuan/issues/10753

kernel/model/blockinfo.go

@@ -361,12 +361,11 @@ func buildBlockBreadcrumb(node *ast.Node, excludeTypes []string) (ret []*BlockPa
 			fc = fc.Next
 		}
 
-		name := util.EscapeHTML(parent.IALAttr("name"))
+		name := parent.IALAttr("name")
 		if ast.NodeDocument == parent.Type {
-			name = util.EscapeHTML(box.Name) + util.EscapeHTML(hPath)
+			name = box.Name + hPath
 		} else if ast.NodeAttributeView == parent.Type {
 			name = treenode.GetAttributeViewName(parent.AttributeViewID)
-			name = util.EscapeHTML(name)
 		} else {
 			if "" == name {
 				if ast.NodeListItem == parent.Type {
@@ -374,7 +373,6 @@ func buildBlockBreadcrumb(node *ast.Node, excludeTypes []string) (ret []*BlockPa
 				} else {
 					name = gulu.Str.SubStr(renderBlockText(parent, excludeTypes), maxNameLen)
 				}
-				name = util.EscapeHTML(name)
 			}
 			if ast.NodeHeading == parent.Type {
 				headingLevel = parent.HeadingLevel
@@ -391,15 +389,15 @@ func buildBlockBreadcrumb(node *ast.Node, excludeTypes []string) (ret []*BlockPa
 		if ast.NodeListItem == parent.Type {
 			if "" == name {
 				name = gulu.Str.SubStr(renderBlockText(fc, excludeTypes), maxNameLen)
-				name = util.EscapeHTML(name)
 			}
 		}
 
 		name = strings.ReplaceAll(name, editor.Caret, "")
+		name = util.EscapeHTML(name)
 		if add {
 			ret = append([]*BlockPath{{
 				ID:      id,
-				Name:    util.EscapeHTML(name),
+				Name:    name,
 				Type:    parent.Type.String(),
 				SubType: treenode.SubTypeAbbr(parent),
 			}}, ret...)
@@ -418,9 +416,10 @@ func buildBlockBreadcrumb(node *ast.Node, excludeTypes []string) (ret []*BlockPa
 
 			if ast.NodeHeading == b.Type && headingLevel > b.HeadingLevel {
 				name = gulu.Str.SubStr(renderBlockText(b, excludeTypes), maxNameLen)
+				name = util.EscapeHTML(name)
 				ret = append([]*BlockPath{{
 					ID:      b.ID,
-					Name:    util.EscapeHTML(name),
+					Name:    name,
 					Type:    b.Type.String(),
 					SubType: treenode.SubTypeAbbr(b),
 				}}, ret...)