Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-11-02 19:36:12 +01:00
Code Issues Packages Projects Releases Activity

sanitize note title && attrs just to be sure

Browse Source
This commit is contained in:
zadam
2022-07-06 23:09:16 +02:00
parent 4fc686bbbc
commit 12b3302687
6 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/routes/api/clipper.js
View File

@@ -43,7 +43,7 @@ function getClipperInboxNote() {
}
function addClipping(req) {
const {title, content, pageUrl, images} = req.body;
let {title, content, pageUrl, images} = req.body;
const clipperInbox = getClipperInboxNote();
@@ -57,6 +57,8 @@ function addClipping(req) {
type: 'text'
}).note;
pageUrl = htmlSanitizer.sanitize(pageUrl);
clippingNote.setLabel('clipType', 'clippings');
clippingNote.setLabel('pageUrl', pageUrl);
clippingNote.setLabel('iconClass', 'bx bx-globe');
@@ -89,9 +91,13 @@ function createNote(req) {
type: 'text'
});
clipType = htmlSanitizer.sanitize(clipType);
note.setLabel('clipType', clipType);
if (pageUrl) {
pageUrl = htmlSanitizer.sanitize(pageUrl);
note.setLabel('pageUrl', pageUrl);
note.setLabel('iconClass', 'bx bx-globe');
}