Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-11-14 17:25:52 +01:00
Code Issues Packages Projects Releases Activity

sanitize note title && attrs just to be sure

Browse Source
This commit is contained in:
zadam
2022-07-06 23:09:16 +02:00
parent 4fc686bbbc
commit 12b3302687
6 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/services/html_sanitizer.js
View File

@@ -2,6 +2,8 @@ const sanitizeHtml = require('sanitize-html');
// intended mainly as protection against XSS via import
// secondarily it (partly) protects against "CSS takeover"
// sanitize also note titles, label values etc. - there's so many usage which make it difficult to guarantee all of them
// are properly handled
function sanitize(dirtyHtml) {
if (!dirtyHtml) {
return dirtyHtml;