Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-11-12 00:05:50 +01:00
Code Issues Packages Projects Releases Activity

sanitize note title && attrs just to be sure

Browse Source
This commit is contained in:
zadam
2022-07-06 23:09:16 +02:00
parent 4fc686bbbc
commit 12b3302687
6 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/services/import/zip.js
View File

@@ -160,6 +160,11 @@ async function importZip(taskContext, fileBuffer, importRootNote) {
attr.name = 'disabled:' + attr.name;
}
if (taskContext.data.safeImport) {
attr.name = htmlSanitizer.sanitize(attr.name);
attr.value = htmlSanitizer.sanitize(attr.value);
}
attributes.push(attr);
}
}