Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-08-11 11:02:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(client): unescaped HTML in bookmarked notes & folders

Browse Source
This commit is contained in:
Elian Doran 2024-12-22 22:23:26 +02:00
parent 0bad36b9f2
commit 9bdee7afff
No known key found for this signature in database
2 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/public/app/widgets/buttons/bookmark_folder.js
View File

@ -1,5 +1,6 @@
import RightDropdownButtonWidget from "./right_dropdown_button.js"; import RightDropdownButtonWidget from "./right_dropdown_button.js";
import linkService from "../../services/link.js"; import linkService from "../../services/link.js";
import utils from "../../services/utils.js";
const DROPDOWN_TPL = ` const DROPDOWN_TPL = `
<div class="bookmark-folder-widget"> <div class="bookmark-folder-widget">
@ -44,7 +45,7 @@ const DROPDOWN_TPL = `
export default class BookmarkFolderWidget extends RightDropdownButtonWidget { export default class BookmarkFolderWidget extends RightDropdownButtonWidget {
constructor(note) { constructor(note) {
super(note.title, note.getIcon(), DROPDOWN_TPL); super(utils.escapeHtml(note.title), note.getIcon(), DROPDOWN_TPL);
this.note = note; this.note = note;
} }

2
src/public/app/widgets/buttons/open_note_button_widget.js
View File

@ -9,7 +9,7 @@ export default class OpenNoteButtonWidget extends OnClickButtonWidget {
this.noteToOpen = noteToOpen; this.noteToOpen = noteToOpen;
this.title(() => this.noteToOpen.title) this.title(() => utils.escapeHtml(this.noteToOpen.title))
.icon(() => this.noteToOpen.getIcon()) .icon(() => this.noteToOpen.getIcon())
.onClick((widget, evt) => this.launch(evt)) .onClick((widget, evt) => this.launch(evt))
.onAuxClick((widget, evt) => this.launch(evt)) .onAuxClick((widget, evt) => this.launch(evt))