gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-03-01 14:22:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #3480 from contributor/feature/pageUrlSanitizeUrl

Browse Source 
Fix pageUrl and clipping selection can create multiple notes for the same Url
This commit is contained in:
zadam 2023-01-03 22:28:37 +01:00 committed by GitHub
commit d910191e83
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
package-lock.json generated
View File

@ -10,6 +10,7 @@
"hasInstallScript": true, "hasInstallScript": true,
"license": "AGPL-3.0-only", "license": "AGPL-3.0-only",
"dependencies": { "dependencies": {
"@braintree/sanitize-url": "^6.0.2",
"@electron/remote": "2.0.9", "@electron/remote": "2.0.9",
"@excalidraw/excalidraw": "0.13.0", "@excalidraw/excalidraw": "0.13.0",
"archiver": "5.3.1", "archiver": "5.3.1",
@ -115,6 +116,11 @@
"node": ">=6.9.0" "node": ">=6.9.0"
} }
}, },
"node_modules/@braintree/sanitize-url": {
"version": "6.0.2",
"resolved": "https://registry.npmjs.org/@braintree/sanitize-url/-/sanitize-url-6.0.2.tgz",
"integrity": "sha512-Tbsj02wXCbqGmzdnXNk0SOF19ChhRU70BsroIi4Pm6Ehp56in6vch94mfbdQ17DozxkL3BAVjbZ4Qc1a0HFRAg=="
},
"node_modules/@develar/schema-utils": { "node_modules/@develar/schema-utils": {
"version": "2.6.5", "version": "2.6.5",
"resolved": "https://registry.npmjs.org/@develar/schema-utils/-/schema-utils-2.6.5.tgz", "resolved": "https://registry.npmjs.org/@develar/schema-utils/-/schema-utils-2.6.5.tgz",
@ -10552,6 +10558,11 @@
"regenerator-runtime": "^0.13.4" "regenerator-runtime": "^0.13.4"
} }
}, },
"@braintree/sanitize-url": {
"version": "6.0.2",
"resolved": "https://registry.npmjs.org/@braintree/sanitize-url/-/sanitize-url-6.0.2.tgz",
"integrity": "sha512-Tbsj02wXCbqGmzdnXNk0SOF19ChhRU70BsroIi4Pm6Ehp56in6vch94mfbdQ17DozxkL3BAVjbZ4Qc1a0HFRAg=="
},
"@develar/schema-utils": { "@develar/schema-utils": {
"version": "2.6.5", "version": "2.6.5",
"resolved": "https://registry.npmjs.org/@develar/schema-utils/-/schema-utils-2.6.5.tgz", "resolved": "https://registry.npmjs.org/@develar/schema-utils/-/schema-utils-2.6.5.tgz",

1
package.json
View File

@ -29,6 +29,7 @@
"postinstall": "rimraf ./node_modules/canvas" "postinstall": "rimraf ./node_modules/canvas"
}, },
"dependencies": { "dependencies": {
"@braintree/sanitize-url": "^6.0.2",
"@electron/remote": "2.0.9", "@electron/remote": "2.0.9",
"@excalidraw/excalidraw": "0.13.0", "@excalidraw/excalidraw": "0.13.0",
"archiver": "5.3.1", "archiver": "5.3.1",

9
src/routes/api/clipper.js
View File

@ -14,8 +14,8 @@ const Attribute = require('../../becca/entities/attribute');
const htmlSanitizer = require('../../services/html_sanitizer'); const htmlSanitizer = require('../../services/html_sanitizer');
const {formatAttrForSearch} = require("../../services/attribute_formatter"); const {formatAttrForSearch} = require("../../services/attribute_formatter");
function findClippingNote(todayNote, pageUrl) { function findClippingNote(clipperInboxNote, pageUrl) {
const notes = todayNote.searchNotesInSubtree( const notes = clipperInboxNote.searchNotesInSubtree(
formatAttrForSearch({ formatAttrForSearch({
type: 'label', type: 'label',
name: "pageUrl", name: "pageUrl",
@ -47,6 +47,7 @@ function addClipping(req) {
const clipperInbox = getClipperInboxNote(); const clipperInbox = getClipperInboxNote();
pageUrl = htmlSanitizer.sanitizeUrl(pageUrl);
let clippingNote = findClippingNote(clipperInbox, pageUrl); let clippingNote = findClippingNote(clipperInbox, pageUrl);
if (!clippingNote) { if (!clippingNote) {
@ -57,8 +58,6 @@ function addClipping(req) {
type: 'text' type: 'text'
}).note; }).note;
pageUrl = htmlSanitizer.sanitize(pageUrl);
clippingNote.setLabel('clipType', 'clippings'); clippingNote.setLabel('clipType', 'clippings');
clippingNote.setLabel('pageUrl', pageUrl); clippingNote.setLabel('pageUrl', pageUrl);
clippingNote.setLabel('iconClass', 'bx bx-globe'); clippingNote.setLabel('iconClass', 'bx bx-globe');
@ -96,7 +95,7 @@ function createNote(req) {
note.setLabel('clipType', clipType); note.setLabel('clipType', clipType);
if (pageUrl) { if (pageUrl) {
pageUrl = htmlSanitizer.sanitize(pageUrl); pageUrl = htmlSanitizer.sanitizeUrl(pageUrl);
note.setLabel('pageUrl', pageUrl); note.setLabel('pageUrl', pageUrl);
note.setLabel('iconClass', 'bx bx-globe'); note.setLabel('iconClass', 'bx bx-globe');

4
src/services/html_sanitizer.js
View File

@ -1,4 +1,5 @@
const sanitizeHtml = require('sanitize-html'); const sanitizeHtml = require('sanitize-html');
const sanitizeUrl = require('@braintree/sanitize-url').sanitizeUrl;
// intended mainly as protection against XSS via import // intended mainly as protection against XSS via import
// secondarily it (partly) protects against "CSS takeover" // secondarily it (partly) protects against "CSS takeover"
@ -50,5 +51,6 @@ function sanitize(dirtyHtml) {
} }
module.exports = { module.exports = {
sanitize sanitize,
sanitizeUrl
}; };