Skip to content

Do not execute scripts in HTML blocks by default to prevent XSS #11172

New issue
New issue
Closed
Closed
Do not execute scripts in HTML blocks by default to prevent XSS#11172
Assignees
88250
Labels
Enhancement
Milestone
 
3.0.12
@88250

Description

@88250
88250
opened on Apr 27, 2024 · edited by 88250
Member

设置 - 编辑器 - 允许执行 HTML 块内脚本,默认不勾选,即不允许支持脚本。

Activity

88250
assigned
88250
and
Vanessa219
on Apr 27, 2024
88250
added
Enhancement
on Apr 27, 2024
88250
unassigned
Vanessa219
on Apr 27, 2024
88250
added 2 commits that reference this issue on Apr 27, 2024

🎨 Do not execute scripts in HTML blocks by default to prevent XSS #11172

34caeb5

🎨 Do not execute scripts in HTML blocks by default to prevent XSS #11172

9c1ebe6
88250
added this to the 3.0.12 milestone on Apr 27, 2024
88250
closed this as completedon Apr 27, 2024
88250
mentioned this in 2 issues on Apr 27, 2024
TCOTC

TCOTC commented on Apr 27, 2024

@TCOTC
TCOTC
on Apr 27, 2024
Contributor

感觉再给单个 HTML 块弄个开关会不会更好?

88250

88250 commented on Apr 27, 2024

@88250
88250
on Apr 27, 2024
MemberAuthor

感觉没有必要,默认安全过滤,用户启用时知道潜在的风险就行了。

88250
mentioned this on Sep 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

Enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

    Development

    No branches or pull requests

      Participants

      @88250@Vanessa219@TCOTC

      Issue actions
        Do not execute scripts in HTML blocks by default to prevent XSS · Issue #11172 · siyuan-note/siyuan