Skip to content

Code content in templates is not properly escaped #9649

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
3 tasks done
K33k0 opened this issue Nov 14, 2023 · 3 comments
Closed
3 tasks done

Code content in templates is not properly escaped #9649

K33k0 opened this issue Nov 14, 2023 · 3 comments
Assignees
@88250
Labels
Bug
Milestone
2.10.15

Comments

@K33k0
Copy link
Contributor

K33k0 commented Nov 14, 2023
edited by 88250
Loading

String being escaped in Template export using docker latest

Is there an existing issue for this?

  • I have searched the existing issues

Can the issue be reproduced with the default theme (daylight/midnight)?

  • I was able to reproduce the issue with the default theme

Could the issue be due to extensions?

  • I've ruled out the possibility that the extension is causing the problem.

Describe the problem

I have exported a template with an action, the action is .action{now | date "2006-01-02 15:04:05"} when I attempt to load the template it complains of Parse template failed: template: :1: unexpected "&" in operand v2.10.14

See below for the template, this was generated using the export function

<span data-type="code">.action{now | date &quot;2006-01-02 15:04:05&quot;}</span>​
{: id="20231114103309-onlbj9t"}

Serial Number:
{: id="20231114103421-ivxd941"}

RO:
{: id="20231114103450-x05fd0t"}

I can confirm that manually replacing the &quot; with " fixes the template

Expected result

I was expecting the date to be shown in the output of a new document.

Screenshot or screen recording presentation

2023-11-14.11-17-49.mp4

Version environment

- Version:  v2.10.14
- Operating System: Ubuntu 22.04.3 LTS, Docker version 24.0.7, build afdd53b
- Browser (if used): Firefox 119.0 (64-bit)

Log file

Doesn't look to have been updated in a while... Nor does ithave a reference to the issue

I 2023/11/14 18:16:25 index.go:206: resolved refs [33] in [52ms]
I 2023/11/14 18:28:00 index.go:133: rebuilt database for notebook [20231114182759-iltp2z6] in [0.00s], tree [count=0, size=0 B]
I 2023/11/14 18:28:00 index.go:206: resolved refs [4] in [4ms]
W 2023/11/14 18:32:30 transaction.go:920: not found block [20231114103207-y5h9ngr]
W 2023/11/14 18:32:30 transaction.go:920: not found block [20231114103207-y5h9ngr]
W 2023/11/14 18:32:32 transaction.go:920: not found block [20231114103207-y5h9ngr]
W 2023/11/14 18:32:34 transaction.go:920: not found block [20231114103207-y5h9ngr]
I 2023/11/14 18:33:20 index.go:133: rebuilt database for notebook [20210808180117-6v0mkxr] in [0.04s], tree [count=61, size=1.1 MB]
I 2023/11/14 18:33:21 index.go:206: resolved refs [33] in [49ms]
E 2023/11/14 18:38:14 widget.go:63: get bazaar package [https://oss.b3logfile.com/package/muhanstudio/siyuan-widget-Color-Calendar@3618012d665a257c9c4b1c8ea54e30392ad01c8c/widget.json] failed: 404

More information

No response
@88250 88250 self-assigned this Nov 14, 2023
@88250 88250 changed the title String being escaped in Template export using docker latest Actions in templates are only parsed from text nodes Nov 14, 2023
@88250
Copy link
Member

88250 commented Nov 14, 2023

Hello, this problem is because the content in the inline code nodes is parsed when the template is rendered. The correct implementation is to only parse the content of the text nodes. Thanks for the feedback.

@88250
Copy link
Member

88250 commented Nov 14, 2023

After evaluating the implementation, if we only use text nodes as templates, there may be potential problems (such as losing context). We may only consider using built-in placeholder encoding to replace the code node content before rendering, and then replace it after the template rendering is completed.

@88250 88250 changed the title Actions in templates are only parsed from text nodes Ignore .action in code nodes when rendering templates Nov 14, 2023
@88250
Copy link
Member

88250 commented Nov 14, 2023

I still didn't think well about the above...ignoring code nodes will change the semantics. It seems that the escaping problem should be dealt with, thank you.

@88250 88250 added Bug and removed Enhancement labels Nov 14, 2023
@88250 88250 changed the title Ignore .action in code nodes when rendering templates Code content in templates is not properly escaped Nov 14, 2023
@88250 88250 added this to the 2.10.15 milestone Nov 14, 2023
88250 added a commit that referenced this issue Nov 14, 2023
@88250
🎨 Code content in templates is not properly escaped #9649
ea2a2bb
@88250 88250 closed this as completed Nov 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@88250 88250

Labels
Bug
Projects
None yet
Milestone
2.10.15
Development

No branches or pull requests
2 participants
@88250 @K33k0