Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

fix: escape HTML in search keywords and trim sidebar id#2586

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
sy-records merged 1 commit intodocsifyjs:developfromsy-records:fix/search
Aug 7, 2025

Conversation

@sy-records
Copy link
Member

@sy-recordssy-records commentedJul 31, 2025
edited by Koooooo-7
Loading

Summary

  • Searching with ?s= may trigger an XSS injection, escape the search str.
  • Introducefunction stripUrlExceptId to ensure sidebar links only containsid as anchor.
    As-is

v4

image-v4

v5 rc1

image-v5rc1

Related issue, if any:

What kind of change does this PR introduce?

  • Bugfix
  • Feature
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • Documentation content changes
  • Other (please describe):

For any code change,

  • Related documentation has been updated, if needed
  • Related tests have been added or updated, if needed

Does this PR introduce a breaking change?

  • Yes
  • No

Tested in the following browsers:

  • Chrome
  • Firefox
  • Safari
  • Edge

@vercel
Copy link

vercelbot commentedJul 31, 2025
edited
Loading

The latest updates on your projects. Learn more aboutVercel for Git ↗︎

NameStatusPreviewCommentsUpdated (UTC)
docsify-preview✅ Ready (Inspect)Visit Preview💬Add feedbackAug 6, 2025 3:03am

@Koooooo-7
Copy link
Member

Could u provide more details on this? for the security, we could discuss on chat confidentially in discord.

@Koooooo-7Koooooo-7 changed the titlefix: escape HTML in search keywordsfix: escape HTML in search keywords and trim sidebar idAug 6, 2025
@sy-recordssy-records merged commit743e9cb intodocsifyjs:developAug 7, 2025
8 checks passed
@sy-recordssy-records deleted the fix/search branchAugust 7, 2025 02:17
@sy-recordssy-records mentioned this pull requestSep 2, 2025
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@Koooooo-7Koooooo-7Koooooo-7 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sy-records@Koooooo-7
[8]ページ先頭
©2009-2025 Movatter.jp