diff --git a/kernel/model/assets.go b/kernel/model/assets.go index afb13ef36..d0626564b 100644 --- a/kernel/model/assets.go +++ b/kernel/model/assets.go @@ -33,6 +33,7 @@ import ( "github.com/88250/gulu" "github.com/88250/lute/ast" + "github.com/88250/lute/html" "github.com/88250/lute/parse" "github.com/dustin/go-humanize" "github.com/gabriel-vasile/mimetype" @@ -354,7 +355,7 @@ func uploadAssets2Cloud(sqlAssets []*sql.Asset, bizType string) (err error) { continue } - msg := fmt.Sprintf(Conf.Language(27), absAsset) + msg := fmt.Sprintf(Conf.Language(27), html.EscapeString(absAsset)) util.PushStatusBar(msg) util.PushUpdateMsg(msgId, msg, 3000) diff --git a/kernel/model/box.go b/kernel/model/box.go index 64e43b883..7824d401e 100644 --- a/kernel/model/box.go +++ b/kernel/model/box.go @@ -31,6 +31,7 @@ import ( "github.com/88250/gulu" "github.com/88250/lute/ast" + "github.com/88250/lute/html" "github.com/88250/lute/parse" "github.com/dustin/go-humanize" "github.com/facette/natsort" @@ -403,7 +404,7 @@ func (box *Box) moveTrees0(files []*FileInfo) { treenode.SetBlockTreePath(subTree) sql.RenameSubTreeQueue(subTree) - msg := fmt.Sprintf(Conf.Language(107), subTree.HPath) + msg := fmt.Sprintf(Conf.Language(107), html.EscapeString(subTree.HPath)) util.PushStatusBar(msg) } } diff --git a/kernel/model/index.go b/kernel/model/index.go index 12a5a939c..39828c455 100644 --- a/kernel/model/index.go +++ b/kernel/model/index.go @@ -28,6 +28,7 @@ import ( "github.com/88250/gulu" "github.com/88250/lute/ast" + "github.com/88250/lute/html" "github.com/88250/lute/parse" "github.com/dustin/go-humanize" "github.com/panjf2000/ants/v2" @@ -76,7 +77,7 @@ func index(boxID string) { var treeCount int var treeSize int64 i := 0 - util.PushStatusBar(fmt.Sprintf("["+box.Name+"] "+Conf.Language(64), len(files))) + util.PushStatusBar(fmt.Sprintf("["+html.EscapeString(box.Name)+"] "+Conf.Language(64), len(files))) poolSize := runtime.NumCPU() if 4 < poolSize { diff --git a/kernel/model/index_fix.go b/kernel/model/index_fix.go index 5fd59cec6..8ee0de1c5 100644 --- a/kernel/model/index_fix.go +++ b/kernel/model/index_fix.go @@ -447,6 +447,6 @@ func reindexTree0(tree *parse.Tree, i, size int) { } if 0 == i%64 { - util.PushStatusBar(fmt.Sprintf(Conf.Language(183), i, size, html.EscapeHTMLStr(path.Base(tree.HPath)))) + util.PushStatusBar(fmt.Sprintf(Conf.Language(183), i, size, html.EscapeString(path.Base(tree.HPath)))) } } diff --git a/kernel/model/repository.go b/kernel/model/repository.go index b09808abe..c3a6b10b5 100644 --- a/kernel/model/repository.go +++ b/kernel/model/repository.go @@ -36,6 +36,7 @@ import ( "github.com/88250/gulu" "github.com/88250/lute" "github.com/88250/lute/ast" + "github.com/88250/lute/html" "github.com/88250/lute/parse" "github.com/88250/lute/render" "github.com/dustin/go-humanize" @@ -811,7 +812,7 @@ func IndexRepo(memo string) (err error) { eventbus.CtxPushMsg: eventbus.CtxPushMsgToStatusBarAndProgress, }) if nil != err { - util.PushStatusBar("Index data repo failed: " + err.Error()) + util.PushStatusBar("Index data repo failed: " + html.EscapeString(err.Error())) return } elapsed := time.Since(start) @@ -992,7 +993,7 @@ func bootSyncRepo() (err error) { autoSyncErrCount++ planSyncAfter(fixSyncInterval) - msg := fmt.Sprintf("sync repo failed: %s", err) + msg := fmt.Sprintf("sync repo failed: %s", html.EscapeString(err.Error())) logging.LogErrorf(msg) util.PushStatusBar(msg) util.PushErrMsg(msg, 0) diff --git a/kernel/model/sync.go b/kernel/model/sync.go index 58caa6fcc..78a41ce40 100644 --- a/kernel/model/sync.go +++ b/kernel/model/sync.go @@ -27,6 +27,7 @@ import ( "time" "github.com/88250/gulu" + "github.com/88250/lute/html" "github.com/dustin/go-humanize" "github.com/siyuan-note/dejavu" "github.com/siyuan-note/dejavu/cloud" @@ -495,7 +496,7 @@ func ListCloudSyncDir() (syncDirs []*Sync, hSize string, err error) { } func formatRepoErrorMsg(err error) string { - msg := err.Error() + msg := html.EscapeString(err.Error()) if errors.Is(err, cloud.ErrCloudAuthFailed) { msg = Conf.Language(31) } else if errors.Is(err, cloud.ErrCloudObjectNotFound) { diff --git a/kernel/util/tesseract.go b/kernel/util/tesseract.go index 891f285cd..058b93061 100644 --- a/kernel/util/tesseract.go +++ b/kernel/util/tesseract.go @@ -29,6 +29,7 @@ import ( "time" "github.com/88250/gulu" + "github.com/88250/lute/html" "github.com/dustin/go-humanize" "github.com/siyuan-note/logging" ) @@ -123,7 +124,7 @@ func Tesseract(imgAbsPath string) string { ret := string(output) ret = gulu.Str.RemoveInvisible(ret) ret = RemoveRedundantSpace(ret) - msg := fmt.Sprintf("OCR [%s] [%s]", info.Name(), ret) + msg := fmt.Sprintf("OCR [%s] [%s]", html.EscapeString(info.Name()), html.EscapeString(ret)) PushStatusBar(msg) return ret }