:art: Escape the notification message https://github.com/siyuan-note/siyuan/issues/7811

kernel/model/assets.go

@@ -33,6 +33,7 @@ import (
 
 	"github.com/88250/gulu"
 	"github.com/88250/lute/ast"
+	"github.com/88250/lute/html"
 	"github.com/88250/lute/parse"
 	"github.com/dustin/go-humanize"
 	"github.com/gabriel-vasile/mimetype"
@@ -354,7 +355,7 @@ func uploadAssets2Cloud(sqlAssets []*sql.Asset, bizType string) (err error) {
 			continue
 		}
 
-		msg := fmt.Sprintf(Conf.Language(27), absAsset)
+		msg := fmt.Sprintf(Conf.Language(27), html.EscapeString(absAsset))
 		util.PushStatusBar(msg)
 		util.PushUpdateMsg(msgId, msg, 3000)
 

kernel/model/box.go

@@ -31,6 +31,7 @@ import (
 
 	"github.com/88250/gulu"
 	"github.com/88250/lute/ast"
+	"github.com/88250/lute/html"
 	"github.com/88250/lute/parse"
 	"github.com/dustin/go-humanize"
 	"github.com/facette/natsort"
@@ -403,7 +404,7 @@ func (box *Box) moveTrees0(files []*FileInfo) {
 
 		treenode.SetBlockTreePath(subTree)
 		sql.RenameSubTreeQueue(subTree)
-		msg := fmt.Sprintf(Conf.Language(107), subTree.HPath)
+		msg := fmt.Sprintf(Conf.Language(107), html.EscapeString(subTree.HPath))
 		util.PushStatusBar(msg)
 	}
 }

kernel/model/index.go

@@ -28,6 +28,7 @@ import (
 
 	"github.com/88250/gulu"
 	"github.com/88250/lute/ast"
+	"github.com/88250/lute/html"
 	"github.com/88250/lute/parse"
 	"github.com/dustin/go-humanize"
 	"github.com/panjf2000/ants/v2"
@@ -76,7 +77,7 @@ func index(boxID string) {
 	var treeCount int
 	var treeSize int64
 	i := 0
-	util.PushStatusBar(fmt.Sprintf("["+box.Name+"] "+Conf.Language(64), len(files)))
+	util.PushStatusBar(fmt.Sprintf("["+html.EscapeString(box.Name)+"] "+Conf.Language(64), len(files)))
 
 	poolSize := runtime.NumCPU()
 	if 4 < poolSize {

kernel/model/index_fix.go

@@ -447,6 +447,6 @@ func reindexTree0(tree *parse.Tree, i, size int) {
 	}
 
 	if 0 == i%64 {
-		util.PushStatusBar(fmt.Sprintf(Conf.Language(183), i, size, html.EscapeHTMLStr(path.Base(tree.HPath))))
+		util.PushStatusBar(fmt.Sprintf(Conf.Language(183), i, size, html.EscapeString(path.Base(tree.HPath))))
 	}
 }

kernel/model/repository.go

@@ -36,6 +36,7 @@ import (
 	"github.com/88250/gulu"
 	"github.com/88250/lute"
 	"github.com/88250/lute/ast"
+	"github.com/88250/lute/html"
 	"github.com/88250/lute/parse"
 	"github.com/88250/lute/render"
 	"github.com/dustin/go-humanize"
@@ -811,7 +812,7 @@ func IndexRepo(memo string) (err error) {
 		eventbus.CtxPushMsg: eventbus.CtxPushMsgToStatusBarAndProgress,
 	})
 	if nil != err {
-		util.PushStatusBar("Index data repo failed: " + err.Error())
+		util.PushStatusBar("Index data repo failed: " + html.EscapeString(err.Error()))
 		return
 	}
 	elapsed := time.Since(start)
@@ -992,7 +993,7 @@ func bootSyncRepo() (err error) {
 		autoSyncErrCount++
 		planSyncAfter(fixSyncInterval)
 
-		msg := fmt.Sprintf("sync repo failed: %s", err)
+		msg := fmt.Sprintf("sync repo failed: %s", html.EscapeString(err.Error()))
 		logging.LogErrorf(msg)
 		util.PushStatusBar(msg)
 		util.PushErrMsg(msg, 0)

kernel/model/sync.go

@@ -27,6 +27,7 @@ import (
 	"time"
 
 	"github.com/88250/gulu"
+	"github.com/88250/lute/html"
 	"github.com/dustin/go-humanize"
 	"github.com/siyuan-note/dejavu"
 	"github.com/siyuan-note/dejavu/cloud"
@@ -495,7 +496,7 @@ func ListCloudSyncDir() (syncDirs []*Sync, hSize string, err error) {
 }
 
 func formatRepoErrorMsg(err error) string {
-	msg := err.Error()
+	msg := html.EscapeString(err.Error())
 	if errors.Is(err, cloud.ErrCloudAuthFailed) {
 		msg = Conf.Language(31)
 	} else if errors.Is(err, cloud.ErrCloudObjectNotFound) {

kernel/util/tesseract.go

@@ -29,6 +29,7 @@ import (
 	"time"
 
 	"github.com/88250/gulu"
+	"github.com/88250/lute/html"
 	"github.com/dustin/go-humanize"
 	"github.com/siyuan-note/logging"
 )
@@ -123,7 +124,7 @@ func Tesseract(imgAbsPath string) string {
 	ret := string(output)
 	ret = gulu.Str.RemoveInvisible(ret)
 	ret = RemoveRedundantSpace(ret)
-	msg := fmt.Sprintf("OCR [%s] [%s]", info.Name(), ret)
+	msg := fmt.Sprintf("OCR [%s] [%s]", html.EscapeString(info.Name()), html.EscapeString(ret))
 	PushStatusBar(msg)
 	return ret
 }