From cca0b5f3434fb42cd8a74c6a6d7ae190dc77fcbe Mon Sep 17 00:00:00 2001 From: Fenrikur <3359222+Fenrikur@users.noreply.github.com> Date: Tue, 27 Aug 2024 19:55:04 +0200 Subject: [PATCH] fix(kbe): sanitize Markdown without HTML entities --- .../Knowledge/KnowledgeEntryService.cs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/Eurofurence.App.Server.Services/Knowledge/KnowledgeEntryService.cs b/src/Eurofurence.App.Server.Services/Knowledge/KnowledgeEntryService.cs index f7a7534f..c33a3010 100644 --- a/src/Eurofurence.App.Server.Services/Knowledge/KnowledgeEntryService.cs +++ b/src/Eurofurence.App.Server.Services/Knowledge/KnowledgeEntryService.cs @@ -2,6 +2,7 @@ using System.Linq; using System.Threading; using System.Threading.Tasks; +using System.Web; using Eurofurence.App.Domain.Model.Knowledge; using Eurofurence.App.Domain.Model.Sync; using Eurofurence.App.Infrastructure.EntityFramework; @@ -68,8 +69,8 @@ public async Task InsertKnowledgeEntryAsync( { Id = request.Id, KnowledgeGroupId = request.KnowledgeGroupId, - Title = _htmlSanitizer.Sanitize(request.Title), - Text = _htmlSanitizer.Sanitize(request.Text), + Title = request.Title, + Text = HttpUtility.HtmlDecode(_htmlSanitizer.Sanitize(request.Text)), Order = request.Order, Links = request.Links, IsDeleted = 0 @@ -95,8 +96,8 @@ public async Task ReplaceKnowledgeEntryAsync( .FirstOrDefaultAsync(ke => ke.Id == id, cancellationToken); existingEntity.KnowledgeGroupId = request.KnowledgeGroupId; - existingEntity.Title = _htmlSanitizer.Sanitize(request.Title); - existingEntity.Text = _htmlSanitizer.Sanitize(request.Text); + existingEntity.Title = request.Title; + existingEntity.Text = HttpUtility.HtmlDecode(_htmlSanitizer.Sanitize(request.Text)); existingEntity.Order = request.Order; foreach (var existingLink in existingEntity.Links)