Go to file

xfy 6d32664020 fix(markdown): 转义 TOC 标题文本，防止属性上下文注入

generate_toc_html 原先用 clean_html 处理标题后拼进 aria-label="..." 与
<a> 正文，但 clean_html 只做正文 HTML 消毒、不转义双引号。标题形如
" onmouseover="alert(1) 会越出属性边界。新增 escape_html_attr()，对
标题文本统一做属性上下文转义（& " <），正文与属性两处一致使用。

内容由 admin 写入、严重度中低，但属真实消毒逻辑缺口，TOC 会展示给所有读者。

2026-06-15 11:27:32 +08:00

.agents/skills

feat(skills): add multi-style design skills from taste-skill repo

2026-06-11 09:53:15 +08:00

.gitea/workflows

ci: retry rustup install on network failure

2026-06-12 17:44:19 +08:00

docs/superpowers

docs: add implementation plan for comment localStorage feature

2026-06-11 14:07:58 +08:00

libs/tiptap-editor

chore(tiptap-editor): update package-lock.json

2026-06-08 15:54:27 +08:00

migrations

feat(db): add toc_html column to posts table

2026-06-12 10:35:33 +08:00

public

删除 public/tiptap/editor.css 构建产物

2026-06-10 16:51:51 +08:00

src

fix(markdown): 转义 TOC 标题文本，防止属性上下文注入

2026-06-15 11:27:32 +08:00

syntaxes

feat: add custom .sublime-syntax loading for Swift and Kotlin, improve alias table

2026-06-05 09:27:21 +08:00

themes

feat: add catppuccin Latte & Mocha tmTheme files for syntax highlighting

2026-06-03 11:43:31 +08:00

uploads

chore: create uploads directory for image storage

2026-06-05 14:49:22 +08:00

.env.example

perf(ssr): optimize request throughput by 32%

2026-06-12 09:36:53 +08:00

.gitignore

chore: ignore .worktrees directory

2026-06-15 10:50:48 +08:00

AGENTS.md

docs: document COOKIE_SECURE and TRUSTED_PROXY_COUNT

2026-06-12 17:31:20 +08:00

Cargo.lock

test: improve unit test coverage and assertions

2026-06-12 18:13:51 +08:00

Cargo.toml

test(cache): mark cache tests serial to fix parallel flakiness

2026-06-12 17:40:15 +08:00

CHANGELOG.md

chore: release v0.2.0

2026-06-10 15:46:11 +08:00

CLAUDE.md

chore: symlink CLAUDE.md to AGENTS.md

2026-06-11 10:01:01 +08:00

DEVELOPMENT.md

docs: 整理表格格式并添加 CI 链接

2026-06-15 10:41:03 +08:00

Dioxus.toml

feat: redesign admin write page with fixed-height editor layout

2026-06-10 17:41:31 +08:00

input.css

refactor(ui): redesign with warm palette, sage accent, and consistent theme vars

2026-06-11 10:29:11 +08:00

Makefile

build: use npx tailwindcss instead of global binary

2026-06-12 18:09:20 +08:00

migrate.sh

feat: add database migration helper script

2026-06-02 17:33:28 +08:00

README.md

添加项目 README

2026-05-26 18:06:28 +08:00

rust-analyzer.toml

将 rust-analyzer 配置从 JSON 迁移为 TOML 格式

2026-06-02 17:33:28 +08:00

skills-lock.json

feat(skills): add multi-style design skills from taste-skill repo

2026-06-11 09:53:15 +08:00

README.md

Yggdrasil

基于 Dioxus 0.7 的全栈博客系统，Rust 单一代码库同时编译为 WASM 前端和原生服务端。

技术栈

框架: Dioxus 0.7 (fullstack)
数据库: PostgreSQL + tokio-postgres
样式: Tailwind CSS v4
密码: Argon2
会话: UUID token + cookie

功能

邮箱注册 / 登录（单管理员模式，首次注册后关闭）
会话管理与自动过期清理
暗色 / 亮色主题切换
后台文章撰写（Tiptap Markdown 编辑器）
文章归档与标签浏览

开发

依赖 Rust 1.95+、wasm32 目标、dx CLI、tailwindcss CLI v4 和 PostgreSQL。

# 配置数据库
DATABASE_URL=postgres://postgres:postgres@localhost:5432/yggdrasil

# 运行迁移
psql $DATABASE_URL -f migrations/001_init.sql

# 启动开发服务器
make dev

构建

make build

Languages

Rust 92%

CSS 4.1%

TypeScript 2.2%

JavaScript 0.7%

Shell 0.4%

Other 0.6%

README.md Unescape Escape

Yggdrasil

技术栈

功能

开发

构建

README.md