From cacc4bbd4f9fe78e55296c0eb1e1f31ce7b9abba Mon Sep 17 00:00:00 2001
From: Daniel Olczyk <contact@dolczyk.rocks>
Date: Fri, 26 Jan 2024 23:32:47 +0100
Subject: [PATCH] Sanitize HTML input to prevent note insert error

---
 src/AnkiNet.Tests/Integration/AnkiFileWriterTests.cs       | 2 ++
 src/AnkiNet/CollectionFile/Database/NoteRepository.cs      | 7 ++++++-
 .../CollectionFile/Database/{sql => Sql}/CardsTable.sql    | 0
 .../CollectionFile/Database/{sql => Sql}/ColTable.sql      | 0
 .../CollectionFile/Database/{sql => Sql}/GravesTable.sql   | 0
 .../CollectionFile/Database/{sql => Sql}/Indexes.sql       | 0
 .../CollectionFile/Database/{sql => Sql}/NotesTable.sql    | 0
 .../CollectionFile/Database/{sql => Sql}/RevLogTable.sql   | 0
 8 files changed, 8 insertions(+), 1 deletion(-)
 rename src/AnkiNet/CollectionFile/Database/{sql => Sql}/CardsTable.sql (100%)
 rename src/AnkiNet/CollectionFile/Database/{sql => Sql}/ColTable.sql (100%)
 rename src/AnkiNet/CollectionFile/Database/{sql => Sql}/GravesTable.sql (100%)
 rename src/AnkiNet/CollectionFile/Database/{sql => Sql}/Indexes.sql (100%)
 rename src/AnkiNet/CollectionFile/Database/{sql => Sql}/NotesTable.sql (100%)
 rename src/AnkiNet/CollectionFile/Database/{sql => Sql}/RevLogTable.sql (100%)

diff --git a/src/AnkiNet.Tests/Integration/AnkiFileWriterTests.cs b/src/AnkiNet.Tests/Integration/AnkiFileWriterTests.cs
index 8d85c0c..e70aecf 100644
--- a/src/AnkiNet.Tests/Integration/AnkiFileWriterTests.cs
+++ b/src/AnkiNet.Tests/Integration/AnkiFileWriterTests.cs
@@ -47,6 +47,8 @@ public async Task WhenWrite_ThenNoExceptionIsThrown()
         var deckId = collection.CreateDeck("C# Test");
         collection.CreateNote(deckId, noteTypeId, "Bonjour", "Hello", "B... H...");
         collection.CreateNote(deckId, noteTypeId, "Salut", "Hi", "S... Hi...");
+        collection.CreateNote(deckId, noteTypeId, "Ne le faites pas", @"don't");
+        collection.CreateNote(deckId, noteTypeId, "Test", @"""test""");
 
         //
         // 2. Write to file
diff --git a/src/AnkiNet/CollectionFile/Database/NoteRepository.cs b/src/AnkiNet/CollectionFile/Database/NoteRepository.cs
index 7450fc0..5bf8368 100644
--- a/src/AnkiNet/CollectionFile/Database/NoteRepository.cs
+++ b/src/AnkiNet/CollectionFile/Database/NoteRepository.cs
@@ -17,12 +17,17 @@ public NoteRepository(SqliteConnection connection) : base(connection)
         "[flds], [sfld], [csum], " +
         "[flags], [data]";
 
+    private static string SanitizeHtmlInput(string value)
+    {
+        return value.Replace(@"""", @"\""").Replace("'", @"''");
+    }
+    
     protected override string GetValues(note i)
     {
         return
             $"{i.id},'{i.guid}',{i.mid}," +
             $"{i.mod},{i.usn},'{i.tags}'," +
-            $"'{i.flds}','{i.sfld}',{i.csum}," +
+            $"'{SanitizeHtmlInput(i.flds)}','{SanitizeHtmlInput(i.sfld)}',{i.csum}," +
             $"{i.flags},'{i.data}'";
     }
 
diff --git a/src/AnkiNet/CollectionFile/Database/sql/CardsTable.sql b/src/AnkiNet/CollectionFile/Database/Sql/CardsTable.sql
similarity index 100%
rename from src/AnkiNet/CollectionFile/Database/sql/CardsTable.sql
rename to src/AnkiNet/CollectionFile/Database/Sql/CardsTable.sql
diff --git a/src/AnkiNet/CollectionFile/Database/sql/ColTable.sql b/src/AnkiNet/CollectionFile/Database/Sql/ColTable.sql
similarity index 100%
rename from src/AnkiNet/CollectionFile/Database/sql/ColTable.sql
rename to src/AnkiNet/CollectionFile/Database/Sql/ColTable.sql
diff --git a/src/AnkiNet/CollectionFile/Database/sql/GravesTable.sql b/src/AnkiNet/CollectionFile/Database/Sql/GravesTable.sql
similarity index 100%
rename from src/AnkiNet/CollectionFile/Database/sql/GravesTable.sql
rename to src/AnkiNet/CollectionFile/Database/Sql/GravesTable.sql
diff --git a/src/AnkiNet/CollectionFile/Database/sql/Indexes.sql b/src/AnkiNet/CollectionFile/Database/Sql/Indexes.sql
similarity index 100%
rename from src/AnkiNet/CollectionFile/Database/sql/Indexes.sql
rename to src/AnkiNet/CollectionFile/Database/Sql/Indexes.sql
diff --git a/src/AnkiNet/CollectionFile/Database/sql/NotesTable.sql b/src/AnkiNet/CollectionFile/Database/Sql/NotesTable.sql
similarity index 100%
rename from src/AnkiNet/CollectionFile/Database/sql/NotesTable.sql
rename to src/AnkiNet/CollectionFile/Database/Sql/NotesTable.sql
diff --git a/src/AnkiNet/CollectionFile/Database/sql/RevLogTable.sql b/src/AnkiNet/CollectionFile/Database/Sql/RevLogTable.sql
similarity index 100%
rename from src/AnkiNet/CollectionFile/Database/sql/RevLogTable.sql
rename to src/AnkiNet/CollectionFile/Database/Sql/RevLogTable.sql