fix: preserve square brackets and escape quotes in note content (v1.1.1)

- Fix square bracket removal: Remove [] from DANGEROUS_CHARS regex
  * Wikilinks ([[link]]) now work correctly
  * Task checkboxes (- [ ] Task) are properly preserved
  * Brackets are safe because values are quoted and passed as array args

- Fix quote truncation: Escape double quotes in formatParam
  * Content like "Bot QM" no longer truncates
  * Internal quotes escaped as \" before wrapping in parameter quotes
  * Prevents shell from misinterpreting quote boundaries

Bump version: 1.0.0 -> 1.1.1

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

src/validation/sanitizer.ts

@@ -8,8 +8,10 @@ import { logger } from '../utils/logger.js';
 
 /**
  * Characters that should be removed or escaped for security
+ * Note: Square brackets [] are safe because values are quoted and passed as array args
+ * They're essential for Obsidian markdown (wikilinks [[link]] and tasks - [ ] Task)
  */
-const DANGEROUS_CHARS = /[;&|`$(){}[\]<>]/g;
+const DANGEROUS_CHARS = /[;&|`$(){}<>]/g;
 const COMMAND_INJECTION_PATTERNS = [
   /\$\(/g,      // Command substitution $(...)
   /`[^`]*`/g,   // Command substitution `...`
@@ -67,7 +69,8 @@ export function sanitizePath(path: string): string {
   sanitized = sanitized.replace(/^\/+|\/+$/g, '');
 
   // Remove dangerous characters but allow path separators
-  sanitized = sanitized.replace(/[;&|`$(){}[\]<>]/g, '');
+  // Note: Square brackets are safe in paths (quoted args) but removed for consistency
+  sanitized = sanitized.replace(/[;&|`$(){}<>]/g, '');
 
   return sanitized;
 }