fix: allow ampersands in filenames while blocking command injection (v1.1.2)

Fixes #2 - Files with & in their names (e.g., 'Research & Development.md') were being incorrectly sanitized, causing search and file-not-found errors. Changes: - Removed & from DANGEROUS_CHARS regex - Single & is safe in quoted arguments passed to CLI - Dangerous && patterns still blocked by COMMAND_INJECTION_PATTERNS - Also allows (), [], {} which are safe in quoted args Version: 1.1.2 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-14 16:58:18 -05:00
parent 466587d1c5
commit 57b58a0d22
4 changed files with 21 additions and 7 deletions
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "obsidian-mcp",
-  "version": "1.1.1",
+  "version": "1.1.2",
  "description": "MCP Bundle for Obsidian CLI - Enable AI assistants to manage Obsidian vaults through Model Context Protocol",
  "type": "module",
  "main": "dist/index.js",