verint.com/obsidian-mcp
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Compare commits

base: verint.com:v1.1.3
Branches Tags
verint.com:main verint.com:node-server
verint.com:v1.2.0 verint.com:v1.1.9 verint.com:v1.1.8 verint.com:v1.1.7 verint.com:v1.1.6 verint.com:v1.1.5 verint.com:v1.1.4 verint.com:v1.1.3 verint.com:v1.0.0
..
compare: verint.com:v1.1.4
Branches Tags
verint.com:main verint.com:node-server
verint.com:v1.2.0 verint.com:v1.1.9 verint.com:v1.1.8 verint.com:v1.1.7 verint.com:v1.1.6 verint.com:v1.1.5 verint.com:v1.1.4 verint.com:v1.1.3 verint.com:v1.0.0

2 Commits
v1.1.3 ... v1.1.4

Author SHA1 Message Date
Peter.Morton
fe12e00e03 chore: bump version to 1.1.4 and update CHANGELOG 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-28 12:16:57 -05:00
Peter.Morton
3922056b25 fix: preserve Markdown code fences by escaping backticks instead of removing them (fixes #6) 
Backticks were being stripped entirely by the sanitizer, destroying
Markdown code fences (```) in note content.

The real injection risk is backtick command substitution inside
double-quoted shell strings (e.g. content=`rm -rf /`). The fix is to
escape backticks as \` in formatParam — exactly as we already do for
double quotes — so the shell never interprets them while the content
is preserved intact.

Changes:
- sanitizer.ts: remove ` from DANGEROUS_CHARS and the backtick command
  substitution pattern from COMMAND_INJECTION_PATTERNS (now handled at
  the quoting layer, not the stripping layer)
- cli-helpers.ts: escape backticks as \` in formatParam alongside the
  existing double-quote escaping

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-28 12:15:28 -05:00
5 changed files with 21 additions and 8 deletions
Expand all files Collapse all files

9
CHANGELOG.md
View File

@@ -73,6 +73,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Comprehensive input schema definitions
- Security audit of parameter handling
## [1.1.4] - 2026-04-28
### Fixed
- **Markdown Code Fence Preservation**: Fixed issue #6 where backticks were being stripped from note content, destroying Markdown code fences (` ``` `)
- Backticks are now escaped as `` \` `` inside double-quoted CLI parameter strings instead of being removed
- This preserves code fences and inline code in note content while still preventing shell command substitution via backticks
- Affects all tools that pass content: create, append, prepend, etc.
## [1.1.3] - 2026-04-17
### Fixed
@@ -137,6 +145,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Search & Discovery (12 tools)
- Task & Property Management (8 tools)
[1.1.4]: https://git.mortons.site/Peter.Morton/obsidian-mcp/releases/tag/v1.1.4
[1.1.3]: https://git.mortons.site/Peter.Morton/obsidian-mcp/releases/tag/v1.1.3
[1.1.2]: https://git.mortons.site/Peter.Morton/obsidian-mcp/releases/tag/v1.1.2
[1.1.1]: https://git.mortons.site/Peter.Morton/obsidian-mcp/releases/tag/v1.1.1

2
manifest.json
View File

@@ -1,7 +1,7 @@
{
"manifest_version": "0.3",
"name": "obsidian-mcp",
"version": "1.1.3",
"version": "1.1.4",
"display_name": "Obsidian CLI Bundle",
"description": "MCP Bundle for Obsidian CLI - Enable AI assistants to manage Obsidian vaults through conversational interface",
"long_description": "This MCP bundle provides a comprehensive set of tools for AI assistants to interact with and manage Obsidian vaults. It includes capabilities for creating, reading, updating, and deleting notes, managing links and tags, handling tasks, and more. With this bundle, AI assistants can seamlessly integrate with Obsidian to help users organize their knowledge and workflows.",

2
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "obsidian-mcp",
"version": "1.1.3",
"version": "1.1.4",
"description": "MCP Bundle for Obsidian CLI - Enable AI assistants to manage Obsidian vaults through Model Context Protocol",
"type": "module",
"main": "dist/index.js",

9
src/utils/cli-helpers.ts
View File

@@ -14,9 +14,12 @@ export function formatParam(key: string, value: string | number): string {
// Always quote string values to handle spaces and special characters safely
// Note: Obsidian CLI docs say: "Quote values with spaces: name="My Note""
// Escape any double quotes in the value to prevent shell interpretation issues
// This prevents truncation when content contains quotes like "Bot QM"
const escapedValue = String(value).replace(/"/g, '\\"');
// Escape double quotes and backticks to prevent shell interpretation inside double-quoted strings.
// In bash double-quoted strings: \" prevents quote termination, \` prevents command substitution.
// This preserves Markdown code fences (``` ` ```) while blocking injection via backticks.
const escapedValue = String(value)
.replace(/"/g, '\\"')
.replace(/`/g, '\\`');
return `${key}="${escapedValue}"`;
}

7
src/validation/sanitizer.ts
View File

@@ -11,13 +11,14 @@ import { logger } from '../utils/logger.js';
* Note: Brackets [], parentheses (), and braces {} are safe because values are quoted and passed as array args
* They're essential for Obsidian markdown (wikilinks [[link]], tasks - [ ] Task, templates {{...}}, etc.)
* Note: Single & is safe in quoted args (filenames like "Research & Development.md")
* We only block: ; | ` $ < > (command separators, pipes, substitution, redirects)
* Note: Backticks are safe because formatParam escapes them as \` inside double-quoted strings,
* preventing shell command substitution while preserving Markdown code fences (``` ```)
* We only block: ; | $ < > (command separators, pipes, substitution, redirects)
* Command injection patterns (&&, ||, etc.) are handled separately
*/
const DANGEROUS_CHARS = /[;|`$<>]/g;
const DANGEROUS_CHARS = /[;|$<>]/g;
const COMMAND_INJECTION_PATTERNS = [
/\$\(/g, // Command substitution $(...)
/`[^`]*`/g, // Command substitution `...`
/\|\|/g, // OR operator
/&&/g, // AND operator
/;/g, // Command separator