apple-notes-mcp 1.4.3 → 1.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/build/services/appleNotesManager.js +18 -2
  2. package/build/services/appleNotesManager.test.js +1 -1
  3. package/package.json +1 -1
package/build/services/appleNotesManager.js CHANGED
@@ -97,6 +97,22 @@ export function escapeHtmlForAppleScript(htmlContent) {
97
97
  // We do NOT re-encode HTML entities since content is already HTML from Notes.app
98
98
  return htmlContent.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
99
99
  }
100
+ /**
101
+ * Escapes a plain (non-HTML) string for safe embedding in an AppleScript string literal.
102
+ *
103
+ * Use this for folder names, account names, and other metadata that Apple Notes
104
+ * stores as plain text — NOT for note body content (use escapeForAppleScript instead).
105
+ * HTML-encoding ampersands here would produce `folder "R&D"`, which Apple Notes
106
+ * would fail to match against the real folder named "R&D".
107
+ *
108
+ * @param text - Plain string (folder name, account name, etc.)
109
+ * @returns String safe for AppleScript string embedding
110
+ */
111
+ export function escapePlainStringForAppleScript(text) {
112
+ if (!text)
113
+ return "";
114
+ return text.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
115
+ }
100
116
  // =============================================================================
101
117
  // Input Validation & Sanitization
102
118
  // =============================================================================
@@ -154,7 +170,7 @@ export function sanitizeId(id) {
154
170
  */
155
171
  function sanitizeAccountName(account) {
156
172
  validateLength(account, MAX_ACCOUNT_LENGTH, "Account name");
157
- return escapeForAppleScript(account);
173
+ return escapePlainStringForAppleScript(account);
158
174
  }
159
175
  /**
160
176
  * Counter for generating unique fallback IDs within the same millisecond.
@@ -325,7 +341,7 @@ export function buildFolderReference(folderPath) {
325
341
  // Build inside-out: last part is innermost, first part is outermost
326
342
  return parts
327
343
  .reverse()
328
- .map((part) => `folder "${escapeForAppleScript(part)}"`)
344
+ .map((part) => `folder "${escapePlainStringForAppleScript(part)}"`)
329
345
  .join(" of ");
330
346
  }
331
347
  /**
package/build/services/appleNotesManager.test.js CHANGED
@@ -242,7 +242,7 @@ describe("buildFolderReference", () => {
242
242
  it("handles special characters in folder names", () => {
243
243
  const result = buildFolderReference("Food & Drink/🥘 Recipes");
244
244
  expect(result).toContain('folder "🥘 Recipes"');
245
- expect(result).toContain('folder "Food & Drink"');
245
+ expect(result).toContain('folder "Food & Drink"');
246
246
  });
247
247
  it("handles escaped slashes in folder names", () => {
248
248
  const result = buildFolderReference("Travel/Spain\\/Portugal 2023");
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "apple-notes-mcp",
3
- "version": "1.4.3",
3
+ "version": "1.4.4",
4
4
  "description": "MCP server for Apple Notes - create, search, update, and manage notes via Claude",
5
5
  "type": "module",
6
6
  "main": "build/index.js",