From ded0529d5930a6969ca4f62beb055032dc52e9ff Mon Sep 17 00:00:00 2001 From: Gabriel Luiz Freitas Almeida Date: Sat, 8 Jul 2023 14:58:47 -0300 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7=20chore(chatMessage/index.tsx):=20?= =?UTF-8?q?import=20DOMPurify=20to=20sanitize=20HTML=20content=20in=20chat?= =?UTF-8?q?=20message=20thought=20=F0=9F=90=9B=20fix(chatMessage/index.tsx?= =?UTF-8?q?):=20use=20DOMPurify=20to=20sanitize=20HTML=20content=20in=20ch?= =?UTF-8?q?at=20message=20thought=20to=20prevent=20XSS=20attacks?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/frontend/src/modals/formModal/chatMessage/index.tsx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/frontend/src/modals/formModal/chatMessage/index.tsx b/src/frontend/src/modals/formModal/chatMessage/index.tsx index 881395338..3e3cf2dd5 100644 --- a/src/frontend/src/modals/formModal/chatMessage/index.tsx +++ b/src/frontend/src/modals/formModal/chatMessage/index.tsx @@ -1,4 +1,5 @@ import Convert from "ansi-to-html"; +import DOMPurify from "dompurify"; import { ChevronDown } from "lucide-react"; import { useState } from "react"; import ReactMarkdown from "react-markdown"; @@ -12,7 +13,6 @@ import { ChatMessageType } from "../../../types/chat"; import { classNames } from "../../../utils"; import FileCard from "../fileComponent"; import { CodeBlock } from "./codeBlock"; - export default function ChatMessage({ chat, lockChat, @@ -61,7 +61,7 @@ export default function ChatMessage({ onClick={() => setHidden((prev) => !prev)} className=" form-modal-chat-thought " dangerouslySetInnerHTML={{ - __html: convert.toHtml(chat.thought), + __html: DOMPurify.sanitize(convert.toHtml(chat.thought)), }} > )}