pengjunjie/ragflow
1
0
Fork 1
mirror of https://github.com/infiniflow/ragflow.git synced 2025-12-08 20:42:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix: XSS vulnerability in Ragflow's chat view (#10519)

Browse Source 
### What problem does this PR solve?

Fix: XSS vulnerability in Ragflow's chat view

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)
This commit is contained in:
balibabu
2025-10-13 19:04:25 +08:00
committed by GitHub
parent ff4239c7cf
commit 8c75803b70
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
web/src/components/next-markdown-content/index.tsx
View File

@ -54,8 +54,8 @@ function MarkdownContent({
const { setDocumentIds, data: fileThumbnails } =
useFetchDocumentThumbnailsByIds();
const contentWithCursor = useMemo(() => {
// let text = DOMPurify.sanitize(content);
let text = content;
let text = DOMPurify.sanitize(content);
// let text = content;
if (text === '') {
text = t('chat.searching');
}

4
web/src/pages/chat/markdown-content/index.tsx
View File

@ -48,8 +48,8 @@ const MarkdownContent = ({
const { setDocumentIds, data: fileThumbnails } =
useFetchDocumentThumbnailsByIds();
const contentWithCursor = useMemo(() => {
// let text = DOMPurify.sanitize(content);
let text = content;
let text = DOMPurify.sanitize(content);
// let text = content;
if (text === '') {
text = t('chat.searching');
}

4
web/src/pages/next-search/markdown-content/index.tsx
View File

@ -64,8 +64,8 @@ const MarkdownContent = ({
const { setDocumentIds, data: fileThumbnails } =
useFetchDocumentThumbnailsByIds();
const contentWithCursor = useMemo(() => {
// let text = DOMPurify.sanitize(content);
let text = content;
let text = DOMPurify.sanitize(content);
// let text = content;
if (text === '') {
text = t('chat.searching');
}