Fix: XSS vulnerability in Ragflow's chat view (#10519)

### What problem does this PR solve? Fix: XSS vulnerability in Ragflow's chat view ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue)
2025-12-08 20:42:30 +08:00 · 2025-10-13 19:04:25 +08:00
parent ff4239c7cf
commit 8c75803b70
3 changed files with 6 additions and 6 deletions
--- a/web/src/components/next-markdown-content/index.tsx
+++ b/web/src/components/next-markdown-content/index.tsx
@ -54,8 +54,8 @@ function MarkdownContent({
  const { setDocumentIds, data: fileThumbnails } =
    useFetchDocumentThumbnailsByIds();
  const contentWithCursor = useMemo(() => {
-    // let text = DOMPurify.sanitize(content);
+    let text = DOMPurify.sanitize(content);
-    let text = content;
+    // let text = content;
    if (text === '') {
      text = t('chat.searching');
    }
--- a/web/src/pages/chat/markdown-content/index.tsx
+++ b/web/src/pages/chat/markdown-content/index.tsx
@ -48,8 +48,8 @@ const MarkdownContent = ({
  const { setDocumentIds, data: fileThumbnails } =
    useFetchDocumentThumbnailsByIds();
  const contentWithCursor = useMemo(() => {
-    // let text = DOMPurify.sanitize(content);
+    let text = DOMPurify.sanitize(content);
-    let text = content;
+    // let text = content;
    if (text === '') {
      text = t('chat.searching');
    }
--- a/web/src/pages/next-search/markdown-content/index.tsx
+++ b/web/src/pages/next-search/markdown-content/index.tsx
@ -64,8 +64,8 @@ const MarkdownContent = ({
  const { setDocumentIds, data: fileThumbnails } =
    useFetchDocumentThumbnailsByIds();
  const contentWithCursor = useMemo(() => {
-    // let text = DOMPurify.sanitize(content);
+    let text = DOMPurify.sanitize(content);
-    let text = content;
+    // let text = content;
    if (text === '') {
      text = t('chat.searching');
    }