pengjunjie/ragflow
1
0
Fork 1
mirror of https://github.com/infiniflow/ragflow.git synced 2026-01-30 23:26:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Implement DOMPurify to sanitize HTML content before rendering (#1498)

Browse Source 
### What problem does this PR solve?

This PR resolves issue #1491 related to HTML Injection and Cross-Site
Scripting (XSS). The issue was caused by the unsafe usage of
`dangerouslySetInnerHTML` without proper sanitization of user input.

### Changes
- Added DOMPurify dependency.
- Updated the following components to use DOMPurify:
-
`web/src/pages/add-knowledge/components/knowledge-chunk/components/chunk-card/index.tsx`
  - `web/src/pages/chat/markdown-content/index.tsx`
-
`web/src/pages/add-knowledge/components/knowledge-setting/category-panel.tsx`

### Type of change

- [x] Other (please describe): Security Fix
This commit is contained in:
Dani Servian
2024-07-15 04:24:23 +02:00
committed by GitHub
parent 2dea8448a6
commit bafe137502
5 changed files with 35 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
web/package.json
View File

@ -28,6 +28,7 @@
"classnames": "^2.5.1",
"dagre": "^0.8.5",
"dayjs": "^1.11.10",
"dompurify": "^3.1.6",
"elkjs": "^0.9.3",
"eventsource-parser": "^1.1.2",
"human-id": "^4.1.1",
@ -63,6 +64,7 @@
"@testing-library/jest-dom": "^6.4.5",
"@testing-library/react": "^15.0.7",
"@types/dagre": "^0.7.52",
"@types/dompurify": "^3.0.5",
"@types/jest": "^29.5.12",
"@types/lodash": "^4.14.202",
"@types/react": "^18.0.33",