pengjunjie/ragflow
1
0
Fork 1
mirror of https://github.com/infiniflow/ragflow.git synced 2026-01-23 03:26:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
bafe1375026369ce30c13ae784bb2a9b9afa2f65
ragflow/web
History
Dani Servian bafe137502 Fix: Implement DOMPurify to sanitize HTML content before rendering (#1498) 
### What problem does this PR solve?

This PR resolves issue #1491 related to HTML Injection and Cross-Site
Scripting (XSS). The issue was caused by the unsafe usage of
`dangerouslySetInnerHTML` without proper sanitization of user input.

### Changes
- Added DOMPurify dependency.
- Updated the following components to use DOMPurify:
-
`web/src/pages/add-knowledge/components/knowledge-chunk/components/chunk-card/index.tsx`
  - `web/src/pages/chat/markdown-content/index.tsx`
-
`web/src/pages/add-knowledge/components/knowledge-setting/category-panel.tsx`

### Type of change

- [x] Other (please describe): Security Fix
2024-07-15 10:24:23 +08:00
..
.husky
feat: format code before submitting it #1251 (#1252)
2024-06-24 14:48:21 +08:00
public
feat: display chunk token number when category of knowledge as general and unavailable llm models appear disabled and if the backend returns 401, it will jump to the login page and fixed the issue where the greeting would disappear when clicking on a new dialog (#117)
2024-03-11 16:13:34 +08:00
src
Fix: Implement DOMPurify to sanitize HTML content before rendering (#1498)
2024-07-15 10:24:23 +08:00
.env
feat: Support for conversational streaming (#809)
2024-05-16 20:15:02 +08:00
.eslintrc.js
feat: set chunk to available state and select all chunk (#57)
2024-02-06 18:45:20 +08:00
.gitignore
update knowledge_kb (#34)
2024-01-18 18:27:38 +08:00
.npmrc
add front end code (#27)
2024-01-17 09:37:01 +08:00
.prettierignore
feat: install prettier to format code and add react-dev-inspector to locate code in the IDE faster (#44)
2024-01-29 15:02:27 +08:00
.prettierrc
feat: install prettier to format code and add react-dev-inspector to locate code in the IDE faster (#44)
2024-01-29 15:02:27 +08:00
.umirc.ts
feat: add description text to operators and extract the useFetchModelId to logicHooks.ts and drag the operator to the canvas and initialize the form data #918 (#1379)
2024-07-04 19:18:02 +08:00
externals.d.ts
fix: cannot save the system model setting #468 (#508)
2024-04-23 17:46:56 +08:00
jest-setup.ts
feat: test buildNodesAndEdgesFromDSLComponents (#940)
2024-05-27 19:35:14 +08:00
jest.config.ts
feat: test buildNodesAndEdgesFromDSLComponents (#940)
2024-05-27 19:35:14 +08:00
package-lock.json
Fix: Implement DOMPurify to sanitize HTML content before rendering (#1498)
2024-07-15 10:24:23 +08:00
package.json
Fix: Implement DOMPurify to sanitize HTML content before rendering (#1498)
2024-07-15 10:24:23 +08:00
reducer.js
add front end code (#27)
2024-01-17 09:37:01 +08:00
tsconfig.json
feat: test buildNodesAndEdgesFromDSLComponents (#940)
2024-05-27 19:35:14 +08:00
typings.d.ts
feat: delete the added model #503 and display an error message when the requested file fails to parse #684 (#708)
2024-05-10 10:38:39 +08:00