mirror/gradio
2
0
Fork 0
mirror of https://github.com/gradio-app/gradio.git synced 2025-04-06 12:30:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

Use DOMPurify to sanitize html in chatbot (#4360)

Browse Source 
* dompurify

* changelog

* format

* clean

* changelog

* Update run.py

* update happy-dom

---------

Co-authored-by: pngwn <hello@pngwn.io>
This commit is contained in:
Dawood Khan 2023-06-01 05:52:24 -07:00 committed by GitHub
parent feeb509537
commit 01d334b0b9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 1876 additions and 1633 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -13,6 +13,7 @@
- Fixes favicon path on Windows by [@abidlabs](https://github.com/abidlabs) in [PR 4369](https://github.com/gradio-app/gradio/pull/4369).
- Prevent path traversal in `/file` routes by [@abidlabs](https://github.com/abidlabs) in [PR 4370](https://github.com/gradio-app/gradio/pull/4370).
- Do not send HF token to other domains via `/proxy` route by [@abidlabs](https://github.com/abidlabs) in [PR 4368](https://github.com/gradio-app/gradio/pull/4368).
- Replace default `markedjs` sanitize function with DOMPurify sanitizer for `gr.Chatbot()` by [@dawoodkhan82](https://github.com/dawoodkhan82) in [PR 4360](https://github.com/gradio-app/gradio/pull/4360)
## Other Changes:

4
js/chatbot/package.json
View File

@ -17,6 +17,8 @@
"prismjs": "1.29.0",
"@types/prismjs": "1.26.0",
"katex": "^0.16.7",
"@types/katex": "^0.16.0"
"@types/katex": "^0.16.0",
"dompurify": "^3.0.3",
"@types/dompurify": "^3.0.2"
}
}

5
js/chatbot/src/ChatBot.svelte
View File

@ -4,6 +4,7 @@
import "prismjs/components/prism-python";
import "prismjs/components/prism-latex";
import "katex/dist/katex.min.css";
import DOMPurify from "dompurify";
import render_math_in_element from "katex/dist/contrib/auto-render.js";
import { beforeUpdate, afterUpdate, createEventDispatcher } from "svelte";
import type { Styles, SelectData } from "@gradio/utils";
@ -39,7 +40,7 @@
gfm: true,
breaks: true,
pedantic: false,
sanitize: true,
sanitize: false,
smartLists: true,
smartypants: false
});
@ -137,7 +138,7 @@
})}
>
{#if typeof message === "string"}
{@html marked.parse(message)}
{@html DOMPurify.sanitize(marked.parse(message))}
{#if feedback && j == 1}
<div class="feedback">
{#each feedback as f}

2
package.json
View File

@ -43,7 +43,7 @@
"autoprefixer": "^10.4.4",
"babylonjs": "^5.17.1",
"babylonjs-loaders": "^5.17.1",
"happy-dom": "^2.49.0",
"happy-dom": "^9.20.3",
"msw": "^1.0.0",
"node-html-parser": "^5.3.3",
"npm-run-all": "^4.1.5",

3497
pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff