gmakstutis/ragflow
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix: XSS vulnerability in Ragflow's chat view (#10519)

Browse source 
### What problem does this PR solve?

Fix: XSS vulnerability in Ragflow's chat view

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)
This commit is contained in:
balibabu 2025-10-13 19:04:25 +08:00 committed by GitHub
parent ff4239c7cf
commit 8c75803b70
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
web/src/components/next-markdown-content/index.tsx
View file

@ -54,8 +54,8 @@ function MarkdownContent({
const { setDocumentIds, data: fileThumbnails } =
useFetchDocumentThumbnailsByIds();
const contentWithCursor = useMemo(() => {
// let text = DOMPurify.sanitize(content);
let text = content;
let text = DOMPurify.sanitize(content);
// let text = content;
if (text === '') {
text = t('chat.searching');
}

4
web/src/pages/chat/markdown-content/index.tsx
View file

@ -48,8 +48,8 @@ const MarkdownContent = ({
const { setDocumentIds, data: fileThumbnails } =
useFetchDocumentThumbnailsByIds();
const contentWithCursor = useMemo(() => {
// let text = DOMPurify.sanitize(content);
let text = content;
let text = DOMPurify.sanitize(content);
// let text = content;
if (text === '') {
text = t('chat.searching');
}

4
web/src/pages/next-search/markdown-content/index.tsx
View file

@ -64,8 +64,8 @@ const MarkdownContent = ({
const { setDocumentIds, data: fileThumbnails } =
useFetchDocumentThumbnailsByIds();
const contentWithCursor = useMemo(() => {
// let text = DOMPurify.sanitize(content);
let text = content;
let text = DOMPurify.sanitize(content);
// let text = content;
if (text === '') {
text = t('chat.searching');
}