From 8c75803b70e776eb60678e8ee02cc6152f10bed9 Mon Sep 17 00:00:00 2001
From: balibabu <cike8899@users.noreply.github.com>
Date: Mon, 13 Oct 2025 19:04:25 +0800
Subject: [PATCH] Fix: XSS vulnerability in Ragflow's chat view (#10519)

### What problem does this PR solve?

Fix: XSS vulnerability in Ragflow's chat view

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)
---
 web/src/components/next-markdown-content/index.tsx   | 4 ++--
 web/src/pages/chat/markdown-content/index.tsx        | 4 ++--
 web/src/pages/next-search/markdown-content/index.tsx | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/web/src/components/next-markdown-content/index.tsx b/web/src/components/next-markdown-content/index.tsx
index 3555f0225..24f67a995 100644
--- a/web/src/components/next-markdown-content/index.tsx
+++ b/web/src/components/next-markdown-content/index.tsx
@@ -54,8 +54,8 @@ function MarkdownContent({
   const { setDocumentIds, data: fileThumbnails } =
     useFetchDocumentThumbnailsByIds();
   const contentWithCursor = useMemo(() => {
-    // let text = DOMPurify.sanitize(content);
-    let text = content;
+    let text = DOMPurify.sanitize(content);
+    // let text = content;
     if (text === '') {
       text = t('chat.searching');
     }
diff --git a/web/src/pages/chat/markdown-content/index.tsx b/web/src/pages/chat/markdown-content/index.tsx
index 2da6a577f..72d34fc27 100644
--- a/web/src/pages/chat/markdown-content/index.tsx
+++ b/web/src/pages/chat/markdown-content/index.tsx
@@ -48,8 +48,8 @@ const MarkdownContent = ({
   const { setDocumentIds, data: fileThumbnails } =
     useFetchDocumentThumbnailsByIds();
   const contentWithCursor = useMemo(() => {
-    // let text = DOMPurify.sanitize(content);
-    let text = content;
+    let text = DOMPurify.sanitize(content);
+    // let text = content;
     if (text === '') {
       text = t('chat.searching');
     }
diff --git a/web/src/pages/next-search/markdown-content/index.tsx b/web/src/pages/next-search/markdown-content/index.tsx
index 4fa625648..36e82afe5 100644
--- a/web/src/pages/next-search/markdown-content/index.tsx
+++ b/web/src/pages/next-search/markdown-content/index.tsx
@@ -64,8 +64,8 @@ const MarkdownContent = ({
   const { setDocumentIds, data: fileThumbnails } =
     useFetchDocumentThumbnailsByIds();
   const contentWithCursor = useMemo(() => {
-    // let text = DOMPurify.sanitize(content);
-    let text = content;
+    let text = DOMPurify.sanitize(content);
+    // let text = content;
     if (text === '') {
       text = t('chat.searching');
     }