gmakstutis/ragflow
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ragflow/web
History
Dani Servian bafe137502
Fix: Implement DOMPurify to sanitize HTML content before rendering (#1498) 
### What problem does this PR solve?

This PR resolves issue #1491 related to HTML Injection and Cross-Site
Scripting (XSS). The issue was caused by the unsafe usage of
`dangerouslySetInnerHTML` without proper sanitization of user input.

### Changes
- Added DOMPurify dependency.
- Updated the following components to use DOMPurify:
-
`web/src/pages/add-knowledge/components/knowledge-chunk/components/chunk-card/index.tsx`
  - `web/src/pages/chat/markdown-content/index.tsx`
-
`web/src/pages/add-knowledge/components/knowledge-setting/category-panel.tsx`

### Type of change

- [x] Other (please describe): Security Fix
2024-07-15 10:24:23 +08:00
..
.husky feat: format code before submitting it #1251 (#1252) 2024-06-24 14:48:21 +08:00
public feat: display chunk token number when category of knowledge as general and unavailable llm models appear disabled and if the backend returns 401, it will jump to the login page and fixed the issue where the greeting would disappear when clicking on a new dialog (#117) 2024-03-11 16:13:34 +08:00
src Fix: Implement DOMPurify to sanitize HTML content before rendering (#1498) 2024-07-15 10:24:23 +08:00
.env feat: Support for conversational streaming (#809) 2024-05-16 20:15:02 +08:00
.eslintrc.js feat: set chunk to available state and select all chunk (#57) 2024-02-06 18:45:20 +08:00
.gitignore update knowledge_kb (#34) 2024-01-18 18:27:38 +08:00
.npmrc add front end code (#27) 2024-01-17 09:37:01 +08:00
.prettierignore feat: install prettier to format code and add react-dev-inspector to locate code in the IDE faster (#44) 2024-01-29 15:02:27 +08:00
.prettierrc feat: install prettier to format code and add react-dev-inspector to locate code in the IDE faster (#44) 2024-01-29 15:02:27 +08:00
.umirc.ts feat: add description text to operators and extract the useFetchModelId to logicHooks.ts and drag the operator to the canvas and initialize the form data #918 (#1379) 2024-07-04 19:18:02 +08:00
externals.d.ts fix: cannot save the system model setting #468 (#508) 2024-04-23 17:46:56 +08:00
jest-setup.ts feat: test buildNodesAndEdgesFromDSLComponents (#940) 2024-05-27 19:35:14 +08:00
jest.config.ts feat: test buildNodesAndEdgesFromDSLComponents (#940) 2024-05-27 19:35:14 +08:00
package-lock.json Fix: Implement DOMPurify to sanitize HTML content before rendering (#1498) 2024-07-15 10:24:23 +08:00
package.json Fix: Implement DOMPurify to sanitize HTML content before rendering (#1498) 2024-07-15 10:24:23 +08:00
reducer.js add front end code (#27) 2024-01-17 09:37:01 +08:00
tsconfig.json feat: test buildNodesAndEdgesFromDSLComponents (#940) 2024-05-27 19:35:14 +08:00
typings.d.ts feat: delete the added model #503 and display an error message when the requested file fails to parse #684 (#708) 2024-05-10 10:38:39 +08:00