ragflow icon indicating copy to clipboard operation
ragflow copied to clipboard
Published 3 days ago verified publisher icon infiniflow

Implement DOMPurify to sanitize HTML content before rendering

Open dservian opened this issue 1 year ago • 0 comments

What problem does this PR solve?

This PR resolves issue #1491 related to HTML Injection and Cross-Site Scripting (XSS). The issue was caused by the unsafe usage of dangerouslySetInnerHTML without proper sanitization of user input.

Changes

  • Added DOMPurify dependency.
  • Updated the following components to use DOMPurify:
    • web/src/pages/add-knowledge/components/knowledge-chunk/components/chunk-card/index.tsx
    • web/src/pages/chat/markdown-content/index.tsx
    • web/src/pages/add-knowledge/components/knowledge-setting/category-panel.tsx

Type of change

  • [x] Other (please describe): Security Fix

dservian avatar Jul 12 '24 14:07 dservian