dify
dify copied to clipboard
langgenius
If llm prompt contains:`<script>`, the workflow cannot run
Self Checks
- [X] This is only for bug report, if you would like to ask a quesion, please head to Discussions.
- [X] I have searched for existing issues search for existing issues, including closed ones.
- [X] I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
- [X] Pleas do not modify this template :) and fill in all the required fields.
Dify version
0.6.3
Cloud or Self Hosted
Cloud
Steps to reproduce
In the workflow mode, as long as the prompt word in llm contains: <script>, the workflow cannot run, hoping it can be fixed 🙏
✔️ Expected Behavior
No response
❌ Actual Behavior
No response
The issue you're encountering with the <script> tag in the prompt word in llm causing the workflow to not run is likely due to Dify's input sanitization process. This process is designed to prevent security vulnerabilities, such as Cross-Site Scripting (XSS), by filtering or blocking potentially malicious scripts. In Dify v0.6.3, the get_cleaned_inputs method within the CompletionService class is responsible for sanitizing user inputs. This includes removing unsafe characters and tags to protect against the injection of malicious code.
Unfortunately, there isn't a straightforward workaround or method to bypass this sanitization for the <script> tag within the current framework of Dify. This security measure is crucial for maintaining the integrity and safety of the platform and its users.
If you're seeing a specific error message or behavior when the workflow fails due to the <script> tag, providing more details could help in identifying potential solutions or workarounds within the constraints of Dify's security measures.
Sources
About Dosu
This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.
Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.
If you want to continue the conversation, start your reply with @dosu-bot.
![dosubot[bot] avatar](https://avatars.githubusercontent.com/in/324583?v=4 "Published by a pub.dev verified publisher"){kind=small}
I cannot reproduce this issue, maybe you can share your DSL so that I can locate problems quickly, thx!
Hi, @Akifyss
I'm helping the Dify team manage their backlog and am marking this issue as stale. From what I understand, you encountered a problem with Dify version 0.6.3 when using the workflow mode in the cloud. It was found that if the prompt word in llm contains <script>, the workflow cannot run. I provided an explanation that the issue is likely due to Dify's input sanitization process, which is designed to prevent security vulnerabilities. Yeuoly requested the DSL to reproduce the issue, and you shared a related GIF. The issue was identified as being caused by Dify's input sanitization process, designed to prevent security vulnerabilities, and no further action was needed as it was determined to be a deliberate feature.
Could you please confirm if this issue is still relevant to the latest version of the Dify repository? If it is, please let the Dify team know by commenting on the issue. Otherwise, feel free to close the issue yourself, or the issue will be automatically closed in 7 days.
Thank you for your understanding and cooperation. If you have any further questions or concerns, feel free to reach out to me or the Dify team.