[ADVAPP-2700]: Resolve potential security scenario in Customer Advisors (#2588)

Orrison · tonghuaroot · web-flow · commit cb6f6f940e65 · 2026-06-02T08:40:56.000-07:00
Fix XSS vulnerability by sanitizing advisor message content in transcript modal

Signed-off-by: Kevin Ullyott &lt;kevin.ullyott@canyongbs.com&gt;
Co-authored-by: tonghuaroot &lt;tonghuaroot@gmail.com&gt;
diff --git a/app-modules/ai/resources/views/filament/widgets/qna-advisor-transcript-modal.blade.php b/app-modules/ai/resources/views/filament/widgets/qna-advisor-transcript-modal.blade.php
@@ -54,7 +54,7 @@ class="{{ $message->is_advisor ? 'text-gray-600 dark:text-gray-300' : 'text-prim
                     <div
                         class="{{ $message->is_advisor ? 'text-gray-900 dark:text-gray-100 dark:prose-invert prose-p:mb-3 prose-p:leading-relaxed' : 'text-white prose-invert prose-p:mb-3 prose-p:leading-relaxed' }} prose prose-sm max-w-none leading-relaxed"
                     >
-                        {!! str($message->content)->markdown() !!}
+                        {{ str($message->content)->markdown()->sanitizeHtml()->toHtmlString() }}
                     </div>
                 </div>
             </div>

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ class="{{ $message->is_advisor ? 'text-gray-600 dark:text-gray-300' : 'text-prim`
`54`	`54`	`<div`
`55`	`55`	`class="{{ $message->is_advisor ? 'text-gray-900 dark:text-gray-100 dark:prose-invert prose-p:mb-3 prose-p:leading-relaxed' : 'text-white prose-invert prose-p:mb-3 prose-p:leading-relaxed' }} prose prose-sm max-w-none leading-relaxed"`
`56`	`56`	`>`
`57`		`- {!! str($message->content)->markdown() !!}`
	`57`	`+ {{ str($message->content)->markdown()->sanitizeHtml()->toHtmlString() }}`
`58`	`58`	`</div>`
`59`	`59`	`</div>`
`60`	`60`	`</div>`