Fix: Use DOMPurify to filter out dangerous HTML #infiniflow#7668

cike8899 · cike8899 · commit c7203d734a8a · 2025-05-15T16:36:24.000+08:00
diff --git a/web/src/pages/chat/markdown-content/index.tsx b/web/src/pages/chat/markdown-content/index.tsx
@@ -50,7 +50,7 @@ const MarkdownContent = ({
   const { setDocumentIds, data: fileThumbnails } =
     useFetchDocumentThumbnailsByIds();
   const contentWithCursor = useMemo(() => {
-    let text = content;
+    let text = DOMPurify.sanitize(content);
     if (text === '') {
       text = t('chat.searching');
     }

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ const MarkdownContent = ({`
`50`	`50`	`const { setDocumentIds, data: fileThumbnails } =`
`51`	`51`	`useFetchDocumentThumbnailsByIds();`
`52`	`52`	`const contentWithCursor = useMemo(() => {`
`53`		`- let text = content;`
	`53`	`+ let text = DOMPurify.sanitize(content);`
`54`	`54`	`if (text === '') {`
`55`	`55`	`text = t('chat.searching');`
`56`	`56`	`}`