klbr/khoj
1
0
Fork 0
mirror of https://github.com/khoaliber/khoj.git synced 2026-03-02 13:18:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove image HTML elements from non whitelisted sources in Obsidian chat

Browse Source 
Given img src enforcement via CSP required loosening. Soft enforce it
via a regex replace of img HTML elements if the src isn't from the
whitelisted set of source prefixes.

Currently allowed source prefixes are
- app: for local images
- data: for inline generated images
- https://generated.khoj.dev: for cloud generated images
This commit is contained in:
Debanjum Singh Solanky
2024-06-15 10:58:26 +05:30
parent c7d825bddb
commit 86a3505d89
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/interface/obsidian/src/chat_view.ts
View File

@@ -322,6 +322,12 @@ export class KhojChatView extends KhojPaneView {
// @ts-ignore
MarkdownRenderer.renderMarkdown(markdownText, virtualChatMessageBodyTextEl, '', null);
// Remove image HTML elements with any non whitelisted src prefix
virtualChatMessageBodyTextEl.innerHTML = virtualChatMessageBodyTextEl.innerHTML.replace(
/<img(?:(?!src=["'](app:|data:|https:\/\/generated\.khoj\.dev)).)*?>/gis,
''
);
// Sanitize the markdown text rendered as HTML
return DOMPurify.sanitize(virtualChatMessageBodyTextEl.innerHTML);
}