From 86a3505d894553d1ef7f8af1fe52ec3ba3f646d7 Mon Sep 17 00:00:00 2001
From: Debanjum Singh Solanky <debanjum@gmail.com>
Date: Sat, 15 Jun 2024 10:58:26 +0530
Subject: [PATCH] Remove image HTML elements from non whitelisted sources in
 Obsidian chat

Given img src enforcement via CSP required loosening. Soft enforce it
via a regex replace of img HTML elements if the src isn't from the
whitelisted set of source prefixes.

Currently allowed source prefixes are
- app: for local images
- data: for inline generated images
- https://generated.khoj.dev: for cloud generated images
---
 src/interface/obsidian/src/chat_view.ts | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/interface/obsidian/src/chat_view.ts b/src/interface/obsidian/src/chat_view.ts
index b175ad11..87df8a91 100644
--- a/src/interface/obsidian/src/chat_view.ts
+++ b/src/interface/obsidian/src/chat_view.ts
@@ -322,6 +322,12 @@ export class KhojChatView extends KhojPaneView {
         // @ts-ignore
         MarkdownRenderer.renderMarkdown(markdownText, virtualChatMessageBodyTextEl, '', null);
 
+        // Remove image HTML elements with any non whitelisted src prefix
+        virtualChatMessageBodyTextEl.innerHTML = virtualChatMessageBodyTextEl.innerHTML.replace(
+            /<img(?:(?!src=["'](app:|data:|https:\/\/generated\.khoj\.dev)).)*?>/gis,
+            ''
+        );
+
         // Sanitize the markdown text rendered as HTML
         return DOMPurify.sanitize(virtualChatMessageBodyTextEl.innerHTML);
     }