Remove image HTML elements from non whitelisted sources in Obsidian chat

Given img src enforcement via CSP required loosening. Soft enforce it
via a regex replace of img HTML elements if the src isn't from the
whitelisted set of source prefixes.

Currently allowed source prefixes are
- app: for local images
- data: for inline generated images
- https://generated.khoj.dev: for cloud generated images

src/interface/obsidian/src/chat_view.ts

@@ -322,6 +322,12 @@ export class KhojChatView extends KhojPaneView {
         // @ts-ignore
         MarkdownRenderer.renderMarkdown(markdownText, virtualChatMessageBodyTextEl, '', null);
 
+        // Remove image HTML elements with any non whitelisted src prefix
+        virtualChatMessageBodyTextEl.innerHTML = virtualChatMessageBodyTextEl.innerHTML.replace(
+            /<img(?:(?!src=["'](app:|data:|https:\/\/generated\.khoj\.dev)).)*?>/gis,
+            ''
+        );
+
         // Sanitize the markdown text rendered as HTML
         return DOMPurify.sanitize(virtualChatMessageBodyTextEl.innerHTML);
     }