klbr/khoj
1
0
Fork 0
mirror of https://github.com/khoaliber/khoj.git synced 2026-03-04 13:20:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize chat messages to render in Obsidian, Desktop, Web apps

Browse Source 
Use DOMPurify to escape any unsafe HTML in chat message before adding
it to DOM via innerHTML updates to a HTML element
This commit is contained in:
Debanjum Singh Solanky
2024-05-29 15:39:49 +05:30
parent 9f80c2ab76
commit b757ba664f
7 changed files with 680 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/interface/desktop/assets/purify.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

3
src/interface/desktop/chat.html
View File

@@ -8,6 +8,7 @@
<link rel="icon" type="image/png" sizes="128x128" href="./assets/icons/favicon-128x128.png">
<link rel="manifest" href="/static/khoj.webmanifest">
</head>
<script type="text/javascript" src="./assets/purify.min.js?v={{ khoj_version }}"></script>
<script type="text/javascript" src="./assets/markdown-it.min.js"></script>
<script src="./utils.js"></script>
@@ -282,6 +283,8 @@
// Render markdown
newHTML = raw ? newHTML : md.render(newHTML);
// Sanitize the rendered markdown
newHTML = DOMPurify.sanitize(newHTML);
// Set rendered markdown to HTML DOM element
let element = document.createElement('div');
element.innerHTML = newHTML;