michael/merlyn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge commit from fork

Browse Source
This commit is contained in:
Timothy Carambat 2026-04-15 10:37:56 -07:00 committed by GitHub
parent 29b924e5f7
commit f5fa03f472
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
frontend/src/components/WorkspaceChat/ChatContainer/ChatHistory/Chartable/index.jsx
View File

@ -31,6 +31,7 @@ import CustomCell from "./CustomCell.jsx";
import Tooltip from "./CustomTooltip.jsx"; import Tooltip from "./CustomTooltip.jsx";
import { safeJsonParse } from "@/utils/request.js"; import { safeJsonParse } from "@/utils/request.js";
import renderMarkdown from "@/utils/chat/markdown.js"; import renderMarkdown from "@/utils/chat/markdown.js";
import DOMPurify from "dompurify";
import { memo, useCallback, useState } from "react"; import { memo, useCallback, useState } from "react";
import { saveAs } from "file-saver"; import { saveAs } from "file-saver";
import { useGenerateImage } from "recharts-to-png"; import { useGenerateImage } from "recharts-to-png";
@ -394,7 +395,7 @@ export function Chartable({ props }) {
<span <span
className="flex flex-col gap-y-1 mt-2" className="flex flex-col gap-y-1 mt-2"
dangerouslySetInnerHTML={{ dangerouslySetInnerHTML={{
__html: renderMarkdown(content.caption), __html: DOMPurify.sanitize(renderMarkdown(content.caption)),
}} }}
/> />
</div> </div>
@ -413,7 +414,7 @@ export function Chartable({ props }) {
<span <span
className="flex flex-col gap-y-1 mt-2" className="flex flex-col gap-y-1 mt-2"
dangerouslySetInnerHTML={{ dangerouslySetInnerHTML={{
__html: renderMarkdown(content.caption), __html: DOMPurify.sanitize(renderMarkdown(content.caption)),
}} }}
/> />
</div> </div>

4
frontend/src/utils/chat/markdown.js
View File

@ -63,7 +63,7 @@ markdown.renderer.rules.strong_close = () => "</strong>";
markdown.renderer.rules.link_open = (tokens, idx) => { markdown.renderer.rules.link_open = (tokens, idx) => {
const token = tokens[idx]; const token = tokens[idx];
const href = token.attrs.find((attr) => attr[0] === "href"); const href = token.attrs.find((attr) => attr[0] === "href");
return `<a href="${href[1]}" target="_blank" rel="noopener noreferrer">`; return `<a href="${HTMLEncode(href[1])}" target="_blank" rel="noopener noreferrer">`;
}; };
// Custom renderer for responsive images rendered in markdown // Custom renderer for responsive images rendered in markdown
@ -73,7 +73,7 @@ markdown.renderer.rules.image = function (tokens, idx) {
const src = token.attrs[srcIndex][1]; const src = token.attrs[srcIndex][1];
const alt = token.content || ""; const alt = token.content || "";
return `<div class="w-full max-w-[800px]"><img src="${src}" alt="${alt}" class="w-full h-auto" /></div>`; return `<div class="w-full max-w-[800px]"><img src="${HTMLEncode(src)}" alt="${HTMLEncode(alt)}" class="w-full h-auto" /></div>`;
}; };
markdown.use(markdownItKatexPlugin); markdown.use(markdownItKatexPlugin);