OpenSource
/
dify
Прати 4
Волим 0
Креирај огранак 0
Код Дискусије 0 Захтеви за спајање 0 Издања 152 Вики Activity
Преглед изворни кода

chore: fix some security issues in markdown (#20639)

tags/1.4.2
Joel пре 5 месеци
родитељ
006496f24e
комит
d22c351221
No account linked to committer's email address
3 измењених фајлова са 13 додато и 13 уклоњено
Један поглед Покажи статистику Diff
  1. 4
    12
      web/app/components/base/markdown-blocks/button.tsx
  2. 6
    1
      web/app/components/base/markdown-blocks/link.tsx
  3. 3
    0
      web/app/components/base/markdown-blocks/utils.ts

+ 4
- 12
web/app/components/base/markdown-blocks/button.tsx Прегледај датотеку

import { useChatContext } from '@/app/components/base/chat/chat/context' import { useChatContext } from '@/app/components/base/chat/chat/context'
import Button from '@/app/components/base/button' import Button from '@/app/components/base/button'
import cn from '@/utils/classnames' import cn from '@/utils/classnames'
import { isValidUrl } from './utils'
const MarkdownButton = ({ node }: any) => { const MarkdownButton = ({ node }: any) => {
const { onSend } = useChatContext() const { onSend } = useChatContext()
const variant = node.properties.dataVariant const variant = node.properties.dataVariant
const link = node.properties.dataLink const link = node.properties.dataLink
const size = node.properties.dataSize const size = node.properties.dataSize


function is_valid_url(url: string): boolean {
try {
const parsed_url = new URL(url)
return ['http:', 'https:'].includes(parsed_url.protocol)
}
catch {
return false
}
}

return <Button return <Button
variant={variant} variant={variant}
size={size} size={size}
className={cn('!h-auto min-h-8 select-none whitespace-normal !px-3')} className={cn('!h-auto min-h-8 select-none whitespace-normal !px-3')}
onClick={() => { onClick={() => {
if (is_valid_url(link)) {
if (isValidUrl(link)) {
window.open(link, '_blank') window.open(link, '_blank')
return return
} }
if(!message)
return
onSend?.(message) onSend?.(message)
}} }}
> >

+ 6
- 1
web/app/components/base/markdown-blocks/link.tsx Прегледај датотеку

*/ */
import React from 'react' import React from 'react'
import { useChatContext } from '@/app/components/base/chat/chat/context' import { useChatContext } from '@/app/components/base/chat/chat/context'
import { isValidUrl } from './utils'


const Link = ({ node, children, ...props }: any) => { const Link = ({ node, children, ...props }: any) => {
const { onSend } = useChatContext() const { onSend } = useChatContext()
return <abbr className="cursor-pointer underline !decoration-primary-700 decoration-dashed" onClick={() => onSend?.(hidden_text)} title={node.children[0]?.value || ''}>{node.children[0]?.value || ''}</abbr> return <abbr className="cursor-pointer underline !decoration-primary-700 decoration-dashed" onClick={() => onSend?.(hidden_text)} title={node.children[0]?.value || ''}>{node.children[0]?.value || ''}</abbr>
} }
else { else {
return <a {...props} target="_blank" className="cursor-pointer underline !decoration-primary-700 decoration-dashed">{children || 'Download'}</a>
const href = props.href || node.properties?.href
if(!isValidUrl(href))
return <span>{children}</span>

return <a href={href} target="_blank" className="cursor-pointer underline !decoration-primary-700 decoration-dashed">{children || 'Download'}</a>
} }
} }



+ 3
- 0
web/app/components/base/markdown-blocks/utils.ts Прегледај датотеку

export const isValidUrl = (url: string): boolean => {
return ['http:', 'https:', '//', 'mailto:'].some(prefix => url.startsWith(prefix))
}

Write Preview
Loading…
Откажи
Сачувај