dearwolf/LocalAI
1
0
Fork 0
mirror of https://github.com/mudler/LocalAI.git synced 2025-05-20 10:35:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 21

fix: use bluemonday as recommended by blackfriday (#2142)

Browse source 
use bluemonday as recommended by blackfriday

Signed-off-by: Dave Lee <dave@gray101.com>
This commit is contained in:
Dave 2024-04-26 04:34:50 -04:00 committed by GitHub
parent 2cd4936c99
commit 006306b183
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 17 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

3
core/http/render.go
View file

@ -10,6 +10,7 @@ import (
"github.com/go-skynet/LocalAI/core/schema"
"github.com/gofiber/fiber/v2"
fiberhtml "github.com/gofiber/template/html/v2"
"github.com/microcosm-cc/bluemonday"
"github.com/russross/blackfriday"
)
@ -39,5 +40,5 @@ func renderEngine() *fiberhtml.Engine {
func markDowner(args ...interface{}) template.HTML {
s := blackfriday.MarkdownCommon([]byte(fmt.Sprintf("%s", args...)))
return template.HTML(s)
return template.HTML(bluemonday.UGCPolicy().Sanitize(string(s)))
}