Skip to content

Commit

Permalink
🐛 Escape HTML brackets before sanitizing in Streaming bubble
Browse files Browse the repository at this point in the history 
Closes #1841
  • Loading branch information
@baptisteArno
baptisteArno committed Oct 21, 2024
1 parent b33e2ee commit 91fc9eb
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 9 deletions.
2 changes: 1 addition & 1 deletion packages/embeds/js/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@typebot.io/js",
"version": "0.3.24",
"version": "0.3.25",
"description": "Javascript library to display typebots on your website",
"license": "FSL-1.1-ALv2",
"type": "module",
Expand Down
23 changes: 17 additions & 6 deletions packages/embeds/js/src/components/bubbles/StreamingBubble.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,15 @@ export const StreamingBubble = (props: Props) => {
if (index % 2 === 0) {
return block.split("\n\n").map((line) =>
domPurify.sanitize(
marked.parse(line.replace(/【.+】/g, ""), {
breaks: true,
}),
marked.parse(
line
.replace(/【.+】/g, "")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;"),
{
breaks: true,
},
),
{
ADD_ATTR: ["target"],
},
Expand All @@ -45,9 +51,14 @@ export const StreamingBubble = (props: Props) => {
} else {
return [
domPurify.sanitize(
marked.parse("```" + block + "```", {
breaks: true,
}),
marked.parse(
"```" +
block +
"```".replace(/</g, "&lt;").replace(/>/g, "&gt;"),
{
breaks: true,
},
),
{
ADD_ATTR: ["target"],
},
Expand Down
2 changes: 1 addition & 1 deletion packages/embeds/nextjs/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@typebot.io/nextjs",
"version": "0.3.24",
"version": "0.3.25",
"license": "FSL-1.1-ALv2",
"description": "Convenient library to display typebots on your Next.js website",
"type": "module",
Expand Down
2 changes: 1 addition & 1 deletion packages/embeds/react/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@typebot.io/react",
"version": "0.3.24",
"version": "0.3.25",
"description": "Convenient library to display typebots on your React app",
"license": "FSL-1.1-ALv2",
"type": "module",
Expand Down

0 comments on commit 91fc9eb

Please sign in to comment.