xinyin025/geekai
1
0
Fork 0
mirror of https://github.com/yangjian102621/geekai.git synced 2025-09-17 08:46:38 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: fixed bug for prompt code format, prevent xss attacks

Browse Source
This commit is contained in:
RockYang 2023-12-07 14:02:13 +08:00
parent 442e411cde
commit 8aec87cc02
6 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
api/handler/chatimpl/azure_handler.go
View File

@ -10,6 +10,7 @@ import (
"encoding/json"
"fmt"
"gorm.io/gorm"
"html/template"
"io"
"strings"
"time"
@ -200,7 +201,7 @@ func (h *ChatHandler) sendAzureMessage(
RoleId: role.Id,
Type: types.PromptMsg,
Icon: userVo.Avatar,
Content: prompt,
Content: template.HTMLEscapeString(prompt),
Tokens: promptToken,
UseContext: useContext,
}

3
api/handler/chatimpl/baidu_handler.go
View File

@ -9,6 +9,7 @@ import (
"context"
"encoding/json"
"fmt"
"html/template"
"io"
"net/http"
"strings"
@ -156,7 +157,7 @@ func (h *ChatHandler) sendBaiduMessage(
RoleId: role.Id,
Type: types.PromptMsg,
Icon: userVo.Avatar,
Content: prompt,
Content: template.HTMLEscapeString(prompt),
Tokens: promptToken,
UseContext: true,
}

3
api/handler/chatimpl/chatglm_handler.go
View File

@ -10,6 +10,7 @@ import (
"encoding/json"
"fmt"
"github.com/golang-jwt/jwt/v5"
"html/template"
"io"
"strings"
"time"
@ -135,7 +136,7 @@ func (h *ChatHandler) sendChatGLMMessage(
RoleId: role.Id,
Type: types.PromptMsg,
Icon: userVo.Avatar,
Content: prompt,
Content: template.HTMLEscapeString(prompt),
Tokens: promptToken,
UseContext: true,
}

3
api/handler/chatimpl/openai_handler.go
View File

@ -10,6 +10,7 @@ import (
"encoding/json"
"fmt"
"gorm.io/gorm"
"html/template"
"io"
"strings"
"time"
@ -199,7 +200,7 @@ func (h *ChatHandler) sendOpenAiMessage(
RoleId: role.Id,
Type: types.PromptMsg,
Icon: userVo.Avatar,
Content: prompt,
Content: template.HTMLEscapeString(prompt),
Tokens: promptToken,
UseContext: useContext,
}

3
api/handler/chatimpl/xunfei_handler.go
View File

@ -12,6 +12,7 @@ import (
"encoding/json"
"fmt"
"github.com/gorilla/websocket"
"html/template"
"io"
"net/http"
"net/url"
@ -198,7 +199,7 @@ func (h *ChatHandler) sendXunFeiMessage(
RoleId: role.Id,
Type: types.PromptMsg,
Icon: userVo.Avatar,
Content: prompt,
Content: template.HTMLEscapeString(prompt),
Tokens: promptToken,
UseContext: true,
}

12
web/src/views/ChatPlus.vue
View File

@ -245,7 +245,7 @@ import {
VideoPause
} from '@element-plus/icons-vue'
import 'highlight.js/styles/a11y-dark.css'
import {dateFormat, isMobile, randString, removeArrayItem, renderInputText, UUID} from "@/utils/libs";
import {dateFormat, isMobile, randString, removeArrayItem, UUID} from "@/utils/libs";
import {ElMessage, ElMessageBox} from "element-plus";
import hl from "highlight.js";
import {getSessionId, getUserToken, removeUserToken} from "@/store/session";
@ -690,13 +690,12 @@ const sendMessage = function () {
if (prompt.value.trim().length === 0 || canSend.value === false) {
return false;
}
//
chatData.value.push({
type: "prompt",
id: randString(32),
icon: loginUser.value.avatar,
content: renderInputText(prompt.value),
content: md.render(prompt.value),
created_at: new Date().getTime(),
});
@ -761,10 +760,7 @@ const loadChatHistory = function (chatId) {
}
showHello.value = false
for (let i = 0; i < data.length; i++) {
if (data[i].type === "prompt") {
chatData.value.push(data[i]);
continue;
} else if (data[i].type === "mj") {
if (data[i].type === "mj") {
data[i].content = JSON.parse(data[i].content)
data[i].content.html = md.render(data[i].content?.content)
chatData.value.push(data[i]);
@ -802,7 +798,7 @@ const reGenerate = function () {
type: "prompt",
id: randString(32),
icon: loginUser.value.avatar,
content: renderInputText(text)
content: md.render(text)
});
socket.value.send(text);
}