rixty/SillyTavern
1
0
Fork 0
mirror of https://github.com/SillyTavern/SillyTavern.git synced 2025-01-23 07:51:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

DOM.purify toast if HTML is allowed

Browse Source
This commit is contained in:
Wolfsblvt 2024-09-06 20:31:13 +02:00
parent 0d9843cdd6
commit 25d8286dfc
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
public/scripts/slash-commands.js
View File

@ -2251,6 +2251,11 @@ async function echoCallback(args, value) {
} }
} }
// If we allow HTML, we need to sanitize it to prevent security risks
if (!options.escapeHtml) {
value = DOMPurify.sanitize(value, { FORBID_TAGS: ['style'] });
}
let toast; let toast;
switch (severity) { switch (severity) {
case 'error': case 'error':