Add option to forbid external images

2024-01-24 15:47:54 +02:00 · 2024-01-24 15:47:54 +02:00 · 4823bcf4ff
parent 625a07ac1f
commit 4823bcf4ff
3 changed files with 31 additions and 0 deletions
--- a/public/index.html
+++ b/public/index.html
@ -3420,6 +3420,10 @@
                                        <span class="fa-solid fa-circle-question note-link-span"></span>
                                    </a>
                                </label>
+                                <label class="checkbox_label" for="forbid_external_images" title="Disalow embedded images from other domains in chat messages.">
+                                    <input id="forbid_external_images" type="checkbox" />
+                                    <span data-i18n="Forbid External Images">Forbid External Images</span>
+                                </label>
                                <label data-newbie-hidden class="checkbox_label" for="allow_name2_display">
                                    <input id="allow_name2_display" type="checkbox" />
                                    <span data-i18n="Allow {{char}}: in bot messages">Show {{char}}: in responses</span>
--- a/public/script.js
+++ b/public/script.js
@ -296,6 +296,25 @@ DOMPurify.addHook('uponSanitizeAttribute', (_, data, config) => {
    }
 });

+DOMPurify.addHook('uponSanitizeElement', (node, _, config) => {
+    if (!config['MESSAGE_SANITIZE']) {
+        return;
+    }
+
+    switch (node.tagName) {
+        case 'IMG': {
+            const isExternalUrl = (url) => (url.indexOf('://') > 0 || url.indexOf('//') === 0) && !url.startsWith(window.location.origin);
+            const src = node.getAttribute('src');
+
+            if (power_user.forbid_external_images && isExternalUrl(src)) {
+                console.warn('External image blocked', src);
+                node.remove();
+            }
+        }
+        break;
+    }
+});
+
 // API OBJECT FOR EXTERNAL WIRING
 window['SillyTavern'] = {};

--- a/public/scripts/power-user.js
+++ b/public/scripts/power-user.js
@ -237,6 +237,7 @@ let power_user = {
    compact_input_area: true,
    auto_connect: false,
    auto_load_chat: false,
+    forbid_external_images: false,
 };

 let themes = [];
@ -1529,6 +1530,7 @@ function loadPowerUserSettings(settings, data) {
    $('#reduced_motion').prop('checked', power_user.reduced_motion);
    $('#auto-connect-checkbox').prop('checked', power_user.auto_connect);
    $('#auto-load-chat-checkbox').prop('checked', power_user.auto_load_chat);
+    $('#forbid_external_images').prop('checked', power_user.forbid_external_images);

    for (const theme of themes) {
        const option = document.createElement('option');
@ -3234,6 +3236,12 @@ $(document).ready(() => {
        saveSettingsDebounced();
    });

+    $('#forbid_external_images').on('input', function () {
+        power_user.forbid_external_images = !!$(this).prop('checked');
+        saveSettingsDebounced();
+        reloadCurrentChat();
+    });
+
    $(document).on('click', '#debug_table [data-debug-function]', function () {
        const functionId = $(this).data('debug-function');
        const functionRecord = debug_functions.find(f => f.functionId === functionId);