mirror of
https://github.com/SillyTavern/SillyTavern.git
synced 2024-12-11 17:07:07 +01:00
sanitize HTML on html returns
- I had it in there for some time, I even tested it... likely gone during some commits
This commit is contained in:
parent
d96bb3dcea
commit
56265540db
@ -56,7 +56,7 @@ export const slashCommandReturnHelper = {
|
||||
case 'chat-html':
|
||||
case 'toast-text':
|
||||
case 'toast-html': {
|
||||
const htmlOrNotHtml = shouldHtml ? (new showdown.Converter()).makeHtml(stringValue) : escapeHtml(stringValue);
|
||||
const htmlOrNotHtml = shouldHtml ? DOMPurify.sanitize((new showdown.Converter()).makeHtml(stringValue)) : escapeHtml(stringValue);
|
||||
|
||||
if (type.startsWith('popup')) await callGenericPopup(htmlOrNotHtml, POPUP_TYPE.TEXT);
|
||||
if (type.startsWith('chat')) sendSystemMessage(system_message_types.GENERIC, htmlOrNotHtml);
|
||||
|
Loading…
Reference in New Issue
Block a user