wanwu/deer-flow
1
0
Fork 0
mirror of https://gitee.com/wanwujie/deer-flow synced 2026-04-24 06:34:46 +08:00
Code Issues Packages Projects Releases Wiki Activity

security: patch orjson DoS and harden container/frontend (#852)

Browse Source
This commit is contained in:
Rin
2026-02-13 09:15:39 +07:00
committed by GitHub
parent b92ad7e39a
commit ba45c1a3a9
4 changed files with 57 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
web/src/components/deer-flow/message-input.tsx
View File

@@ -207,11 +207,11 @@ const MessageInput = forwardRef<MessageInputRef, MessageInputProps>(
function transformPastedHTML(html: string) {
try {
// Strip HTML from user-pasted content
const tempEl = document.createElement("div");
tempEl.innerHTML = html;
// Strip HTML from user-pasted content using DOMParser for better security
const parser = new DOMParser();
const doc = parser.parseFromString(html, "text/html");
return tempEl.textContent || tempEl.innerText || "";
return doc.body.textContent || "";
} catch (error) {
console.error("Error transforming pasted HTML", error);