zoushiyang/page-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #191 from RinZ27/fix/ui-security-xss

Browse Source 
fix(ui): escape array content in cards and fix double-escaping
This commit is contained in:
Simon
2026-03-11 23:43:02 +08:00
committed by GitHub
parent e2c00b1bfc c33b3d8278
commit a9f462ed37
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
packages/ui/src/panel/cards.ts
View File

@@ -18,7 +18,7 @@ interface CardOptions {
export function createCard({ icon, content, meta, type }: CardOptions): string { export function createCard({ icon, content, meta, type }: CardOptions): string {
const typeClass = type ? styles[type] : '' const typeClass = type ? styles[type] : ''
const contentHtml = Array.isArray(content) const contentHtml = Array.isArray(content)
? `<div class="${styles.reflectionLines}">${content.join('')}</div>` ? `<div class="${styles.reflectionLines}">${content.map((line) => `<span>${escapeHtml(line)}</span>`).join('')}</div>`
: `<span>${escapeHtml(content)}</span>` : `<span>${escapeHtml(content)}</span>`
return ` return `
@@ -40,13 +40,13 @@ export function createReflectionLines(reflection: {
}): string[] { }): string[] {
const lines: string[] = [] const lines: string[] = []
if (reflection.evaluation_previous_goal) { if (reflection.evaluation_previous_goal) {
lines.push(`<div>🔍 ${escapeHtml(reflection.evaluation_previous_goal)}</div>`) lines.push(`🔍 ${reflection.evaluation_previous_goal}`)
} }
if (reflection.memory) { if (reflection.memory) {
lines.push(`<div>💾 ${escapeHtml(reflection.memory)}</div>`) lines.push(`💾 ${reflection.memory}`)
} }
if (reflection.next_goal) { if (reflection.next_goal) {
lines.push(`<div>🎯 ${escapeHtml(reflection.next_goal)}</div>`) lines.push(`🎯 ${reflection.next_goal}`)
} }
return lines return lines
} }