Lack of input sanitisation meaning syntax error when entering some HTML into the chat box #5959
-
What happened?When entering certain HTML or JSON into the chat box, the chatbot will fail to respond due to an error. Version Informationv0.7.7-rc1 Steps to Reproduce
What browsers are you seeing the problem on?Edge Relevant log outputindex.BMafu_Tk.js:3038
SyntaxError: Unexpected token '<', "<html>
<h"... is not valid JSON
at JSON.parse (<anonymous>)
at index.BMafu_Tk.js:3038:23665
at vendor.BF7k-GRL.js:716:4358
at Array.every (<anonymous>)
at Y4.dispatchEvent (vendor.BF7k-GRL.js:716:4333)
at Y4._onStreamFailure (vendor.BF7k-GRL.js:716:4656)
at Y4._onStreamProgress (vendor.BF7k-GRL.js:716:4863)
(anonymous) @ index.BMafu_Tk.js:3038
(anonymous) @ vendor.BF7k-GRL.js:716
Y4.dispatchEvent @ vendor.BF7k-GRL.js:716
Y4._onStreamFailure @ vendor.BF7k-GRL.js:716
Y4._onStreamProgress @ vendor.BF7k-GRL.js:716
XMLHttpRequest.send
Y4.stream @ vendor.BF7k-GRL.js:718
Y4 @ vendor.BF7k-GRL.js:718
(anonymous) @ index.BMafu_Tk.js:3038
Rx @ vendor.BF7k-GRL.js:40
zp @ vendor.BF7k-GRL.js:40
Iwe @ vendor.BF7k-GRL.js:40
bd @ vendor.BF7k-GRL.js:40
fB @ vendor.BF7k-GRL.js:40
_u @ vendor.BF7k-GRL.js:38
(anonymous) @ vendor.BF7k-GRL.js:40ScreenshotsNo response Code of Conduct
|
Beta Was this translation helpful? Give feedback.
Answered by
danny-avila
Feb 20, 2025
Replies: 2 comments
-
|
A screenshot or video would help here, since this can't be reproduced by the steps given. HTML from user/AI input is not rendered by the app as that would expose a XSS vulnerability.
|
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
djriversq
-
|
This was an AWS WAF issue |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A screenshot or video would help here, since this can't be reproduced by the steps given.
HTML from user/AI input is not rendered by the app as that would expose a XSS vulnerability.