fix: address markdown image review feedback

2026-05-09 18:54:31 +00:00 · 2026-03-07 19:26:29 +05:30
parent 4bf902de58
commit d25b493c7f
4 changed files with 52 additions and 7 deletions
--- a/src/auto-reply/reply/export-html/template.js
+++ b/src/auto-reply/reply/export-html/template.js
@@ -665,6 +665,10 @@
    return div.innerHTML;
  }

+  function escapeHtmlAttr(text) {
+    return escapeHtml(text).replaceAll('"', "&quot;").replaceAll("'", "&#39;");
+  }
+
  // Validate image fields before interpolating data URLs.
  const SAFE_IMAGE_MIME_RE = /^image\/(png|jpeg|gif|webp|svg\+xml|bmp|tiff|avif)$/i;
  const SAFE_BASE64_RE = /^[A-Za-z0-9+/]+={0,2}$/;
@@ -1725,7 +1729,7 @@
    if (!INLINE_DATA_IMAGE_RE.test(href)) {
      return escapeHtml(label);
    }
-    return `<img src="${escapeHtml(href)}" alt="${escapeHtml(label)}">`;
+    return `<img src="${escapeHtmlAttr(href)}" alt="${escapeHtmlAttr(label)}">`;
  }

  // Configure marked with syntax highlighting and HTML escaping for text
--- a/src/auto-reply/reply/export-html/template.security.test.ts
+++ b/src/auto-reply/reply/export-html/template.security.test.ts
@@ -284,4 +284,38 @@ describe("export html security hardening", () => {
    expect(messages?.textContent).toContain("exfil");
    expect(messages?.querySelector(`img[src="${dataImage}"]`)).toBeTruthy();
  });
+
+  it("escapes markdown data-image attributes", () => {
+    const dataImage = "data:image/png;base64,AAAA";
+    const session: SessionData = {
+      header: { id: "session-5", timestamp: now() },
+      entries: [
+        {
+          id: "1",
+          parentId: null,
+          timestamp: now(),
+          type: "message",
+          message: {
+            role: "assistant",
+            content: [
+              {
+                type: "text",
+                text: `![x" onerror="alert(1)](${dataImage})`,
+              },
+            ],
+          },
+        },
+      ],
+      leafId: "1",
+      systemPrompt: "",
+      tools: [],
+    };
+
+    const { document } = renderTemplate(session);
+    const img = document.querySelector("#messages img");
+    expect(img).toBeTruthy();
+    expect(img?.getAttribute("onerror")).toBeNull();
+    expect(img?.getAttribute("alt")).toBe('x" onerror="alert(1)');
+    expect(img?.getAttribute("src")).toBe(dataImage);
+  });
 });