From 4c1cfd92780d49f83e191d2b4cc9a9c51e8b71d0 Mon Sep 17 00:00:00 2001 From: Nite Knite Date: Wed, 10 Apr 2024 16:16:24 +0800 Subject: [PATCH] chore: address security alerts on braces escape and KaTeX (#3301) --- .../prompt-editor/plugins/variable-value-block/index.tsx | 2 +- .../prompt-editor/plugins/variable-value-block/utils.ts | 2 +- web/package.json | 2 +- web/yarn.lock | 9 ++++++++- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/web/app/components/base/prompt-editor/plugins/variable-value-block/index.tsx b/web/app/components/base/prompt-editor/plugins/variable-value-block/index.tsx index 60c7c2cc0d..e93c0d7f99 100644 --- a/web/app/components/base/prompt-editor/plugins/variable-value-block/index.tsx +++ b/web/app/components/base/prompt-editor/plugins/variable-value-block/index.tsx @@ -31,7 +31,7 @@ const VariableValueBlock = () => { if (matchArr === null) return null - const hashtagLength = matchArr[3].length + 4 + const hashtagLength = matchArr[0].length const startOffset = matchArr.index const endOffset = startOffset + hashtagLength return { diff --git a/web/app/components/base/prompt-editor/plugins/variable-value-block/utils.ts b/web/app/components/base/prompt-editor/plugins/variable-value-block/utils.ts index f1e5d7d88a..4d59d41031 100644 --- a/web/app/components/base/prompt-editor/plugins/variable-value-block/utils.ts +++ b/web/app/components/base/prompt-editor/plugins/variable-value-block/utils.ts @@ -1,5 +1,5 @@ export function getHashtagRegexString(): string { - const hashtag = '(\{)(\{)([a-zA-Z_][a-zA-Z0-9_]{0,29})(\})(\})' + const hashtag = '\\{\\{[a-zA-Z_][a-zA-Z0-9_]{0,29}\\}\\}' return hashtag } diff --git a/web/package.json b/web/package.json index f244b54e24..1aa54ca927 100644 --- a/web/package.json +++ b/web/package.json @@ -44,7 +44,7 @@ "immer": "^9.0.19", "js-audio-recorder": "^1.0.7", "js-cookie": "^3.0.1", - "katex": "^0.16.7", + "katex": "^0.16.10", "lamejs": "^1.2.1", "lexical": "^0.12.2", "lodash-es": "^4.17.21", diff --git a/web/yarn.lock b/web/yarn.lock index 1b005f250b..a4d664e6e6 100644 --- a/web/yarn.lock +++ b/web/yarn.lock @@ -4092,13 +4092,20 @@ jsonc-eslint-parser@^2.0.4, jsonc-eslint-parser@^2.1.0: object.assign "^4.1.4" object.values "^1.1.6" -katex@^0.16.0, katex@^0.16.7: +katex@^0.16.0: version "0.16.8" resolved "https://registry.npmjs.org/katex/-/katex-0.16.8.tgz" integrity sha512-ftuDnJbcbOckGY11OO+zg3OofESlbR5DRl2cmN8HeWeeFIV7wTXvAOx8kEjZjobhA+9wh2fbKeO6cdcA9Mnovg== dependencies: commander "^8.3.0" +katex@^0.16.10: + version "0.16.10" + resolved "https://registry.yarnpkg.com/katex/-/katex-0.16.10.tgz#6f81b71ac37ff4ec7556861160f53bc5f058b185" + integrity sha512-ZiqaC04tp2O5utMsl2TEZTXxa6WSC4yo0fv5ML++D3QZv/vx2Mct0mTlRx3O+uUkjfuAgOkzsCmq5MiUEsDDdA== + dependencies: + commander "^8.3.0" + khroma@^2.0.0: version "2.0.0" resolved "https://registry.npmjs.org/khroma/-/khroma-2.0.0.tgz"