fix: Exa guardrail#1150
Conversation
There was a problem hiding this comment.
This PR adds a guardrail to the Exa plugin by explicitly setting includeHtmlTags: false in the text configuration. This is a good security practice to prevent potential XSS vulnerabilities or rendering issues. I have one minor suggestion to improve documentation.
| query, | ||
| numResults, | ||
| useAutoprompt: true, | ||
| contents: { | ||
| text: true, | ||
| text: { | ||
| includeHtmlTags: false, |
There was a problem hiding this comment.
💡 Optional Recommendation
Issue: The purpose of excluding HTML tags isn't documented, which might make it unclear why this configuration is important.
Fix: Add a comment explaining the security implications of this setting.
Impact: Improves code maintainability and helps future developers understand the security considerations.
| query, | |
| numResults, | |
| useAutoprompt: true, | |
| contents: { | |
| text: true, | |
| text: { | |
| includeHtmlTags: false, | |
| query, | |
| numResults, | |
| useAutoprompt: true, | |
| text: { | |
| // Prevent potential XSS by excluding HTML tags from responses | |
| includeHtmlTags: false, | |
| }, |
|
Important PR Review SkippedPR review skipped as per the configuration setting. Run a manually review by commenting /matter review 💡Tips to use Matter AICommand List
|
Description
Motivation
Type of Change
How Has This Been Tested?
Screenshots (if applicable)
Checklist
Related Issues