File tree Expand file tree Collapse file tree
common/changes/@coze/chat-sdk
libs/ui-kit/atomic/md-stream/render/phrase/html Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ {
2+ "changes" : [
3+ {
4+ "packageName" : " @coze/chat-sdk"
5+ "comment" : " md xss 过滤白名单增加 video 和 audio"
6+ "type" : " patch"
7+ }
8+ ],
9+ "packageName" : " @coze/chat-sdk"
10+ "email" : " yangyu.1@bytedance.com"
11+ }
Original file line number Diff line number Diff line change @@ -14,7 +14,31 @@ export const Html: FC<{
1414 return (
1515 < >
1616 { enableHtmlTags ? (
17- < RichText nodes = { `${ xss ( node . value ) } } />
17+ < RichText
18+ nodes = { `${ xss ( node . value , {
19+ whiteList : {
20+ video : [
21+ 'width' ,
22+ 'height' ,
23+ 'controls' ,
24+ 'autoplay' ,
25+ 'loop' ,
26+ 'muted' ,
27+ 'poster' ,
28+ 'preload' ,
29+ ] ,
30+ audio : [
31+ 'controls' ,
32+ 'autoplay' ,
33+ 'loop' ,
34+ 'muted' ,
35+ 'poster' ,
36+ 'preload' ,
37+ ] ,
38+ source : [ 'src' , 'type' ] ,
39+ } ,
40+ } ) } `}
41+ />
1842 ) : (
1943 < Text node = { node as unknown as TextMdType } />
2044 ) }
Original file line number Diff line number Diff line change @@ -104,6 +104,9 @@ as s \`node\`
104104
105105<div>
106106 <strong>asdfasdf</strong>
107+ <audio controls>
108+ <source src="https://lf-bot-studio-plugin-resource.coze.cn/obj/bot-studio-platform-plugin-tos/sami_podcast/tts/6919958702e6450bbac82bd6dfb17b85.mp3">
109+ </audio>
107110 <video controls="" width="250">
108111 <source src="https://interactive-examples.mdn.mozilla.net/media/cc0-videos/flower.webm" type="video/webm">
109112 <source src="https://interactive-examples.mdn.mozilla.net/media/cc0-videos/flower.mp4" type="video/mp4">
You can’t perform that action at this time.
0 commit comments