[PR #574] [MERGED] Patch minor XSS opportunity where user can self-XSS themselves. #3401

Closed
opened 2026-02-22 18:33:42 -05:00 by yindo · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/Mintplex-Labs/anything-llm/pull/574
Author: @timothycarambat
Created: 1/11/2024
Status: Merged
Merged: 1/11/2024
Merged by: @timothycarambat

Base: masterHead: security/sanitize-llm-output


📝 Commits (1)

  • 27e2c9d Patch minor XSS opportunity where user can self-XSS themselvess. There is not real vuln here as any instance is not public facing

📊 Changes

3 files changed (+11 additions, -1 deletions)

View changed files

📝 frontend/package.json (+1 -0)
📝 frontend/src/components/WorkspaceChat/ChatContainer/ChatHistory/HistoricalMessage/index.jsx (+5 -1)
📝 frontend/yarn.lock (+5 -0)

📄 Description

There is no real vuln here as any instance is not public-facing and anon users cannot send a chat to an instance. So the only real issue here is a user self-owning their own instance.

Pull Request Type

  • feat
  • 🐛 fix
  • ♻️ refactor
  • 💄 style
  • 🔨 chore
  • 📝 docs

Developer Validations

  • I ran yarn lint from the root of the repo & committed changes
  • Relevant documentation has been updated
  • I have tested my code functionality
  • Docker build succeeds locally

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/Mintplex-Labs/anything-llm/pull/574 **Author:** [@timothycarambat](https://github.com/timothycarambat) **Created:** 1/11/2024 **Status:** ✅ Merged **Merged:** 1/11/2024 **Merged by:** [@timothycarambat](https://github.com/timothycarambat) **Base:** `master` ← **Head:** `security/sanitize-llm-output` --- ### 📝 Commits (1) - [`27e2c9d`](https://github.com/Mintplex-Labs/anything-llm/commit/27e2c9d61dd91f8b90a2f4bee9af58386dbccde7) Patch minor XSS opportunity where user can self-XSS themselvess. There is not real vuln here as any instance is not public facing ### 📊 Changes **3 files changed** (+11 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `frontend/package.json` (+1 -0) 📝 `frontend/src/components/WorkspaceChat/ChatContainer/ChatHistory/HistoricalMessage/index.jsx` (+5 -1) 📝 `frontend/yarn.lock` (+5 -0) </details> ### 📄 Description There is no real vuln here as any instance is not public-facing and anon users cannot send a chat to an instance. So the only real issue here is a user self-owning their own instance. ### Pull Request Type <!-- For change type, change [ ] to [x]. --> - [ ] ✨ feat - [x] 🐛 fix - [ ] ♻️ refactor - [ ] 💄 style - [ ] 🔨 chore - [ ] 📝 docs ### Developer Validations <!-- All of the applicable items should be checked. --> - [x] I ran `yarn lint` from the root of the repo & committed changes - [x] Relevant documentation has been updated - [x] I have tested my code functionality - [x] Docker build succeeds locally --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
yindo added the pull-request label 2026-02-22 18:33:42 -05:00
yindo closed this issue 2026-02-22 18:33:42 -05:00
yindo changed title from [PR #574] Patch minor XSS opportunity where user can self-XSS themselves. to [PR #574] [MERGED] Patch minor XSS opportunity where user can self-XSS themselves. 2026-06-05 15:13:14 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Mintplex-Labs/anything-llm#3401