Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

exui doesn't escape HTML tags in user input. #32

Open
andrewgross opened this issue Jan 24, 2024 · 3 comments
Open

exui doesn't escape HTML tags in user input. #32

andrewgross opened this issue Jan 24, 2024 · 3 comments

Comments

@andrewgross
Copy link

It properly escapes output from the LLM, and the LLM does receive the tokens properly as best I can tell. However, when the UI renders the user input, HTML tags are not escaped and can lead to potential weirdness.

Examples:

Inputting <html>:
image

Inputting <em>have</em>:
image

I can see why it might be nice to have user input text render as html, but might lead to strange or unexpected behavior.
@turboderp
Copy link
Member

The text is actually rendered as markdown using marked.js. It would be kind of involved to try to decide which HTML tags to escape, especially since some language models may use HTML in their outputs. marked.js correctly handles literal text inside backticks, like `<html>`. So I'm a little unsure how much complexity this calls for?

@turboderp
Copy link
Member

Okay, so I think it should be addressed with the latest commit. User input will now be rendered without HTML formatting while the bot can still output formatted responses.

@andrewgross
Copy link
Author

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrewgross @turboderp