admin/dify
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: frontend security risk (#2355)

Browse Source
This commit is contained in:
Joel
2024-02-02 15:24:17 +08:00
committed by GitHub
parent a8f23ed712
commit a667d04e53
32 changed files with 59 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
web/app/components/app/configuration/config-prompt/conversation-histroy/history-panel.tsx
View File

@@ -49,7 +49,7 @@ const HistoryPanel: FC<Props> = ({
<a href={`${language === LanguagesSupported[1]
? 'https://docs.dify.ai/v/zh-hans/guides/application-design/prompt-engineering'
: 'https://docs.dify.ai/features/prompt-engineering'}`}
target='_blank'
target='_blank' rel='noopener noreferrer'
className='text-[#155EEF]'>{t('appDebug.feature.conversationHistory.learnMore')}
</a>
</div>

4
web/app/components/app/configuration/dataset-config/settings-modal/index.tsx
View File

@@ -163,7 +163,7 @@ const SettingsModal: FC<SettingsModalProps> = ({
className='block px-3 py-2 w-full h-[88px] rounded-lg bg-gray-100 text-sm outline-none appearance-none resize-none'
placeholder={t('datasetSettings.form.descPlaceholder') || ''}
/>
<a className='mt-2 flex items-center h-[18px] px-3 text-xs text-gray-500' href="https://docs.dify.ai/features/datasets#how-to-write-a-good-dataset-description" target='_blank'>
<a className='mt-2 flex items-center h-[18px] px-3 text-xs text-gray-500' href="https://docs.dify.ai/features/datasets#how-to-write-a-good-dataset-description" target='_blank' rel='noopener noreferrer'>
<BookOpenIcon className='w-3 h-[18px] mr-1' />
{t('datasetSettings.form.descWrite')}
</a>
@@ -226,7 +226,7 @@ const SettingsModal: FC<SettingsModalProps> = ({
<div>
<div>{t('datasetSettings.form.retrievalSetting.title')}</div>
<div className='leading-[18px] text-xs font-normal text-gray-500'>
<a target='_blank' href='https://docs.dify.ai/features/retrieval-augment' className='text-[#155eef]'>{t('datasetSettings.form.retrievalSetting.learnMore')}</a>
<a target='_blank' rel='noopener noreferrer' href='https://docs.dify.ai/features/retrieval-augment' className='text-[#155eef]'>{t('datasetSettings.form.retrievalSetting.learnMore')}</a>
{t('datasetSettings.form.retrievalSetting.description')}
</div>
</div>

2
web/app/components/app/configuration/prompt-mode/advanced-mode-waring.tsx
View File

@@ -28,7 +28,7 @@ const AdvancedModeWarning: FC<Props> = ({
<a
className='font-medium text-[#155EEF]'
href={`https://docs.dify.ai/${language === LanguagesSupported[1] ? 'v/zh-hans/guides/application-design/prompt-engineering' : 'features/prompt-engineering'}`}
target='_blank'
target='_blank' rel='noopener noreferrer'
>
{t('appDebug.promptMode.advancedWarning.learnMore')}
</a>

4
web/app/components/app/configuration/toolbox/moderation/moderation-setting-modal.tsx
View File

@@ -237,7 +237,7 @@ const ModerationSettingModal: FC<ModerationSettingModalProps> = ({
return (
<Modal
isShow
onClose={() => {}}
onClose={() => { }}
className='!p-8 !pb-6 !mt-14 !max-w-none !w-[640px]'
>
<div className='mb-2 text-xl font-semibold text-[#1D2939]'>
@@ -311,7 +311,7 @@ const ModerationSettingModal: FC<ModerationSettingModalProps> = ({
<div className='text-sm font-medium text-gray-900'>{t('common.apiBasedExtension.selector.title')}</div>
<a
href={t('common.apiBasedExtension.linkUrl') || '/'}
target='_blank'
target='_blank' rel='noopener noreferrer'
className='group flex items-center text-xs text-gray-500 hover:text-primary-600'
>
<BookOpen01 className='mr-1 w-3 h-3 text-gray-500 group-hover:text-primary-600' />

2
web/app/components/app/configuration/tools/external-data-tool-modal.tsx
View File

@@ -245,7 +245,7 @@ const ExternalDataToolModal: FC<ExternalDataToolModalProps> = ({
{t('common.apiBasedExtension.selector.title')}
<a
href={t('common.apiBasedExtension.linkUrl') || '/'}
target='_blank'
target='_blank' rel='noopener noreferrer'
className='group flex items-center text-xs font-normal text-gray-500 hover:text-primary-600'
>
<BookOpen01 className='mr-1 w-3 h-3 text-gray-500 group-hover:text-primary-600' />

2
web/app/components/app/log/index.tsx
View File

@@ -43,7 +43,7 @@ const EmptyElement: FC<{ appUrl: string }> = ({ appUrl }) => {
<div className='mt-2 text-gray-500 text-sm font-normal'>
<Trans
i18nKey="appLog.table.empty.element.content"
components={{ shareLink: <Link href={`${pathSegments.join('/')}/overview`} className='text-primary-600' />, testLink: <Link href={appUrl} className='text-primary-600' target='_blank' /> }}
components={{ shareLink: <Link href={`${pathSegments.join('/')}/overview`} className='text-primary-600' />, testLink: <Link href={appUrl} className='text-primary-600' target='_blank' rel='noopener noreferrer' /> }}
/>
</div>
</div>

2
web/app/components/app/overview/apikey-info-panel/index.tsx
View File

@@ -55,7 +55,7 @@ const APIKeyInfoPanel: FC = () => {
<a
className='mt-2 flex items-center h-[26px] text-xs font-medium text-[#155EEF] p-1 space-x-1'
href='https://cloud.dify.ai/apps'
target='_blank'
target='_blank' rel='noopener noreferrer'
>
<div>{t('appOverview.apiKeyInfo.tryCloud')}</div>
<LinkExternal02 className='w-3 h-3' />

11
web/app/components/app/overview/customize/index.tsx
View File

@@ -63,7 +63,7 @@ const CustomizeModal: FC<IShareLinkProps> = ({
<div className='flex flex-col'>
<div className='text-gray-900'>{t(`${prefixCustomize}.way1.step1`)}</div>
<div className='text-gray-500 text-xs mt-1 mb-2'>{t(`${prefixCustomize}.way1.step1Tip`)}</div>
<a href={`https://github.com/langgenius/${isChatApp ? 'webapp-conversation' : 'webapp-text-generator'}`} target='_blank'>
<a href={`https://github.com/langgenius/${isChatApp ? 'webapp-conversation' : 'webapp-text-generator'}`} target='_blank' rel='noopener noreferrer'>
<Button className='text-gray-800 text-sm w-fit'><GithubIcon className='text-gray-800 mr-2' />{t(`${prefixCustomize}.way1.step1Operation`)}</Button>
</a>
</div>
@@ -73,7 +73,7 @@ const CustomizeModal: FC<IShareLinkProps> = ({
<div className='flex flex-col'>
<div className='text-gray-900'>{t(`${prefixCustomize}.way1.step3`)}</div>
<div className='text-gray-500 text-xs mt-1 mb-2'>{t(`${prefixCustomize}.way1.step2Tip`)}</div>
<a href="https://vercel.com/docs/concepts/deployments/git/vercel-for-github" target='_blank'>
<a href="https://vercel.com/docs/concepts/deployments/git/vercel-for-github" target='_blank' rel='noopener noreferrer'>
<Button className='text-gray-800 text-sm w-fit'>
<div className='mr-1.5 border-solid border-t-0 border-r-[7px] border-l-[7px] border-b-[12px] border-r-transparent border-b-black border-l-transparent border-t-transparent'></div>
<span>{t(`${prefixCustomize}.way1.step2Operation`)}</span>
@@ -102,10 +102,9 @@ const CustomizeModal: FC<IShareLinkProps> = ({
className='w-36 mt-2'
onClick={() =>
window.open(
`https://docs.dify.ai/${
language !== LanguagesSupportedUnderscore[1]
? 'user-guide/launching-dify-apps/developing-with-apis'
: `v/${locale.toLowerCase()}/guides/application-publishing/developing-with-apis`
`https://docs.dify.ai/${language !== LanguagesSupportedUnderscore[1]
? 'user-guide/launching-dify-apps/developing-with-apis'
: `v/${locale.toLowerCase()}/guides/application-publishing/developing-with-apis`
}`,
'_blank',
)

2
web/app/components/app/overview/settings/index.tsx
View File

@@ -147,7 +147,7 @@ const SettingsModal: FC<ISettingsModalProps> = ({
<p className={`mt-1 ${s.settingsTip} text-gray-500`}>
<Trans
i18nKey={`${prefixSettings}.more.privacyPolicyTip`}
components={{ privacyPolicyLink: <Link href={'https://docs.dify.ai/user-agreement/privacy-policy'} target='_blank' className='text-primary-600' /> }}
components={{ privacyPolicyLink: <Link href={'https://docs.dify.ai/user-agreement/privacy-policy'} target='_blank' rel='noopener noreferrer' className='text-primary-600' /> }}
/>
</p>
<input className={`w-full mt-2 rounded-lg h-10 box-border px-3 ${s.projectName} bg-gray-100`}