feat: Stricter AI Message Rendering to Prevent XSS

[danny-avila]

Summary

In the context of a chat application, we encounter diverse user inputs which makes it challenging to sanitize strings without distorting the code syntax or punctuation. In a react-based application, HTML is not rendered unless explicitly permitted. In LibreChat and in suspected cases of ChatGPT, markdown rendering is permitted in AI-generated messages.

Both these platforms only render markdown in AI messages, limiting the threat of harmful visual content generation to such messages. This might be the rationale for OpenAI not allowing for AI messages to be edited on their platform.

There are two specific instances where HTML rendering is conducted which are now secure and immune to hacky workarounds. Earlier, it was possible to bypass the security in a convoluted manner, but now, any attempts to edit a message will automatically disqualify it from the now more-narrowly-defined HTML rendering scenarios.

Change Type

• New feature (non-breaking change which adds functionality)
• Enhancements to security measures

Testing

Tested against specific scenarios coded for as well as with various XSS scripts.

Checklist

• My code adheres to this project's style guidelines
• I have performed a self-review of my own code
• I have commented in my code where necessary, especially in hard-to-understand areas
• Any necessary documentation changes have been carried out
• My changes do not introduce new warnings
• I have written tests that validate my changes or demonstrate that my feature works
• My local unit tests pass with my changes
• Any dependant changes have been merged and published in future modules.