mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 14:39:31 -05:00
[PR #24387] [CLOSED] fix: prevent stored XSS via tool_calls details in channel messages #131300
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/24387
Author: @Classic298
Created: 5/5/2026
Status: ❌ Closed
Base:
dev← Head:fix/stored-xss-channel-messages📝 Commits (1)
3659ff9fix: prevent stored XSS via tool_calls details in channel messages📊 Changes
5 files changed (+40 additions, -1 deletions)
View changed files
📝
backend/open_webui/routers/channels.py(+25 -0)📝
src/lib/components/channel/Messages/Message.svelte(+2 -0)📝
src/lib/components/chat/Messages/Markdown.svelte(+3 -0)📝
src/lib/components/chat/Messages/Markdown/ConsecutiveDetailsGroup.svelte(+7 -1)📝
src/lib/components/chat/Messages/Markdown/MarkdownTokens.svelte(+3 -0)📄 Description
Channel messages are user-authored and must never reach the allow-scripts iframe path used for assistant tool-call rendering.
Frontend: thread an untrustedSource flag from channel Message.svelte through Markdown -> MarkdownTokens -> ConsecutiveDetailsGroup. When true, allEmbeds is forced to an empty array, skipping iframe rendering entirely. Assistant chat messages are unaffected (default is false).
Backend (defense-in-depth): strip
Contributor License Agreement
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.