github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 03:18:23 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #9807] HTML tags (e.g., <div>) not rendering correctly in Open WebUI #54320

New Issue
Closed
opened 2026-05-05 16:07:00 -05:00 by GiteaMirror · 1 comment
GiteaMirror commented 2026-05-05 16:07:00 -05:00
Owner
Copy Link

Originally created by @liuboyangaa on GitHub (Feb 11, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/9807

Bug Report

Description: Hello, I'm encountering an issue where HTML tags (such as

, , etc.) within the data sent to Open WebUI are not being rendered correctly on the front-end. Instead of being interpreted as HTML, they are displayed as plain text.

I am using Open WebUI to output dynamic HTML content, but it seems that HTML tags are not being processed as expected. For example, when using yield to send HTML with a

tag, it appears as raw text rather than being rendered as a block element.

Steps to Reproduce:
Use the Open WebUI backend to generate and send dynamic HTML content via yield.
Include HTML tags like

, , etc. inside the content.
Observe the response on the front-end, where these tags appear as raw text (e.g.,
some text
), instead of being rendered as HTML.

Code:
async def pipe(self):
# Example of sending HTML content
yield f"""


Click for searching result

{self.search_result}


"""

Expected Behavior:
HTML tags should be rendered correctly on the front-end, and any valid HTML content should be displayed as intended. For example:

should create a block element on the page. Any HTML inside self.search_result should be rendered as HTML. Actual Behavior: HTML tags like
, , and others are not rendered as HTML. Instead, they appear as raw text in the browser. For example:
appears as:
some text
The browser displays it as plain text, not as a block element. Additional Information: I have tried using the Markup class to ensure the HTML content is treated as safe HTML, but the tags still do not render as expected. I've checked the browser console and network logs, and there are no errors being thrown. Environment: Open WebUI Version: 0.5.10 Browser: Chrome, Edge Operating System: Windows 11
Originally created by @liuboyangaa on GitHub (Feb 11, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/9807 # Bug Report Description: Hello, I'm encountering an issue where HTML tags (such as <div>, <b>, etc.) within the data sent to Open WebUI are not being rendered correctly on the front-end. Instead of being interpreted as HTML, they are displayed as plain text. I am using Open WebUI to output dynamic HTML content, but it seems that HTML tags are not being processed as expected. For example, when using yield to send HTML with a <div> tag, it appears as raw text rather than being rendered as a block element. Steps to Reproduce: Use the Open WebUI backend to generate and send dynamic HTML content via yield. Include HTML tags like <div>, <b>, etc. inside the content. Observe the response on the front-end, where these tags appear as raw text (e.g., <div>some text</div>), instead of being rendered as HTML. Code: async def pipe(self): # Example of sending HTML content yield f""" <details style="font-size: 10px;"> <summary>Click for searching result</summary> <div> {self.search_result} <!-- Expected to render as HTML --> </div> </details> """ Expected Behavior: HTML tags should be rendered correctly on the front-end, and any valid HTML content should be displayed as intended. For example: <div> should create a block element on the page. Any HTML inside self.search_result should be rendered as HTML. Actual Behavior: HTML tags like <div>, <b>, and others are not rendered as HTML. Instead, they appear as raw text in the browser. For example: <div> appears as: <div>some text</div> The browser displays it as plain text, not as a block element. Additional Information: I have tried using the Markup class to ensure the HTML content is treated as safe HTML, but the tags still do not render as expected. I've checked the browser console and network logs, and there are no errors being thrown. Environment: Open WebUI Version: 0.5.10 Browser: Chrome, Edge Operating System: Windows 11
GiteaMirror commented 2026-05-05 16:07:02 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Feb 11, 2025):

Intended behaviour. Rendering html directly will enable XSS attack vector.

<!-- gh-comment-id:2652095268 --> @tjbck commented on GitHub (Feb 11, 2025): Intended behaviour. Rendering html directly will enable XSS attack vector.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#54320
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?