Spaces:
Sleeping
Sleeping
Update app.py
Browse files
app.py
CHANGED
@@ -115,42 +115,63 @@ def render_message(history):
|
|
115 |
|
116 |
for user_message, assistant_message, user_profile, assistant_profile, user_pic, assistant_pic in history:
|
117 |
if user_message:
|
118 |
-
user_message_html = markdown.markdown(
|
|
|
|
|
|
|
119 |
messages_html += f"""
|
120 |
<div style='display: flex; align-items: center; margin-bottom: 10px;'>
|
121 |
<img src='{user_pic}' style='width: 40px; height: 40px; border-radius: 50%; margin-right: 10px;'>
|
122 |
-
<span
|
123 |
</div><br>"""
|
124 |
|
125 |
if assistant_message:
|
126 |
-
assistant_message_html = markdown.markdown(
|
|
|
|
|
|
|
127 |
messages_html += f"""
|
128 |
<div style='display: flex; align-items: center; margin-bottom: 10px;'>
|
129 |
<img src='{assistant_pic}' style='width: 40px; height: 40px; border-radius: 50%; margin-right: 10px;'>
|
130 |
-
<span
|
131 |
</div><br>"""
|
132 |
|
133 |
messages_html += """
|
134 |
</div></div>
|
135 |
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.3/purify.min.js"></script>
|
136 |
-
<script src="https://
|
|
|
137 |
<script>
|
138 |
function escapeHtml(unsafe) {
|
139 |
-
|
140 |
-
|
141 |
-
|
142 |
-
|
143 |
-
|
144 |
-
|
145 |
}
|
146 |
-
|
147 |
-
document.
|
148 |
-
|
|
|
|
|
|
|
|
|
149 |
</script>
|
150 |
-
|
151 |
return messages_html
|
152 |
|
153 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
154 |
js = """
|
155 |
function HTMLClean() {
|
156 |
alert("This page is in-dev stage, expect lots of restarts, the interface is open-sourced (not the backend that is responsible for API Keys)")
|
@@ -174,37 +195,6 @@ with gr.Blocks(css=css, js=js) as demo:
|
|
174 |
|
175 |
with gr.Column(visible=False) as chat_view:
|
176 |
gr.Markdown("## P-MSQ Chat Interface")
|
177 |
-
gr.Markdown(label="answer",
|
178 |
-
latex_delimiters=[{
|
179 |
-
"left": "\\(",
|
180 |
-
"right": "\\)",
|
181 |
-
"display": True
|
182 |
-
}, {
|
183 |
-
"left": "\\begin\{equation\}",
|
184 |
-
"right": "\\end\{equation\}",
|
185 |
-
"display": True
|
186 |
-
}, {
|
187 |
-
"left": "\\begin\{align\}",
|
188 |
-
"right": "\\end\{align\}",
|
189 |
-
"display": True
|
190 |
-
}, {
|
191 |
-
"left": "\\begin\{alignat\}",
|
192 |
-
"right": "\\end\{alignat\}",
|
193 |
-
"display": True
|
194 |
-
}, {
|
195 |
-
"left": "\\begin\{gather\}",
|
196 |
-
"right": "\\end\{gather\}",
|
197 |
-
"display": True
|
198 |
-
}, {
|
199 |
-
"left": "\\begin\{CD\}",
|
200 |
-
"right": "\\end\{CD\}",
|
201 |
-
"display": True
|
202 |
-
}, {
|
203 |
-
"left": "\\[",
|
204 |
-
"right": "\\]",
|
205 |
-
"display": True
|
206 |
-
}],
|
207 |
-
elem_id="chatbox-container")
|
208 |
chatbot_output = gr.HTML(elem_id="chatbox-container")
|
209 |
|
210 |
msg_input = gr.Text(
|
|
|
115 |
|
116 |
for user_message, assistant_message, user_profile, assistant_profile, user_pic, assistant_pic in history:
|
117 |
if user_message:
|
118 |
+
user_message_html = markdown.markdown(
|
119 |
+
escape_html(user_message),
|
120 |
+
extensions=["fenced_code", "codehilite", "md_in_html"]
|
121 |
+
)
|
122 |
messages_html += f"""
|
123 |
<div style='display: flex; align-items: center; margin-bottom: 10px;'>
|
124 |
<img src='{user_pic}' style='width: 40px; height: 40px; border-radius: 50%; margin-right: 10px;'>
|
125 |
+
<span style='color: white;'>{user_message_html}</span>
|
126 |
</div><br>"""
|
127 |
|
128 |
if assistant_message:
|
129 |
+
assistant_message_html = markdown.markdown(
|
130 |
+
escape_html(assistant_message),
|
131 |
+
extensions=["fenced_code", "codehilite", "md_in_html"]
|
132 |
+
)
|
133 |
messages_html += f"""
|
134 |
<div style='display: flex; align-items: center; margin-bottom: 10px;'>
|
135 |
<img src='{assistant_pic}' style='width: 40px; height: 40px; border-radius: 50%; margin-right: 10px;'>
|
136 |
+
<span style='color: white;'>{assistant_message_html}</span>
|
137 |
</div><br>"""
|
138 |
|
139 |
messages_html += """
|
140 |
</div></div>
|
141 |
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.3/purify.min.js"></script>
|
142 |
+
<script src="https://polyfill.io/v3/polyfill.min.js?features=es6"></script>
|
143 |
+
<script src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js"></script>
|
144 |
<script>
|
145 |
function escapeHtml(unsafe) {
|
146 |
+
return unsafe
|
147 |
+
.replace(/&/g, "&")
|
148 |
+
.replace(/</g, "<")
|
149 |
+
.replace(/>/g, ">")
|
150 |
+
.replace(/"/g, """)
|
151 |
+
.replace(/'/g, "'");
|
152 |
}
|
153 |
+
// Sanitize messages using DOMPurify
|
154 |
+
let messages = document.querySelectorAll('#messages span');
|
155 |
+
messages.forEach((message) => {
|
156 |
+
message.innerHTML = DOMPurify.sanitize(message.innerHTML); // Sanitize content
|
157 |
+
});
|
158 |
+
// Render math using MathJax
|
159 |
+
MathJax.typeset();
|
160 |
</script>
|
161 |
+
"""
|
162 |
return messages_html
|
163 |
|
164 |
|
165 |
+
def escape_html(unsafe_text):
|
166 |
+
"""Escape HTML special characters to prevent code injection."""
|
167 |
+
return (
|
168 |
+
unsafe_text.replace("&", "&")
|
169 |
+
.replace("<", "<")
|
170 |
+
.replace(">", ">")
|
171 |
+
.replace('"', """)
|
172 |
+
.replace("'", "'")
|
173 |
+
)
|
174 |
+
|
175 |
js = """
|
176 |
function HTMLClean() {
|
177 |
alert("This page is in-dev stage, expect lots of restarts, the interface is open-sourced (not the backend that is responsible for API Keys)")
|
|
|
195 |
|
196 |
with gr.Column(visible=False) as chat_view:
|
197 |
gr.Markdown("## P-MSQ Chat Interface")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
198 |
chatbot_output = gr.HTML(elem_id="chatbox-container")
|
199 |
|
200 |
msg_input = gr.Text(
|