POLRAMBORA commited on
Commit
02267aa
·
verified ·
1 Parent(s): e35061d

Update app.py

Browse files
Files changed (1) hide show
  1. app.py +36 -46
app.py CHANGED
@@ -115,42 +115,63 @@ def render_message(history):
115
 
116
  for user_message, assistant_message, user_profile, assistant_profile, user_pic, assistant_pic in history:
117
  if user_message:
118
- user_message_html = markdown.markdown(user_message)
 
 
 
119
  messages_html += f"""
120
  <div style='display: flex; align-items: center; margin-bottom: 10px;'>
121
  <img src='{user_pic}' style='width: 40px; height: 40px; border-radius: 50%; margin-right: 10px;'>
122
- <span id="message-content" style='color: white;'>{user_message_html}</span>
123
  </div><br>"""
124
 
125
  if assistant_message:
126
- assistant_message_html = markdown.markdown(assistant_message)
 
 
 
127
  messages_html += f"""
128
  <div style='display: flex; align-items: center; margin-bottom: 10px;'>
129
  <img src='{assistant_pic}' style='width: 40px; height: 40px; border-radius: 50%; margin-right: 10px;'>
130
- <span id="message-content" style='color: white;'>{assistant_message_html}</span>
131
  </div><br>"""
132
 
133
  messages_html += """
134
  </div></div>
135
  <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.3/purify.min.js"></script>
136
- <script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/3.2.2/es5/tex-mml-chtml.js"></script>
 
137
  <script>
138
  function escapeHtml(unsafe) {
139
- return unsafe
140
- .replace(/&/g, "&amp;")
141
- .replace(/</g, "&lt;")
142
- .replace(/>/g, "&gt;")
143
- .replace(/"/g, "&quot;")
144
- .replace(/'/g, "&#039;");
145
  }
146
- let message = document.getElementById('message-content').innerHTML;
147
- document.getElementById('message-content').innerHTML = escapeHtml(message);
148
- MathJax.typeset(); // Process math expressions
 
 
 
 
149
  </script>
150
- """
151
  return messages_html
152
 
153
 
 
 
 
 
 
 
 
 
 
 
154
  js = """
155
  function HTMLClean() {
156
  alert("This page is in-dev stage, expect lots of restarts, the interface is open-sourced (not the backend that is responsible for API Keys)")
@@ -174,37 +195,6 @@ with gr.Blocks(css=css, js=js) as demo:
174
 
175
  with gr.Column(visible=False) as chat_view:
176
  gr.Markdown("## P-MSQ Chat Interface")
177
- gr.Markdown(label="answer",
178
- latex_delimiters=[{
179
- "left": "\\(",
180
- "right": "\\)",
181
- "display": True
182
- }, {
183
- "left": "\\begin\{equation\}",
184
- "right": "\\end\{equation\}",
185
- "display": True
186
- }, {
187
- "left": "\\begin\{align\}",
188
- "right": "\\end\{align\}",
189
- "display": True
190
- }, {
191
- "left": "\\begin\{alignat\}",
192
- "right": "\\end\{alignat\}",
193
- "display": True
194
- }, {
195
- "left": "\\begin\{gather\}",
196
- "right": "\\end\{gather\}",
197
- "display": True
198
- }, {
199
- "left": "\\begin\{CD\}",
200
- "right": "\\end\{CD\}",
201
- "display": True
202
- }, {
203
- "left": "\\[",
204
- "right": "\\]",
205
- "display": True
206
- }],
207
- elem_id="chatbox-container")
208
  chatbot_output = gr.HTML(elem_id="chatbox-container")
209
 
210
  msg_input = gr.Text(
 
115
 
116
  for user_message, assistant_message, user_profile, assistant_profile, user_pic, assistant_pic in history:
117
  if user_message:
118
+ user_message_html = markdown.markdown(
119
+ escape_html(user_message),
120
+ extensions=["fenced_code", "codehilite", "md_in_html"]
121
+ )
122
  messages_html += f"""
123
  <div style='display: flex; align-items: center; margin-bottom: 10px;'>
124
  <img src='{user_pic}' style='width: 40px; height: 40px; border-radius: 50%; margin-right: 10px;'>
125
+ <span style='color: white;'>{user_message_html}</span>
126
  </div><br>"""
127
 
128
  if assistant_message:
129
+ assistant_message_html = markdown.markdown(
130
+ escape_html(assistant_message),
131
+ extensions=["fenced_code", "codehilite", "md_in_html"]
132
+ )
133
  messages_html += f"""
134
  <div style='display: flex; align-items: center; margin-bottom: 10px;'>
135
  <img src='{assistant_pic}' style='width: 40px; height: 40px; border-radius: 50%; margin-right: 10px;'>
136
+ <span style='color: white;'>{assistant_message_html}</span>
137
  </div><br>"""
138
 
139
  messages_html += """
140
  </div></div>
141
  <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.3/purify.min.js"></script>
142
+ <script src="https://polyfill.io/v3/polyfill.min.js?features=es6"></script>
143
+ <script src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js"></script>
144
  <script>
145
  function escapeHtml(unsafe) {
146
+ return unsafe
147
+ .replace(/&/g, "&amp;")
148
+ .replace(/</g, "&lt;")
149
+ .replace(/>/g, "&gt;")
150
+ .replace(/"/g, "&quot;")
151
+ .replace(/'/g, "&#039;");
152
  }
153
+ // Sanitize messages using DOMPurify
154
+ let messages = document.querySelectorAll('#messages span');
155
+ messages.forEach((message) => {
156
+ message.innerHTML = DOMPurify.sanitize(message.innerHTML); // Sanitize content
157
+ });
158
+ // Render math using MathJax
159
+ MathJax.typeset();
160
  </script>
161
+ """
162
  return messages_html
163
 
164
 
165
+ def escape_html(unsafe_text):
166
+ """Escape HTML special characters to prevent code injection."""
167
+ return (
168
+ unsafe_text.replace("&", "&amp;")
169
+ .replace("<", "&lt;")
170
+ .replace(">", "&gt;")
171
+ .replace('"', "&quot;")
172
+ .replace("'", "&#039;")
173
+ )
174
+
175
  js = """
176
  function HTMLClean() {
177
  alert("This page is in-dev stage, expect lots of restarts, the interface is open-sourced (not the backend that is responsible for API Keys)")
 
195
 
196
  with gr.Column(visible=False) as chat_view:
197
  gr.Markdown("## P-MSQ Chat Interface")
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
198
  chatbot_output = gr.HTML(elem_id="chatbox-container")
199
 
200
  msg_input = gr.Text(