-
Notifications
You must be signed in to change notification settings - Fork 691
Expand file tree
/
Copy pathnlweb.js
More file actions
54 lines (47 loc) · 1.82 KB
/
nlweb.js
File metadata and controls
54 lines (47 loc) · 1.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
/**
* Main entry file for the streaming chat application
* Imports and initializes all components
*/
// Import modules
import { applyStyles } from './styles.js';
import { ManagedEventSource } from './managed-event-source.js';
import { ChatInterface } from './chat-interface.js';
import { escapeHtml } from './utils.js';
// Initialize styles
applyStyles();
// Make ChatInterface available globally
window.ChatInterface = ChatInterface;
window.ManagedEventSource = ManagedEventSource;
window.escapeHtml = escapeHtml; // Make the escapeHtml function available globally
// Initialize the chat interface when DOM is loaded
document.addEventListener('DOMContentLoaded', () => {
// You can add initialization code here if needed
// Add basic XSS protection for the entire document
// This helps mitigate XSS in areas we might have missed
document.addEventListener('DOMNodeInserted', (event) => {
// Skip non-element nodes and pre/code blocks (which might contain HTML syntax)
if (event.target.nodeType !== Node.ELEMENT_NODE ||
event.target.tagName === 'PRE' ||
event.target.tagName === 'CODE' ||
event.target.classList.contains('json-ld')) {
return;
}
// Check for potential script injections
const scripts = event.target.querySelectorAll('script');
scripts.forEach(script => script.remove());
// Remove potentially dangerous attributes
const allElements = event.target.querySelectorAll('*');
allElements.forEach(el => {
if (el.hasAttribute('onerror') ||
el.hasAttribute('onload') ||
el.hasAttribute('onclick') ||
el.hasAttribute('onmouseover')) {
Array.from(el.attributes).forEach(attr => {
if (attr.name.startsWith('on')) {
el.removeAttribute(attr.name);
}
});
}
});
});
});