aheh/mirotalk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[mirotalk] - fix: preserve SVG data URIs for chat avatars in appendMessage

Browse Source
This commit is contained in:
Miroslav Pejic
2026-04-28 14:34:21 +02:00
parent 409b246959
commit 943f2ddb5f
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/js/client.js
+9 -1
View File
@@ -10717,7 +10717,15 @@ function appendMessage(from, img, side, msg, privateMsg, msgId = null, to = '')
const getFrom = filterXSS(from);
const getTo = filterXSS(to);
const getSide = filterXSS(side);
const getImg = getFrom === CHAT_GPT_NAME && getSide === 'left' ? images.chatgpt : filterXSS(img);
// img is always internally computed (isValidAvatarURL / genAvatarSvg / genGravatar) and is
// set via setAttribute — no XSS risk. filterXSS must NOT be applied here because it encodes
// '<', '>' and '&' which breaks SVG data URIs produced by genAvatarSvg.
const getImg =
getFrom === CHAT_GPT_NAME && getSide === 'left'
? images.chatgpt
: isValidAvatarURL(img) || (typeof img === 'string' && img.startsWith('data:image/'))
? img
: '';
const getMsg = filterXSS(msg);
const getPrivateMsg = filterXSS(privateMsg);
const normalizedMsgId = normalizeChatMessageId(msgId);