Skip to content

[chat] Sanitize message part URLs before using them as link href#22814

Open
Anexus5919 wants to merge 3 commits into
mui:masterfrom
Anexus5919:fix/chat-sanitize-part-urls
Open

[chat] Sanitize message part URLs before using them as link href#22814
Anexus5919 wants to merge 3 commits into
mui:masterfrom
Anexus5919:fix/chat-sanitize-part-urls

Conversation

@Anexus5919

@Anexus5919 Anexus5919 commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Changelog

The default chat message part renderers in @mui/x-chat-headless placed the untrusted part.url directly into anchor href attributes. Message parts come from assistant/model output, tool results, or RAG source data, so a javascript: URL flowed unmodified into the link. React 17 and 18 (both in the package's supported peer range) render javascript: URLs as written, so the link executes on click. React 19 neutralizes that vector, but no React version blocks data: URLs at render time.

This wraps every untrusted URL with the existing safeUri() helper before assigning it to href, in the default file and source-url renderers and in the SourceUrlPart and FilePart primitives. safeUri whitelists http, https, mailto and tel, and returns an empty string otherwise. Image src is left unchanged so legitimate data:image and blob: previews keep working, and because a javascript: value in <img src> does not execute.

Adds tests covering the four href sinks plus a regression test that a data: image source is preserved.

Closes #22726

@chatgpt-codex-connector

chatgpt-codex-connector Bot commented Jun 15, 2026

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

@code-infra-dashboard

code-infra-dashboard Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown

Deploy preview

https://deploy-preview-22814--material-ui-x.netlify.app/

Bundle size

Bundle Parsed size Gzip size
@mui/x-data-grid 0B(0.00%) 0B(0.00%)
@mui/x-data-grid-pro 0B(0.00%) 0B(0.00%)
@mui/x-data-grid-premium 0B(0.00%) 0B(0.00%)
@mui/x-charts 0B(0.00%) 0B(0.00%)
@mui/x-charts-pro 0B(0.00%) 0B(0.00%)
@mui/x-charts-premium 0B(0.00%) 0B(0.00%)
@mui/x-date-pickers 0B(0.00%) 0B(0.00%)
@mui/x-date-pickers-pro 0B(0.00%) 0B(0.00%)
@mui/x-tree-view 0B(0.00%) 0B(0.00%)
@mui/x-tree-view-pro 0B(0.00%) 0B(0.00%)
@mui/x-license 0B(0.00%) 0B(0.00%)

Details of bundle changes

Check out the code infra dashboard for more information about this PR.

@Anexus5919

Anexus5919 commented Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

@rita-codes @michelengelen Kindly have a review on this pr. Thanks!

@Anexus5919 Anexus5919 force-pushed the fix/chat-sanitize-part-urls branch from c29bbb9 to 271c14c Compare June 15, 2026 14:42
@zannager zannager added the scope: chat Changes related to the AI chat. label Jun 16, 2026
@zannager zannager requested a review from hasdfa June 16, 2026 10:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hasdfa hasdfa Awaiting requested review from hasdfa

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

scope: chat Changes related to the AI chat.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[chat] Message part URLs used as link href without sanitization (javascript: XSS on React 17/18)

3 participants

@Anexus5919 @zannager @hasdfa