juzser
commented
3 years ago @ntt0102 Hi there, thanks for your PR. But be careful with this one, because it may cause the XSS attack if you store the message. That's the reason I do not support rich text format.
There are 2 solutions for this, you should re-verify:
- We need a service to trim script tags for the messages before send to requests.
- Only allow formatting message from BOT side, not user side.
I'm happy to merge this PR if you have solution for this :) Thank you.
.qkb-msg-bubble-componenttext {{ mainData.text }} -> .qkb-msg-bubble-componenttext(v-html="mainData.text")