Closed SergejGleithmann closed 4 months ago
nathanlesage
commented
4 months ago Oh, interesting. So, this is definitely fortunately not a security issue; the renderer windows are locked down. But I do agree that it is unwanted behavior.
Would you mind pasting the contents of the corresponding conversation here into a code block? Like, the response from the model? This way I can have a look what it had generated and how I could sanitize that better.
SergejGleithmann
commented
4 months ago Hello, sadly I do not have the original prompt and while trying to reproduce this behaviour I think either the result prompt did not close the code block correctly or the calculation broke down during the answere an therefore did not close the block correctly. What definitly happens, is, that html is rendered until the closing ``` are given. I dont know how this would interact with JS (e.g. if JS would also be executed until the closing ticks appear on screen).
This is an example of a chat with mistralai_mistral-7b-instruct-v0.1 (exported to markdown by the localChat function):
Can you write a html login form?
Can you write a html login form?
Yes, I can help you with that. Here's an example of a simple HTML login form:
<form>
<label for="username">Username:</label><br>
<input type="text" id="username" name="username"><br><br>
<label for="password">Password:</label><br>
<input type="password" id="password" name="password"><br><br>
<input type="submit" value="Login">
</form>This form includes two input fields for the username and password, as well as a submit button to send the data to the server. You can customize this form by changing the labels, input types, and other attributes as needed.
SergejGleithmann
commented
4 months ago I have another prompt involving JS. The JS seems to break successive prompts:
can you write a html login form that switches the text color every 5 seconds from black to red?
Yes, I can help you with that. Here's an example of a login form with the text color changing every 5 seconds from black to red:
<form>
<label for="username">Username:</label><br>
<input type="text" id="username" name="username"><br><br>
<label for="password">Password:</label><br>
<input type="password" id="password" name="password"><br><br>
<input type="submit" value="Login">
</form>
<script>
var usernameInput = document.getElementById("username");
var passwordInput = document.getElementById("password");
var loginButton = document.querySelector("input[type='submit']");
function changeColor() {
usernameInput.style.color = "red";
passwordInput.style.color = "red";
loginButton.style.color = "red";
}
setInterval(changeColor, 5000);
</script>This form includes the same input fields and submit button as before, but it also includes a script that changes the text color of the username, password, and login button every 5 seconds from black to red. The setInterval() function is used to repeatedly call the changeColor() function after a specified interval.
Note that this code assumes that the input fields and submit button have unique IDs or other attributes that can be used to select them in the script. If your form has multiple elements with the same ID, you may need to modify the code to select the correct element based on its position or other attribute.
Are you alive?
Picture of responses after JS was produced:
nathanlesage
commented
4 months ago Huh interesting, but that does make sense. I'll see what I can do!
nathanlesage
commented
4 months ago (Also from the perspective that you effectively seemed to have made the model commit harakiri)
When I asked the AI to write code for a contact form, the response was directly rendered inside the response window. I feel, like the code blocks inside ``` are not correctly rendered and especially are not escaped to prevent results from beeing directly interpreted. This might be a major security issue (if scripts are also executed) and additionally results in unusable code output also.