GHSA-299V-8PQ9-5GJQ New API has Potential XSS in its MarkdownRenderer component
Summary A potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Details Line 212-231 of MarkdownRenderer.jsx is unsafe, it use dangerouslySetInnerHTML to preview html the model generates. This can...