html links in keymap description can lead Agent astray

Question

html links in keymap description can lead Agent astray

Closed this issue 2 months ago · 6 comments

mhantsch commented 3 months ago

Add some funky html in the keymap description:

See that it looks awesome:

Click on the github link, and watch Agent turn into a new web page:

No way to get back to Agent 😏 You have to close the window and restart Agent.

You could filter out all html content, but it's kind of nice that I can do tables and bold emphasis etc...

Answer 1 · 2024-08-12T09:17:56.000Z

And yes, of course I can add target="_blank" to the link and it will open in a new window and leave Agent intact.

Answer 2 · 2024-08-12T10:12:02.000Z

Thanks for the report! From a security standpoint, I think Agent should escape all HTML.

Answer 3 · 2024-08-12T11:13:24.000Z

From a security standpoint, I think Agent should escape all HTML.

There goes my table... 😔😉

Unfortunately, I agree to the security reasoning.

Answer 4 · 2024-10-07T18:14:29.000Z

The #2352 PR sanitize the full HTML content but I maybe would better UX to define which HTML elements are allowed and open URLs in the external browser. But do it in other issue if there is user need.

Answer 5 · 2024-10-07T19:01:29.000Z

Let's allow the use of newlines instead of converting them to <br>

Answer 6 · 2024-10-08T09:36:13.000Z

snif

Can confirm this is now working as intended. Table, emphasis and links are now gone.