npm - @ant-design/agentic-ui - Versions diffs - 2.31.3 → 2.31.4 - Mend

@ant-design/agentic-ui 2.31.3 → 2.31.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/dist/Utils/rehypeSanitizeUserHtml.js ADDED Viewed

@@ -0,0 +1,182 @@
+function _array_like_to_array(arr, len) {
+    if (len == null || len > arr.length) len = arr.length;
+    for(var i = 0, arr2 = new Array(len); i < len; i++)arr2[i] = arr[i];
+    return arr2;
+}
+function _array_without_holes(arr) {
+    if (Array.isArray(arr)) return _array_like_to_array(arr);
+}
+function _iterable_to_array(iter) {
+    if (typeof Symbol !== "undefined" && iter[Symbol.iterator] != null || iter["@@iterator"] != null) return Array.from(iter);
+}
+function _non_iterable_spread() {
+    throw new TypeError("Invalid attempt to spread non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
+}
+function _to_consumable_array(arr) {
+    return _array_without_holes(arr) || _iterable_to_array(arr) || _unsupported_iterable_to_array(arr) || _non_iterable_spread();
+}
+function _unsupported_iterable_to_array(o, minLen) {
+    if (!o) return;
+    if (typeof o === "string") return _array_like_to_array(o, minLen);
+    var n = Object.prototype.toString.call(o).slice(8, -1);
+    if (n === "Object" && o.constructor) n = o.constructor.name;
+    if (n === "Map" || n === "Set") return Array.from(n);
+    if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _array_like_to_array(o, minLen);
+}
+/**
+ * rehype 插件：清理用户输入中的危险 HTML，防止页面布局错乱和 XSS 攻击。
+ *
+ * 在 rehypeRaw 之后使用，对 hast 树执行：
+ * 1. 移除 doctype 声明
+ * 2. 完全移除危险元素（script、style 等）及其子节点
+ * 3. 解包结构性元素（html、head、body 等），保留子节点
+ * 4. 保留 GFM 任务列表的 input[type=checkbox]，移除其他 input
+ * 5. 清理所有元素的危险属性（on* 事件、javascript: URL）
+ */ /** 应完全移除（含子节点）的危险 HTML 标签 */ var STRIP_ELEMENTS = new Set([
+    'script',
+    'noscript',
+    'style',
+    'meta',
+    'title',
+    'link',
+    'base',
+    'object',
+    'embed',
+    'applet',
+    'frame',
+    'frameset'
+]);
+/** 应解包（移除标签但保留子节点）的结构性/表单 HTML 标签 */ var UNWRAP_ELEMENTS = new Set([
+    'html',
+    'head',
+    'body',
+    'form',
+    'button',
+    'select',
+    'textarea',
+    'option',
+    'optgroup',
+    'fieldset',
+    'legend'
+]);
+var DANGEROUS_URL_SCHEMES = [
+    'javascript:',
+    'vbscript:'
+];
+var sanitizeElementProperties = function sanitizeElementProperties(properties) {
+    if (!properties) return;
+    var _iteratorNormalCompletion = true, _didIteratorError = false, _iteratorError = undefined;
+    try {
+        var _loop = function() {
+            var key = _step.value;
+            if (key.startsWith('on')) {
+                delete properties[key];
+                return "continue";
+            }
+            var value = properties[key];
+            if (typeof value === 'string') {
+                var lower = value.toLowerCase().trimStart();
+                if (DANGEROUS_URL_SCHEMES.some(function(s) {
+                    return lower.startsWith(s);
+                })) {
+                    delete properties[key];
+                }
+            }
+        };
+        for(var _iterator = Object.keys(properties)[Symbol.iterator](), _step; !(_iteratorNormalCompletion = (_step = _iterator.next()).done); _iteratorNormalCompletion = true)_loop();
+    } catch (err) {
+        _didIteratorError = true;
+        _iteratorError = err;
+    } finally{
+        try {
+            if (!_iteratorNormalCompletion && _iterator.return != null) {
+                _iterator.return();
+            }
+        } finally{
+            if (_didIteratorError) {
+                throw _iteratorError;
+            }
+        }
+    }
+};
+/** 判断 input 元素是否为 GFM 任务列表 checkbox，应予保留 */ var isTaskListCheckbox = function isTaskListCheckbox(node) {
+    var _node_properties;
+    return ((_node_properties = node.properties) === null || _node_properties === void 0 ? void 0 : _node_properties.type) === 'checkbox';
+};
+/**
+ * 递归清理 hast 节点。
+ * @returns null = 移除节点 | 数组 = 解包子节点 | 节点对象 = 保留
+ */ var sanitizeHastNode = function sanitizeHastNode1(node) {
+    if (node.type === 'doctype') return null;
+    if (node.type === 'element') {
+        if (STRIP_ELEMENTS.has(node.tagName)) return null;
+        // input: 保留 GFM 任务列表 checkbox，移除其他 input
+        if (node.tagName === 'input' && !isTaskListCheckbox(node)) {
+            return null;
+        }
+        sanitizeElementProperties(node.properties);
+        if (UNWRAP_ELEMENTS.has(node.tagName)) {
+            var kept = [];
+            var _iteratorNormalCompletion = true, _didIteratorError = false, _iteratorError = undefined;
+            try {
+                for(var _iterator = (node.children || [])[Symbol.iterator](), _step; !(_iteratorNormalCompletion = (_step = _iterator.next()).done); _iteratorNormalCompletion = true){
+                    var child = _step.value;
+                    var _kept;
+                    var result = sanitizeHastNode(child);
+                    if (result === null) continue;
+                    if (Array.isArray(result)) (_kept = kept).push.apply(_kept, _to_consumable_array(result));
+                    else kept.push(result);
+                }
+            } catch (err) {
+                _didIteratorError = true;
+                _iteratorError = err;
+            } finally{
+                try {
+                    if (!_iteratorNormalCompletion && _iterator.return != null) {
+                        _iterator.return();
+                    }
+                } finally{
+                    if (_didIteratorError) {
+                        throw _iteratorError;
+                    }
+                }
+            }
+            return kept.length > 0 ? kept : null;
+        }
+    }
+    if (node.children) {
+        var newChildren = [];
+        var _iteratorNormalCompletion1 = true, _didIteratorError1 = false, _iteratorError1 = undefined;
+        try {
+            for(var _iterator1 = node.children[Symbol.iterator](), _step1; !(_iteratorNormalCompletion1 = (_step1 = _iterator1.next()).done); _iteratorNormalCompletion1 = true){
+                var child1 = _step1.value;
+                var _newChildren;
+                var result1 = sanitizeHastNode(child1);
+                if (result1 === null) continue;
+                if (Array.isArray(result1)) (_newChildren = newChildren).push.apply(_newChildren, _to_consumable_array(result1));
+                else newChildren.push(result1);
+            }
+        } catch (err) {
+            _didIteratorError1 = true;
+            _iteratorError1 = err;
+        } finally{
+            try {
+                if (!_iteratorNormalCompletion1 && _iterator1.return != null) {
+                    _iterator1.return();
+                }
+            } finally{
+                if (_didIteratorError1) {
+                    throw _iteratorError1;
+                }
+            }
+        }
+        node.children = newChildren;
+    }
+    return node;
+};
+export var rehypeSanitizeUserHtml = function rehypeSanitizeUserHtml() {
+    return function(tree) {
+        sanitizeHastNode(tree);
+        return tree;
+    };
+};

package/dist/Workspace/RealtimeFollow/style.js CHANGED Viewed

@@ -75,12 +75,12 @@ var genStyle = function genStyle(token) {
         border: 'none',
         background: 'none',
         cursor: 'pointer',
-        color: '#767e8b',
+        color: 'var(--color-gray-text-secondary)',
         transition: 'all 0.2s cubic-bezier(0.645, 0.045, 0.355, 1)',
         borderRadius: 'var(--radius-control-base)',
         backdropFilter: 'blur(20px)',
         '&:hover': {
-            background: '#f0f0f0'
+            background: 'var(--color-gray-control-fill-active)'
         }
     }), // 返回图标
     _define_property(_obj3, "&-back-icon", {
@@ -111,17 +111,17 @@ var genStyle = function genStyle(token) {
     }, _define_property(_obj1, "&--html", {
         width: '40px',
         height: '40px',
-        color: '#00B5FD',
+        color: 'var(--color-blue-text-default)',
         background: 'linear-gradient(180deg, rgba(0, 181, 253, 0.15), rgba(0, 181, 253, 0.08))'
     }), _define_property(_obj1, "&--md", {
         width: '40px',
         height: '40px',
-        color: '#FF7A00',
+        color: 'var(--color-orange-text-default)',
         background: 'linear-gradient(180deg, rgba(35, 214, 220, 0.15), rgba(35, 214, 220, 0.08))'
     }), _define_property(_obj1, "&--default", {
         width: '40px',
         height: '40px',
-        background: 'linear-gradient(180deg, #EAEEF4, #F4F6F9)'
+        background: 'linear-gradient(180deg, var(--color-gray-bg-page-light), var(--color-gray-bg-page))'
     }), _obj1)), _define_property(_obj3, "&-content", {
         display: 'flex',
         alignItems: 'center',
@@ -202,20 +202,20 @@ var genStyle = function genStyle(token) {
             background: 'transparent'
         },
         '.ace-tm .ace_gutter-active-line': {
-            color: '#FFFFFF',
+            color: 'var(--color-gray-bg-card-white)',
             background: 'transparent'
         },
         '.ace-tm .ace_comment': {
             color: 'rgba(255, 255, 255, 0.27)'
         },
         '.ace-tm .ace_keyword': {
-            color: '#E873BB'
+            color: 'var(--color-sub5-text-default)'
         },
         '.ace_identifier, .ace_paren': {
-            color: '#FFFFFF'
+            color: 'var(--color-gray-bg-card-white)'
         },
         '.ace-tm .ace_constant.ace_numeric': {
-            color: '#84DC18'
+            color: 'var(--color-green-text-default)'
         },
         '.code-editor-container': {
             marginTop: 0,
@@ -230,7 +230,7 @@ var genStyle = function genStyle(token) {
             background: 'transparent'
         }
     }, "".concat(token.antCls, "-empty-description"), {
-        color: '#d9d9d9'
+        color: 'var(--color-gray-text-light)'
     })), _obj4)), _define_property(_obj7, "&--markdown", _define_property({}, "".concat(token.antCls, '-agentic-md-editor-content div[data-be="paragraph"]:last-child'), {
         paddingBottom: '16px',
         color: 'var(--color-gray-text-light)',
@@ -298,7 +298,7 @@ var genStyle = function genStyle(token) {
         background: 'rgba(255, 255, 255, 0.6)'
     }), _define_property(_obj6, "&--error", {
         background: 'rgba(255, 245, 245, 0.6)',
-        color: '#cb1e1e'
+        color: 'var(--color-red-text-default)'
     }), _obj6)), _define_property(_obj7, "&-empty", {
         display: 'flex',
         alignItems: 'center',

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ant-design/agentic-ui",
-  "version": "2.31.3",
+  "version": "2.31.4",
   "description": "面向智能体的 UI 组件库，提供多步推理可视化、工具调用展示、任务执行协同等 Agentic UI 能力",
   "repository": "git@github.com:ant-design/agentic-ui.git",
   "license": "MIT",