Skip to content

fix: allow data:image/* URLs in markdown renderer#491

Open
taoyuan wants to merge 1 commit intodifferent-ai:devfrom
taoyuan:fix/allow-data-image-urls-upstream
Open

fix: allow data:image/* URLs in markdown renderer#491
taoyuan wants to merge 1 commit intodifferent-ai:devfrom
taoyuan:fix/allow-data-image-urls-upstream

Conversation

@taoyuan
Copy link

@taoyuan taoyuan commented Feb 7, 2026

The isSafeUrl function was blocking all data: URLs including data:image/jpeg;base64,... returned by AI image generation models. This caused markdown images like image to render with empty src, showing only the alt text 'Image'.

Now data:image/* URIs are whitelisted while other data: schemes (e.g. data:text/html) remain blocked to prevent XSS.

fix: allow data:image/* URLs in markdown renderer
aa3f4a8 
The isSafeUrl function was blocking all data: URLs including
data:image/jpeg;base64,... returned by AI image generation models.
This caused markdown images like ![image](data:image/jpeg;base64,...)
to render with empty src, showing only the alt text 'Image'.

Now data:image/* URIs are whitelisted while other data: schemes
(e.g. data:text/html) remain blocked to prevent XSS.
@vercel
Copy link

vercel bot commented Feb 7, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
openwork-software Ready Ready Preview, Comment Feb 7, 2026 1:37pm

@github-actions
Copy link
Contributor

github-actions bot commented Feb 7, 2026

The following comment was made by an LLM, it may be inaccurate:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@taoyuan