Gitiles
Code Review Sign In
code.v1.dodo.cloud / sketch / 53ab24547cd684fc38254a6bd63759d7121ca7d6
commit53ab24547cd684fc38254a6bd63759d7121ca7d6[log] [tgz]
authorPhilip Zeyliger <philip@bold.dev>Wed Jun 04 17:49:33 2025 +0000
committerAutoformatter <bot@sketch.dev>Wed Jun 04 18:10:57 2025 +0000
tree15122689ee81490ea8d3497b6baade986c6bad2c
parent16098932295e067fb0a6b3ca2082b0d4b06027b4 [diff]
webui: implement DOMPurify sanitization for markdown security

Implement comprehensive HTML sanitization using DOMPurify library to
prevent XSS vulnerabilities in markdown rendering while preserving
full markdown functionality.

Problem Analysis:
Chat timeline and tool card components used markdown rendering with
unsafeHTML directive and no HTML sanitization, creating security risks:
- Raw HTML from user input could execute arbitrary JavaScript
- Script tags, event handlers, and dangerous elements passed through
- marked.js default configuration allows HTML passthrough
- No protection against malicious content in conversation history

Security Solution - DOMPurify Implementation:
Following marked.js documentation recommendations, implemented industry-standard
DOMPurify library for comprehensive HTML sanitization using whitelist approach.

DOMPurify Security Advantages:
- Industry-standard library with regular security updates
- Comprehensive whitelist-based sanitization approach
- Automatically handles new XSS attack vectors as they emerge
- Completely removes dangerous elements rather than escaping
- Configurable allowlists for specific use case requirements
- Battle-tested across millions of applications

Implementation Changes:

1. Package Dependencies:
   - Added dompurify package dependency to webui/package.json
   - DOMPurify includes built-in TypeScript definitions
   - Leveraged existing transitive dependency through mermaid

2. Enhanced sketch-timeline-message.ts Security:
   - Integrated DOMPurify.sanitize() for HTML sanitization
   - Configured allowlist for safe HTML elements (p, strong, code, etc.)
   - Added support for mermaid diagram elements (svg, path, etc.)
   - Included code block functionality attributes (data-*, class, id)
   - Maintained existing mermaid diagram and code block functionality

3. Enhanced sketch-tool-card.ts Security:
   - Implemented DOMPurify sanitization in shared renderMarkdown utility
   - Configured appropriate allowlist for tool card content display
   - Simplified implementation using default marked.js settings
   - Maintained backward compatibility with existing tool components

4. DOMPurify Configuration:
   - ALLOWED_TAGS: Comprehensive list of safe HTML elements
   - ALLOWED_ATTR: Specific attributes for links, styling, functionality
   - ALLOW_DATA_ATTR: true for code copy buttons and interactions
   - KEEP_CONTENT: true to preserve text content and formatting

Security Verification:
- All dangerous HTML completely removed (script, iframe, object, etc.)
- Event handlers stripped from elements (onload, onerror, onclick)
- JavaScript URLs neutralized (javascript: protocol blocked)
- XSS attack vectors comprehensively mitigated through allowlist approach
- Edge cases handled automatically by library security updates

Functional Verification:
- Markdown formatting fully preserved (bold, italic, code, links)
- Code blocks render correctly with syntax highlighting classes
- Mermaid diagrams continue working with required SVG elements
- Copy-to-clipboard functionality maintained with data attributes
- All existing chat timeline and tool card features functional

Technical Benefits:
- Reduced maintenance burden - no custom escaping logic to maintain
- Automatic protection against new attack vectors via library updates
- Industry-standard approach following marked.js documentation recommendations
- Comprehensive allowlist prevents unknown dangerous elements
- Better performance through optimized library implementation

Testing:
- Verified all XSS attack vectors safely handled through comprehensive tests
- Confirmed markdown functionality preserved across all components
- Build process succeeds without TypeScript errors
- Comprehensive security test suite validates sanitization effectiveness

This implementation follows security best practices recommended by marked.js
documentation and provides robust protection against HTML injection attacks
while maintaining full markdown functionality and user experience quality.

Co-Authored-By: sketch <hello@sketch.dev>
Change-ID: s233c12c6daac5bb0k
4 files changed
tree: 15122689ee81490ea8d3497b6baade986c6bad2c
  1. .github/
  2. .vscode/
  3. bin/
  4. browser/
  5. claudetool/
  6. cmd/
  7. dockerimg/
  8. experiment/
  9. git_tools/
  10. httprr/
  11. llm/
  12. loop/
  13. skabandclient/
  14. skribe/
  15. termui/
  16. test/
  17. webui/
  18. .clabot
  19. .dockerignore
  20. .gitignore
  21. CONTRIBUTING.md
  22. dear_llm.md
  23. go.mod
  24. go.sum
  25. LICENSE
  26. README.md
README.md

Sketch

Go Reference Discord GitHub Workflow Status License

Sketch is an agentic coding tool. It draws the 🦉

🚀 Overview

Sketch runs in your terminal, has a web UI, understands your code, and helps you get work done. To keep your environment pristine, sketch starts a docker container and outputs its work onto a branch in your host git repository.

Sketch helps with most programming environments, but Sketch has extra goodies for Go.

📋 Quick Start

go install sketch.dev/cmd/sketch@latest
sketch

🔧 Requirements

Currently, Sketch runs on macOS and Linux. It uses Docker for containers.

PlatformInstallation
macOSbrew install colima (or Docker Desktop/Orbstack)
Linuxapt install docker.io (or equivalent for your distro)
WSL2Install Docker Desktop for Windows (docker entirely inside WSL2 is tricky)

The sketch.dev service is used to provide access to an LLM service and give you a way to access the web UI from anywhere.

🤝 Community & Feedback

📖 User Guide

Getting Started

Start Sketch by running sketch in a Git repository. It will open your browser to the Sketch chat interface, but you can also use the CLI interface. Use -open=false if you want to use just the CLI interface.

Ask Sketch about your codebase or ask it to implement a feature. It may take a little while for Sketch to do its work, so hit the bell (🔔) icon to enable browser notifications. We won't spam you or anything; it will notify you when the Sketch agent's turn is done, and there's something to look at.

How Sketch Works

When you start Sketch, it:

  1. Creates a Dockerfile
  2. Builds it
  3. Copies your repository into it
  4. Starts a Docker container with the "inside" Sketch running

This design lets you run multiple sketches in parallel since they each have their own sandbox. It also lets Sketch work without worry: it can trash its own container, but it can't trash your machine.

Sketch's agentic loop uses tool calls (mostly shell commands, but also a handful of other important tools) to allow the LLM to interact with your codebase.

Getting Your Git Changes Out

Sketch is trained to make Git commits. When those happen, they are automatically pushed to the git repository where you started sketch with branch names sketch/*.

Finding Sketch branches:

git branch -a --sort=creatordate | grep sketch/ | tail

The UI keeps track of the latest branch it pushed and displays it prominently. You can use standard Git workflows to pull those branches into your workspace:

git cherry-pick $(git merge-base origin/main sketch/foo)

or merge the branch

git merge sketch/foo

or reset to the branch

git reset --hard sketch/foo

Ie use the same workflows you would if you were pulling in a friend's Pull Request.

Advanced: You can ask Sketch to git fetch sketch-host and rebase onto another commit. This will also fetch where you started Sketch, and we do a bit of "git fetch refspec configuration" to make origin/main work as a git reference.

Don't be afraid of asking Sketch to help you rebase, merge/squash commits, rewrite commit messages, and so forth; it's good at it!

Reviewing Diffs

The diff view shows you changes since Sketch started. Leaving comments on lines adds them to the chat box, and, when you hit Send (at the bottom of the page), Sketch goes to work addressing your comments.

Connecting to Sketch's Container

You can interact directly with the container in three ways:

  1. Web UI Terminal: Use the "Terminal" tab in the UI
  2. SSH: Look at the startup logs or click the information icon to see a command like ssh sketch-ilik-eske-tcha-lott. We have automatically configured your SSH configuration to make these special hostnames work.
  3. Visual Studio Code: Look for a command line or magic link behind the information icon, or when Sketch starts up. This starts a new VSCode session "remoted into" the container. You can edit the code, use the terminal, review diffs, and so forth.

Using SSH (and/or VSCode) allows you to forward ports from the container to your machine. For example, if you want to start your development webserver, you can do something like this:

# Forward container port 8888 to local port 8000
ssh -L8000:localhost:8888 sketch-ilik-epor-tfor-ward go run ./cmd/server

This makes http://localhost:8000/ on your machine point to localhost:8888 inside the container.

Using Browser Tools

You can ask Sketch to browse a web page and take screenshots. There are tools both for taking screenshots and "reading images", the latter of which sends the image to the LLM. This functionality is handy if you're working on a web page and want to see what the in-progress change looks like.

❓ FAQ

"No space left on device"

Docker images, containers, and so forth tend to pile up. Ask Docker to prune unused images and containers:

docker system prune -a

🛠️ Development

Go Reference

See CONTRIBUTING.md for development guidelines.

📄 Open Source

Sketch is open source. It is right here in this repository! Have a look around and mod away.

If you want to run Sketch entirely without the sketch.dev service, you can set the flag -skaband-addr="" and then provide an ANTHROPIC_API_KEY environment variable. (More LLM services coming soon!)