From 2660daf7c4dee142ae9e61027b685d27aa666825 Mon Sep 17 00:00:00 2001
From: kurokobo <2920259+kurokobo@users.noreply.github.com>
Date: Sat, 21 Jun 2025 15:35:10 +0000
Subject: [PATCH] feat: allow rendering data uri scheme if
 ALLOW_UNSAFE_DATA_SCHEME is true

---
 web/app/components/base/markdown-blocks/utils.ts   | 6 +++++-
 web/app/components/base/markdown/markdown-utils.ts | 4 ++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/web/app/components/base/markdown-blocks/utils.ts b/web/app/components/base/markdown-blocks/utils.ts
index 4e9e98dbed..d8df76aefc 100644
--- a/web/app/components/base/markdown-blocks/utils.ts
+++ b/web/app/components/base/markdown-blocks/utils.ts
@@ -1,3 +1,7 @@
+import { ALLOW_UNSAFE_DATA_SCHEME } from '@/config'
+
 export const isValidUrl = (url: string): boolean => {
-  return ['http:', 'https:', '//', 'mailto:'].some(prefix => url.startsWith(prefix))
+  const validPrefixes = ['http:', 'https:', '//', 'mailto:']
+  if (ALLOW_UNSAFE_DATA_SCHEME) validPrefixes.push('data:')
+  return validPrefixes.some(prefix => url.startsWith(prefix))
 }
diff --git a/web/app/components/base/markdown/markdown-utils.ts b/web/app/components/base/markdown/markdown-utils.ts
index dc3c7a9784..0572e91900 100644
--- a/web/app/components/base/markdown/markdown-utils.ts
+++ b/web/app/components/base/markdown/markdown-utils.ts
@@ -4,6 +4,7 @@
  * Includes preprocessing for LaTeX and custom "think" tags.
  */
 import { flow } from 'lodash-es'
+import { ALLOW_UNSAFE_DATA_SCHEME } from '@/config'
 
 export const preprocessLaTeX = (content: string) => {
   if (typeof content !== 'string')
@@ -83,5 +84,8 @@ export const customUrlTransform = (uri: string): string | undefined => {
   if (PERMITTED_SCHEME_REGEX.test(scheme))
     return uri
 
+  if (ALLOW_UNSAFE_DATA_SCHEME && scheme === 'data:')
+    return uri
+
   return undefined
 }