Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow HTML in alert modals #8817

Merged
merged 7 commits into from
Jul 17, 2024
Merged

Allow HTML in alert modals #8817

merged 7 commits into from
Jul 17, 2024

Conversation

abidlabs
Copy link
Member

@abidlabs abidlabs commented Jul 17, 2024
edited
Loading

Allows HTML in gr.Info(), gr.Warning(), gr.Error(), etc.

import gradio as gr
import time

def show():
    gr.Info("Please visit <a href='https://hf.co' target='_blank'>Hugging Face</a> for free datasets.", duration=100)
    time.sleep(1)
    return "Hello"


gr.Interface(show, None, "textbox").launch()

Context: internal link. cc @gary149 @julien-c

Note: downstream clients who receive a gr.Error will see the original raw html string, but I don't think that's a problem.

@gradio-pr-bot
Copy link
Collaborator

gradio-pr-bot commented Jul 17, 2024
edited
Loading

🪼 branch checks and previews

Name Status URL
Spaces ready! Spaces preview
Website failed! Details
Storybook ready! Storybook preview
🦄 Changes detecting...

Install Gradio from this PR

pip install https://gradio-builds.s3.amazonaws.com/e732b3b6a8f375788e18979e3e6fab1bc064aaa7/gradio-4.38.1-py3-none-any.whl

Install Gradio Python Client from this PR

pip install "gradio-client @ git+https://github.com/gradio-app/gradio@e732b3b6a8f375788e18979e3e6fab1bc064aaa7#subdirectory=client/python"

Install Gradio JS Client from this PR

npm install https://gradio-builds.s3.amazonaws.com/e732b3b6a8f375788e18979e3e6fab1bc064aaa7/gradio-client-1.3.0.tgz

@gradio-pr-bot
Copy link
Collaborator

gradio-pr-bot commented Jul 17, 2024
edited
Loading

🦄 change detected

This Pull Request includes changes to the following packages.

Package Version
@gradio/statustracker patch
gradio patch
  • Maintainers can select this checkbox to manually select packages to update.

With the following changelog entry.

Allow HTML in alert modals

Maintainers or the PR author can modify the PR title to modify this entry.

Something isn't right?
  • Maintainers can change the version label to modify the version bump.
  • If the bot has failed to detect any changes, or if this pull request needs to update multiple packages to different versions or requires a more comprehensive changelog entry, maintainers can update the changelog file directly.

@abidlabs abidlabs marked this pull request as ready for review July 17, 2024 13:27
@abidlabs abidlabs added the v: patch A change that requires a patch release label Jul 17, 2024
pngwn
pngwn requested changes Jul 17, 2024
View reviewed changes
Copy link
Member

@pngwn pngwn left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this safe? Is there a scenario in which an error message is being embedded in the returned HTML and a user could manipulate this process and inject something harmful, either directly or via a mitm attack?

At the very least we need to escape the HTML.

@abidlabs
Copy link
Member Author

abidlabs commented Jul 17, 2024
edited
Loading

Ok @pngwn I am now sanitizing the HTML, which at least makes this consistent with our other Markdown or HTML-based components. Let me know if you have any further suggestions, thanks!

pngwn
pngwn approved these changes Jul 17, 2024
View reviewed changes
Copy link
Member

@pngwn pngwn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great. Thanks @abidlabs!

@abidlabs abidlabs merged commit 34510db into main Jul 17, 2024
8 checks passed
@abidlabs abidlabs deleted the update-alerts branch July 17, 2024 15:33
@pngwn pngwn mentioned this pull request Jul 17, 2024
Merged
@aliabd aliabd mentioned this pull request Jul 17, 2024
Merged
@pngwn pngwn mentioned this pull request Jul 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pngwn pngwn pngwn approved these changes

@aliabid94 aliabid94 Awaiting requested review from aliabid94

@aliabd aliabd Awaiting requested review from aliabd

@dawoodkhan82 dawoodkhan82 Awaiting requested review from dawoodkhan82

@hannahblair hannahblair Awaiting requested review from hannahblair

@freddyaboulton freddyaboulton Awaiting requested review from freddyaboulton

Assignees
No one assigned
Labels
v: patch A change that requires a patch release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@abidlabs @gradio-pr-bot @pngwn