From 81249cb739ebb71791675bb04c74cf282039f0c6 Mon Sep 17 00:00:00 2001
From: tuanaiseo <tuanaiseo@gmail.com>
Date: Sun, 26 Apr 2026 06:04:00 +0700
Subject: [PATCH] fix(security): server-side xss sink in streamlit app
 (`unsafe_all

The Streamlit UI renders OCR/model output using `st.markdown(..., unsafe_allow_html=True)`. Model output is not sanitized and may contain arbitrary HTML/JS-like payloads if prompted or induced by crafted input documents. This can execute script in users' browsers when viewing OCR results.

Affected files: app.py

Signed-off-by: tuanaiseo <221258316+tuanaiseo@users.noreply.github.com>
---
 chandra/scripts/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chandra/scripts/app.py b/chandra/scripts/app.py
index cd1154a..94f9d02 100644
--- a/chandra/scripts/app.py
+++ b/chandra/scripts/app.py
@@ -130,7 +130,7 @@ def ocr_layout(
                 ["HTML", "HTML as text", "Layout Image"]
             )
             with html_tab:
-                st.markdown(markdown_with_images, unsafe_allow_html=True)
+                st.markdown(markdown_with_images)
                 st.download_button(
                     label="Download Markdown",
                     data=result.markdown,