Skip to content

fix: prevent image-based data exfiltration in chat markdown#42

Merged
yuma2024 merged 2 commits intomainfrom
fix/prevent-image-exfiltration
Mar 12, 2026
Merged

fix: prevent image-based data exfiltration in chat markdown#42
yuma2024 merged 2 commits intomainfrom
fix/prevent-image-exfiltration

Conversation

@yuma2024
Copy link
Copy Markdown
Contributor

@yuma2024 yuma2024 commented Mar 12, 2026

Why

react-markdown renders markdown image syntax (alt) as tags, which automatically fire HTTP requests on render. If an AI is manipulated via prompt injection to output a
malicious image URL, sensitive data visible on screen could be exfiltrated to an external server without any user interaction.

What

Convert tag rendering to tags in the MarkdownContent component to prevent automatic HTTP requests.

How

  • Add a custom img component that renders as an tag instead
  • Image information (alt text, URL) is preserved as a clickable link
  • No HTTP request is made unless the user explicitly clicks the link

@yuma2024 @claude
fix: prevent image-based data exfiltration in chat markdown
d53aa4d 
Replace <img> rendering with <a> tag to prevent automatic HTTP requests
from AI-generated markdown image syntax. This mitigates prompt injection
attacks that could exfiltrate sensitive data via image URLs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@yuma2024 yuma2024 requested review from fmy and masudahiroto March 12, 2026 05:37
mm-zacharydavison
mm-zacharydavison reviewed Mar 12, 2026
View reviewed changes
packages/client/src/components/MarkdownContent.tsx
{children}
</td>
),
img: ({ src, alt }) => (
Copy link
Copy Markdown
Contributor

@mm-zacharydavison mm-zacharydavison Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

document the reason for this please with a comment

@yuma2024 @claude
docs: add comment explaining img-to-link conversion
766505b 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@yuma2024 yuma2024 merged commit cd1b4dd into main Mar 12, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mm-zacharydavison mm-zacharydavison mm-zacharydavison approved these changes

@masudahiroto masudahiroto Awaiting requested review from masudahiroto

@fmy fmy Awaiting requested review from fmy

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yuma2024 @mm-zacharydavison