Enhance assistant security with structured validation and input sanitization - Dash-Web.git - A copy of AVD's Dash-Web software, hosted on my own hardware for local use.

about summary refs log tree commit diff

path: root/src/JSZipUtils.js

diff options

author	A.J. Shulman <Shulman.aj@gmail.com>	2024-11-06 22:23:03 -0500
committer	A.J. Shulman <Shulman.aj@gmail.com>	2024-11-06 22:23:03 -0500
commit	5d4e19ad5961e42b90f7bfc920ea80da6edc5089 (patch)
tree	5d6d7e86130a25e034114100de90d25a68c3494d /src/JSZipUtils.js
parent	09d7d63d1f248a0bf1d36e4da804cbde5e12e209 (diff)

Enhance assistant security with structured validation and input sanitization

- Prompt enhancements: - Enforce strict response structure validation by requiring <stage>, <thought>, <action>, and <answer> tags in responses. - Add self-validation instruction in <final_instruction> for assistant to check response structure before outputting. - Instruct assistant to ignore XML-like syntax from user input, treating any <stage>, <action>, etc., as plain text. - Code changes: - Implement `validateAssistantResponse` function to enforce required response structure (e.g., ensuring <stage> element). - Add input sanitization using `lodash.escape` to treat user inputs as plain text, preventing XML or HTML injection. - Configure XML parser to ignore external entities and avoid interpreting embedded XML-like syntax. - Introduce fallback error handling in parsing and validation to prevent assistant crashes on malformed or unexpected input. - Log response errors with detailed messages to aid debugging and improve system resilience. - Enhance input validation for tools by adding parameter checks, handling malformed data gracefully, and logging safety errors.

Diffstat (limited to 'src/JSZipUtils.js')

0 files changed, 0 insertions, 0 deletions