let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1457 from dlauer/fix/avatar-relative-url-validation

Browse Source 
fix(ui): allow relative URLs in avatar validation
This commit is contained in:
Peter Steinberger
2026-01-22 21:57:27 +00:00
committed by GitHub
parent db146837a1 ffca65d15f
commit 6c7f224ce1
3 changed files with 26 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/gateway/control-ui.ts
View File

@@ -206,11 +206,22 @@ interface ServeIndexHtmlOpts {
agentId?: string; agentId?: string;
} }
function looksLikeLocalAvatarPath(value: string | undefined): boolean {
if (!value) return false;
if (/^https?:\/\//i.test(value) || /^data:image\//i.test(value)) return false;
return /\.(png|jpe?g|gif|webp|svg|ico)$/i.test(value);
}
function serveIndexHtml(res: ServerResponse, indexPath: string, opts: ServeIndexHtmlOpts) { function serveIndexHtml(res: ServerResponse, indexPath: string, opts: ServeIndexHtmlOpts) {
const { basePath, config, agentId } = opts; const { basePath, config, agentId } = opts;
const identity = config const identity = config
? resolveAssistantIdentity({ cfg: config, agentId }) ? resolveAssistantIdentity({ cfg: config, agentId })
: DEFAULT_ASSISTANT_IDENTITY; : DEFAULT_ASSISTANT_IDENTITY;
// Resolve local file avatars to /avatar/{agentId} URL
let avatarValue = identity.avatar;
if (looksLikeLocalAvatarPath(avatarValue) && identity.agentId) {
avatarValue = buildAvatarUrl(basePath, identity.agentId);
}
res.setHeader("Content-Type", "text/html; charset=utf-8"); res.setHeader("Content-Type", "text/html; charset=utf-8");
res.setHeader("Cache-Control", "no-cache"); res.setHeader("Cache-Control", "no-cache");
const raw = fs.readFileSync(indexPath, "utf8"); const raw = fs.readFileSync(indexPath, "utf8");
@@ -218,7 +229,7 @@ function serveIndexHtml(res: ServerResponse, indexPath: string, opts: ServeIndex
injectControlUiConfig(raw, { injectControlUiConfig(raw, {
basePath, basePath,
assistantName: identity.name, assistantName: identity.name,
assistantAvatar: identity.avatar, assistantAvatar: avatarValue,
}), }),
); );
} }

13
src/gateway/server-methods/agent.ts
View File

@@ -407,7 +407,18 @@ export const agentHandlers: GatewayRequestHandlers = {
} }
const cfg = loadConfig(); const cfg = loadConfig();
const identity = resolveAssistantIdentity({ cfg, agentId }); const identity = resolveAssistantIdentity({ cfg, agentId });
respond(true, identity, undefined); // Resolve local file avatars to /avatar/{agentId} URL
let avatarValue = identity.avatar;
if (
avatarValue &&
!/^https?:\/\//i.test(avatarValue) &&
!/^data:image\//i.test(avatarValue) &&
/\.(png|jpe?g|gif|webp|svg|ico)$/i.test(avatarValue) &&
identity.agentId
) {
avatarValue = `/avatar/${identity.agentId}`;
}
respond(true, { ...identity, avatar: avatarValue }, undefined);
}, },
"agent.wait": async ({ params, respond }) => { "agent.wait": async ({ params, respond }) => {
if (!validateAgentWaitParams(params)) { if (!validateAgentWaitParams(params)) {

3
ui/src/ui/chat/grouped-render.ts
View File

@@ -158,7 +158,8 @@ function renderAvatar(
function isAvatarUrl(value: string): boolean { function isAvatarUrl(value: string): boolean {
return ( return (
/^https?:\/\//i.test(value) || /^https?:\/\//i.test(value) ||
/^data:image\//i.test(value) /^data:image\//i.test(value) ||
/^\//.test(value) // Relative paths from avatar endpoint
); );
} }