diff --git a/fastchat/conversation.py b/fastchat/conversation.py
index 4a46103ec..6c44c7fe7 100644
--- a/fastchat/conversation.py
+++ b/fastchat/conversation.py
@@ -8,6 +8,7 @@
import base64
import dataclasses
from enum import auto, IntEnum
+import html
from io import BytesIO
import os
from typing import List, Any, Dict, Union, Tuple
@@ -370,13 +371,18 @@ def to_gradio_chatbot(self):
msg, images = msg
image = images[0] # Only one image on gradio at one time
if image.image_format == ImageFormat.URL:
- img_str = f'
'
+ img_str = f'})
'
elif image.image_format == ImageFormat.BYTES:
- img_str = f'
'
- msg = img_str + msg.replace("\n", "").strip()
+ img_str = f'};base64,{image.base64_str})
'
+ msg = img_str + html.escape(msg.replace("\n", "").strip())
+ else:
+ if msg is not None:
+ msg = html.escape(msg)
ret.append([msg, None])
else:
+ if msg is not None:
+ msg = html.escape(msg)
ret[-1][-1] = msg
return ret
diff --git a/fastchat/serve/gradio_block_arena_anony.py b/fastchat/serve/gradio_block_arena_anony.py
index 625c69c44..2c87530b0 100644
--- a/fastchat/serve/gradio_block_arena_anony.py
+++ b/fastchat/serve/gradio_block_arena_anony.py
@@ -480,6 +480,7 @@ def build_side_by_side_ui_anony(models):
elem_id="chatbot",
height=650,
show_copy_button=True,
+ sanitize_html=True,
latex_delimiters=[
{"left": "$", "right": "$", "display": False},
{"left": "$$", "right": "$$", "display": True},
diff --git a/fastchat/serve/gradio_block_arena_named.py b/fastchat/serve/gradio_block_arena_named.py
index 2f7b39adb..55b5940b5 100644
--- a/fastchat/serve/gradio_block_arena_named.py
+++ b/fastchat/serve/gradio_block_arena_named.py
@@ -358,6 +358,7 @@ def build_side_by_side_ui_named(models):
elem_id=f"chatbot",
height=650,
show_copy_button=True,
+ sanitize_html=True,
latex_delimiters=[
{"left": "$", "right": "$", "display": False},
{"left": "$$", "right": "$$", "display": True},
diff --git a/fastchat/serve/gradio_block_arena_vision.py b/fastchat/serve/gradio_block_arena_vision.py
index b3d812220..aa05ed6bc 100644
--- a/fastchat/serve/gradio_block_arena_vision.py
+++ b/fastchat/serve/gradio_block_arena_vision.py
@@ -356,6 +356,7 @@ def build_single_vision_language_model_ui(
label="Scroll down and start chatting",
height=650,
show_copy_button=True,
+ sanitize_html=True,
latex_delimiters=[
{"left": "$", "right": "$", "display": False},
{"left": "$$", "right": "$$", "display": True},
diff --git a/fastchat/serve/gradio_block_arena_vision_anony.py b/fastchat/serve/gradio_block_arena_vision_anony.py
index d4d4d484e..c77897d59 100644
--- a/fastchat/serve/gradio_block_arena_vision_anony.py
+++ b/fastchat/serve/gradio_block_arena_vision_anony.py
@@ -432,6 +432,7 @@ def build_side_by_side_vision_ui_anony(context: Context, random_questions=None):
elem_id="chatbot",
height=650,
show_copy_button=True,
+ sanitize_html=True,
latex_delimiters=[
{"left": "$", "right": "$", "display": False},
{"left": "$$", "right": "$$", "display": True},
diff --git a/fastchat/serve/gradio_block_arena_vision_named.py b/fastchat/serve/gradio_block_arena_vision_named.py
index 7c653acf3..49f48708b 100644
--- a/fastchat/serve/gradio_block_arena_vision_named.py
+++ b/fastchat/serve/gradio_block_arena_vision_named.py
@@ -372,6 +372,7 @@ def build_side_by_side_vision_ui_named(context: Context, random_questions=None):
elem_id=f"chatbot",
height=650,
show_copy_button=True,
+ sanitize_html=True,
latex_delimiters=[
{"left": "$", "right": "$", "display": False},
{"left": "$$", "right": "$$", "display": True},
diff --git a/fastchat/serve/gradio_web_server.py b/fastchat/serve/gradio_web_server.py
index 8941c6ecb..061a75a93 100644
--- a/fastchat/serve/gradio_web_server.py
+++ b/fastchat/serve/gradio_web_server.py
@@ -927,6 +927,7 @@ def build_single_model_ui(models, add_promotion_links=False):
label="Scroll down and start chatting",
height=650,
show_copy_button=True,
+ sanitize_html=True,
latex_delimiters=[
{"left": "$", "right": "$", "display": False},
{"left": "$$", "right": "$$", "display": True},