Improve citation handling and link sanitization

gary149 · gary149 · commit a53802e642df · 2025-10-04T11:05:33.000+02:00
Enhances citation mapping and normalization to avoid duplicate system messages and properly mask code segments. Refines URL extraction and normalization, improves link sanitization in markdown rendering, and updates citation rendering logic to use safe href attributes. Also fixes message content updates to preserve initial content during streaming.
diff --git a/src/lib/components/chat/MarkdownRenderer.svelte.test.ts b/src/lib/components/chat/MarkdownRenderer.svelte.test.ts
@@ -36,6 +36,7 @@ describe("MarkdownRenderer", () => {
 				{
 					title: "foo",
 					link: "https://example.com",
+					index: 1,
 				},
 			],
 		};
@@ -54,14 +55,17 @@ describe("MarkdownRenderer", () => {
 				{
 					title: "foo",
 					link: "https://foo.com",
+					index: 1,
 				},
 				{
 					title: "bar",
 					link: "https://bar.com",
+					index: 2,
 				},
 				{
 					title: "baz",
 					link: "https://baz.com",
+					index: 3,
 				},
 			],
 		});
@@ -77,6 +81,7 @@ describe("MarkdownRenderer", () => {
 				{
 					title: "foo",
 					link: "https://example.com",
+					index: 1,
 				},
 			],
 		});
diff --git a/src/lib/server/textGeneration/generate.ts b/src/lib/server/textGeneration/generate.ts
@@ -56,10 +56,24 @@ type ToolRun = {
 	output: string;
 };
 
-const URL_REGEX = /https?:\/\/[^\s)\]}"'>]+/g;
+const URL_REGEX = /https?:\/\/[^\s<]+/g;
 
 function normalizeUrl(raw: string): string {
-	return raw.replace(/[)\].,;:"'>]+$/g, "");
+	const canParse = (value: string) => {
+		try {
+			const parsed = new URL(value);
+			return parsed.protocol === "http:" || parsed.protocol === "https:";
+		} catch {
+			return false;
+		}
+	};
+
+	if (canParse(raw)) {
+		return raw;
+	}
+
+	const trimmed = raw.replace(/[)\].,;:"'>]+$/g, "");
+	return canParse(trimmed) ? trimmed : raw;
 }
 
 function buildToolPreprompt(tools: OpenAiTool[]): string {
@@ -286,6 +300,7 @@ async function* runMcpFlow({
 		const citationSources: MessageSource[] = [];
 		const citationIndex = new Map<string, number>();
 		let lastMappingCount = 0;
+		let mappingMessageIndex: number | null = null;
 
 		const buildCitationMappingMessage = (): string | null => {
 			if (citationSources.length === 0) {
@@ -314,7 +329,20 @@ Reference only these indices (e.g., [1]) and reuse numbers for repeat URLs.`;
 			if (!mappingMessage) {
 				return;
 			}
+			if (mappingMessageIndex !== null && mappingMessageIndex >= 0) {
+				if (mappingMessageIndex < messagesOpenAI.length) {
+					const existing = messagesOpenAI[mappingMessageIndex];
+					if (existing?.role === "system") {
+						messagesOpenAI = [
+							...messagesOpenAI.slice(0, mappingMessageIndex),
+							...messagesOpenAI.slice(mappingMessageIndex + 1),
+						];
+					}
+				}
+				mappingMessageIndex = null;
+			}
 			messagesOpenAI = [...messagesOpenAI, { role: "system", content: mappingMessage }];
+			mappingMessageIndex = messagesOpenAI.length - 1;
 			lastMappingCount = citationSources.length;
 		};
 
@@ -359,26 +387,27 @@ Reference only these indices (e.g., [1]) and reuse numbers for repeat URLs.`;
 
 		const stripTrailingSourcesBlock = (input: string): string => {
 			const lines = input.split("\n");
-			let start = -1;
+			let headerIndex = -1;
 			for (let i = lines.length - 1; i >= 0; i -= 1) {
 				const trimmed = lines[i].trim();
 				if (!trimmed) continue;
-				if (/^sources?:\s*$/i.test(trimmed)) {
-					start = i;
-					break;
-				}
 				if (
+					/^sources?:\s*$/i.test(trimmed) ||
 					/^sources?:\s*(?:\[[\d]+\]\([^)]*\)|\(?\s*\d+\)?|https?:\/\/\S+)(?:\s*,\s*(?:\[[\d]+\]\([^)]*\)|\(?\s*\d+\)?|https?:\/\/\S+))*$/i.test(
 						trimmed
 					)
 				) {
-					start = i;
+					headerIndex = i;
 					break;
 				}
-				return input;
+				if (
+					!/^[-*]?\s*(?:\(?\s*\d+\)?\.?\s*)?(https?:\/\/\S+|\[[\d]+\]\([^)]*\))\s*$/i.test(trimmed)
+				) {
+					return input;
+				}
 			}
-			if (start === -1) return input;
-			for (let j = start + 1; j < lines.length; j += 1) {
+			if (headerIndex === -1) return input;
+			for (let j = headerIndex + 1; j < lines.length; j += 1) {
 				const trimmed = lines[j].trim();
 				if (!trimmed) continue;
 				if (
@@ -387,7 +416,7 @@ Reference only these indices (e.g., [1]) and reuse numbers for repeat URLs.`;
 					return input;
 				}
 			}
-			return lines.slice(0, start).join("\n").replace(/\s+$/, "");
+			return lines.slice(0, headerIndex).join("\n").replace(/\s+$/, "");
 		};
 
 		const appendMissingCitations = (text: string): string => {
@@ -425,7 +454,32 @@ Reference only these indices (e.g., [1]) and reuse numbers for repeat URLs.`;
 		const normalizeCitations = (
 			text: string
 		): { normalizedText: string; normalizedSources: MessageSource[] } => {
-			const indices = extractUsedSourceIndexes(text);
+			const maskCodeSegments = (value: string) => {
+				const placeholders: string[] = [];
+				const token = (index: number) => `\uE000${index}\uE001`;
+				const stash = (match: string) => {
+					const placeholder = token(placeholders.length);
+					placeholders.push(match);
+					return placeholder;
+				};
+
+				let masked = value.replace(/```[\s\S]*?```/g, stash);
+				masked = masked.replace(/~~~[\s\S]*?~~~/g, stash);
+				masked = masked.replace(/`[^`]*`/g, stash);
+
+				const unmask = (input: string) =>
+					input.replace(/\uE000(\d+)\uE001/g, (_match, idx) => placeholders[Number(idx)] ?? "");
+
+				return { masked, unmask };
+			};
+
+			if (citationSources.length === 0) {
+				return { normalizedText: text, normalizedSources: [] };
+			}
+
+			const { masked, unmask } = maskCodeSegments(text);
+
+			const indices = extractUsedSourceIndexes(masked);
 			if (indices.length === 0) {
 				return { normalizedText: text, normalizedSources: [] };
 			}
@@ -435,7 +489,7 @@ Reference only these indices (e.g., [1]) and reuse numbers for repeat URLs.`;
 				mapping.set(oldIndex, position + 1);
 			});
 
-			const normalizedText = text.replace(
+			const normalizedMaskedText = masked.replace(
 				/\[(\d+(?:\s*,\s*\d+)*)\]/g,
 				(match: string, group: string) => {
 					const parts = group.split(/\s*,\s*/);
@@ -465,7 +519,7 @@ Reference only these indices (e.g., [1]) and reuse numbers for repeat URLs.`;
 				.filter((source): source is MessageSource => Boolean(source))
 				.sort((a, b) => a.index - b.index);
 
-			return { normalizedText, normalizedSources };
+			return { normalizedText: unmask(normalizedMaskedText), normalizedSources };
 		};
 
 		let lastAssistantContent = "";
diff --git a/src/lib/utils/marked.ts b/src/lib/utils/marked.ts
@@ -6,6 +6,7 @@ import type { Tokens, TokenizerExtension, RendererExtension } from "marked";
 type SimpleSource = {
 	title?: string;
 	link: string;
+	index?: number;
 };
 import hljs from "highlight.js";
 
@@ -147,60 +148,112 @@ function escapeHTML(content: string) {
 	);
 }
 
+const ALLOWED_PROTOCOLS = new Set(["http:", "https:", "mailto:", "tel:"]);
+
+function escapeAttribute(value: string): string {
+	return value
+		.replace(/&/g, "&amp;")
+		.replace(/"/g, "&quot;")
+		.replace(/'/g, "&#39;")
+		.replace(/</g, "&lt;")
+		.replace(/>/g, "&gt;");
+}
+
+function sanitizeHrefAttribute(
+	href: string | undefined,
+	{ allowRelative = false }: { allowRelative?: boolean } = {}
+): string {
+	if (!href) return "";
+	const trimmed = href.replace(/>$/, "");
+
+	const hasScheme = /^[a-zA-Z][a-zA-Z0-9+.-]*:/.test(trimmed);
+	if (hasScheme) {
+		try {
+			const parsed = new URL(trimmed);
+			if (!ALLOWED_PROTOCOLS.has(parsed.protocol)) {
+				return "";
+			}
+			return escapeAttribute(trimmed);
+		} catch {
+			return "";
+		}
+	}
+
+	if (!allowRelative) {
+		return "";
+	}
+
+	if (/^(?:#|\/|\.\/|\.\.\/)/.test(trimmed)) {
+		return escapeAttribute(trimmed);
+	}
+
+	return "";
+}
+
 function transformOutsideHtmlCode(html: string, transform: (segment: string) => string): string {
 	const parts = html.split(/(<pre[\s\S]*?<\/pre>|<code[\s\S]*?<\/code>)/gi);
-	return parts
-		.map((part) => (/^<pre|^<code/i.test(part) ? part : transform(part)))
-		.join("");
+	return parts.map((part) => (/^<pre|^<code/i.test(part) ? part : transform(part))).join("");
 }
 
 function addInlineCitations(html: string, webSearchSources: SimpleSource[] = []): string {
 	const linkStyle = "color: rgb(59, 130, 246); text-decoration: none;";
+	const indexMap = new Map<number, SimpleSource>();
+	webSearchSources.forEach((source, position) => {
+		const resolvedIndex = Number.isFinite(source.index) ? Number(source.index) : position + 1;
+		if (resolvedIndex > 0 && !indexMap.has(resolvedIndex)) {
+			indexMap.set(resolvedIndex, source);
+		}
+	});
+
 	const applyReplacements = (value: string) =>
 		value
-			.replace(/\[(\d+)\](?!\()/g, (match: string) => {
-				const indices: number[] = (match.match(/\d+/g) || []).map(Number);
-				const links: string = indices
-					.map((index: number) => {
-						if (index === 0) return "";
-						const source = webSearchSources[index - 1];
-						if (!source) return "";
-						return `<a href="${source.link}" target="_blank" rel="noopener noreferrer" style="${linkStyle}">${index}</a>`;
-					})
-					.filter(Boolean)
-					.join(", ");
-				return links ? ` <sup>${links}</sup>` : match;
+			.replace(/\[(\d+)\](?!\()/g, (match: string, rawIndex: string) => {
+				const index = Number(rawIndex);
+				const source = indexMap.get(index);
+				if (!source) {
+					return match;
+				}
+				const safeHref = sanitizeHrefAttribute(source.link, { allowRelative: false });
+				return safeHref
+					? ` <sup><a href="${safeHref}" target="_blank" rel="noopener noreferrer" style="${linkStyle}">${index}</a></sup>`
+					: match;
 			})
 			.replace(/\((\d+\s*(?:,\s*\d+)+)\)/g, (match: string, group: string) => {
-				const indices = group
+				const linked = group
 					.split(/\s*,\s*/)
-					.map((value) => Number(value.trim()))
-					.filter((value) => Number.isFinite(value) && value > 0);
-				if (indices.length === 0) return match;
-				const links = indices
-					.map((index: number) => {
-						const source = webSearchSources[index - 1];
-						if (!source) return "";
-						return `<a href="${source.link}" target="_blank" rel="noopener noreferrer" style="${linkStyle}">${index}</a>`;
+					.map((token) => {
+						const index = Number(token);
+						const source = indexMap.get(index);
+						if (!source) {
+							return "";
+						}
+						const safeHref = sanitizeHrefAttribute(source.link, { allowRelative: false });
+						return safeHref
+							? `<a href="${safeHref}" target="_blank" rel="noopener noreferrer" style="${linkStyle}">${index}</a>`
+							: "";
 					})
 					.filter(Boolean)
 					.join(", ");
-				return links ? ` (<sup>${links}</sup>)` : match;
+				return linked ? ` (<sup>${linked}</sup>)` : match;
 			});
 
-	const decorate = (segment: string) => applyReplacements(segment);
-	return transformOutsideHtmlCode(html, decorate);
+	return transformOutsideHtmlCode(html, applyReplacements);
 }
 
 function createMarkedInstance(sources: SimpleSource[]): Marked {
 	return new Marked({
-			hooks: {
-				postprocess: (html) => addInlineCitations(html, sources),
-			},
+		hooks: {
+			postprocess: (html) => addInlineCitations(html, sources),
+		},
 		extensions: [katexBlockExtension, katexInlineExtension],
-			renderer: {
-				link: (href, title, text) =>
-					`<a href="${href?.replace(/>$/, "")}" target="_blank" rel="noopener noreferrer">${text}</a>`,
+		renderer: {
+			link: (href, _title, text) => {
+				const safeHref = sanitizeHrefAttribute(href, { allowRelative: true });
+				const safeText = escapeHTML(text ?? "");
+				return safeHref
+					? `<a href="${safeHref}" target="_blank" rel="noopener noreferrer">${safeText}</a>`
+					: safeText;
+			},
 			html: (html) => escapeHTML(html),
 		},
 		gfm: true,
diff --git a/src/routes/conversation/[id]/+page.svelte b/src/routes/conversation/[id]/+page.svelte
@@ -247,6 +247,7 @@
 			if (!messageToWriteTo) {
 				throw new Error("Message to write to not found");
 			}
+			const initialMessageContent = messageToWriteTo.content ?? "";
 
 			const messageUpdatesAbortController = new AbortController();
 
@@ -332,9 +333,9 @@
 						messageToWriteTo.content += buffer;
 						buffer = "";
 					}
-					if (update.text) {
-						messageToWriteTo.content = update.text;
-					}
+					const finalText =
+						update.text ?? messageToWriteTo.content.slice(initialMessageContent.length);
+					messageToWriteTo.content = initialMessageContent + finalText;
 					messageToWriteTo.interrupted = update.interrupted;
 					if (update.sources && update.sources.length > 0) {
 						messageToWriteTo.sources = update.sources;
