fix(webapp): sanitize streamed agent URLs before rendering in the agent view

[ericallam]

Summary

The dashboard's Agent view rendered source-url and file message parts by putting their url straight into an href/src. Those URLs come from streamed agent and tool data, so a tool that emitted something like javascript:alert(1) produced a clickable XSS payload in the dashboard.

Fix

A toSafeUrl helper now gates every URL before it reaches an href/src: it allows only http:/https:/blob: (and data:image/... for inline images) and returns null for anything else. Unsafe values render as plain text instead of a link or image, so a hostile or malformed URL degrades gracefully rather than becoming clickable. Safe URLs render exactly as before. Covered by a unit test over the allow/deny list.

[changeset-bot]

⚠️ No Changeset found

Latest commit: cff297f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: dd36f571-2f30-4029-9ccd-432c8a8e7f62

📥 Commits

Reviewing files that changed from the base of the PR and between 6035020 and cff297f.

📒 Files selected for processing (1)

• apps/webapp/app/components/runs/v3/agent/AgentMessageView.tsx

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/webapp/app/components/runs/v3/agent/AgentMessageView.tsx

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (14)

• GitHub Check: webapp / 🧪 Unit Tests: Webapp (9, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (4, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (5, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (10, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (3, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (7, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (6, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (8, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (2, 10)
• GitHub Check: webapp / 🧪 Unit Tests: Webapp (1, 10)
• GitHub Check: typecheck / typecheck
• GitHub Check: e2e-webapp / 🧪 E2E Tests: Webapp
• GitHub Check: audit
• GitHub Check: Analyze (javascript-typescript)

---

Walkthrough

This PR adds a toSafeUrl helper that validates URL schemes (allowing http:, https:, blob:, and optionally data:image/*), applies it to AgentMessageView rendering for source-url and file parts so unsafe URLs are not used as href/src, adds tests covering allowed/blocked schemes and malformed inputs, and adds a changelog entry documenting the fix.

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Description check	❓ Inconclusive	The description covers the problem, the fix, and testing approach, but does not follow the provided template structure with required sections like the checklist, issue reference, and proper changelog formatting.	Follow the repository's PR template by including the checklist, closing issue reference, explicit testing steps, and changelog section as specified.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: sanitizing streamed agent URLs before rendering in the agent view, which is the primary security fix.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/sanitize-agent-view-urls

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 2 additional findings.