.Net Implement AllowUnsafeContent to prompty's input variables #6030
Assignees
Labels
enhancement
.NET
Issue or Pull requests regarding .NET code
prompty
sk team issue
A tag to denote issues that where created by the Semantic Kernel team (i.e., not the community)
Comments
markwallace-microsoft
added
.NET
This was referenced Apr 29, 2024
matthewbolanos
added
sk team issue
dmytrostruk
pushed a commit
that referenced
this issue
May 7, 2024
) ### Motivation and Context <!-- Thank you for your contribution to the semantic-kernel repo! Please help reviewers and future users, providing the following information: 1. Why is this change required? 2. What problem does it solve? 3. What scenario does it contribute to? 4. If it fixes an open issue, please link to the issue here. --> #6030 ### Description ~In this implementation, the `Ġ` will be reserved in liquid template which is used to replace `:` in all input variables when unsafe content is not allowed.~ ~The encoding process for input variables when unsafe content is not allowed is~ ~- replace all `:` to `Ġ` // this is the extra step comparing with HandlerBar Template~ ~- Encode xml using `HttpUtility.HtmlEncode`~ ~The decoding process is~ ~- replace all `Ġ` to `:`~ This PR introduces a new process to mitigate potential prompt injection attacks from input variables when using liquid templates. Here's a breakdown of the steps: Before rendering, each input variable undergoes a transformation: all occurrences of `:`are replaced with `:`. This ensures that message tags like `system:`, `user:`, or `assistant:` are not present if `AllowUnsafeContent` is set to `false`. No replacement occurs if `AllowUnsafeContent` is `true`. After rendering, each message content is processed based on the `AllowUnsafeContent` setting. If it's `false`, all `:` instances are reverted back to `:`, followed by calling `html_encode` on each message content. If `AllowUnsafeContent` is `true`, only `html_encode` is called. This additional encoding step is necessary because `ChatPromptParser` always decodes XML message content, requiring the liquid template to undergo an extra encoding step to ensure the rendered content matches the original before rendering. <!-- Describe your changes, the overall approach, the underlying design. These notes will help understanding how your code works. Thanks! --> ### Contribution Checklist <!-- Before submitting this PR, please make sure: --> - [x] The code builds clean without any errors or warnings - [x] The PR follows the [SK Contribution Guidelines](https://github.com/microsoft/semantic-kernel/blob/main/CONTRIBUTING.md) and the [pre-submission formatting script](https://github.com/microsoft/semantic-kernel/blob/main/CONTRIBUTING.md#development-scripts) raises no violations - [x] All unit tests pass, and I have added new tests where possible - [x] I didn't break anyone 😄
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See comments
#5961 (comment)
The text was updated successfully, but these errors were encountered: