@chat21/chat21-web-widget 5.1.24-rc1 โ†’ 5.1.25-rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/CHANGELOG.md +6 -0
  2. package/package.json +1 -1
  3. package/src/app/component/message/buttons/action-button/action-button.component.scss +4 -5
  4. package/src/app/component/message/buttons/link-button/link-button.component.scss +11 -8
  5. package/src/app/component/message/buttons/text-button/text-button.component.scss +4 -5
  6. package/src/app/component/message-attachment/message-attachment.component.scss +6 -1
  7. package/src/app/pipe/marked.pipe.ts +34 -14
package/CHANGELOG.md CHANGED
@@ -6,6 +6,12 @@
6
6
  ### **Copyrigth**:
7
7
  *Tiledesk SRL*
8
8
 
9
+ # 5.1.25-rc1
10
+ - **bug fixed**: attachment buttons in messages now respect the container max width and wrap/break long labels instead of being clipped
11
+
12
+ # 5.1.24-rc2
13
+ - **bug fixed**: minor fix in marked pipe to avoid rendering html tags
14
+
9
15
  # 5.1.24-rc1
10
16
  - **security**: hardened Markdown link rendering by blocking dangerous protocols (e.g. `javascript:`, `data:`, `vbscript:`) and preventing unsafe links from being rendered as anchors
11
17
  - **changed**: refactored `MarkedPipe` to simplify Markdown parsing, improve link rendering via a custom `marked` renderer, and streamline newline handling (`\\n` โ†’ `\n`)
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@chat21/chat21-web-widget",
3
3
  "author": "Tiledesk SRL",
4
- "version": "5.1.24-rc1",
4
+ "version": "5.1.25-rc1",
5
5
  "license": "MIT",
6
6
  "homepage": "https://www.tiledesk.com",
7
7
  "repository": {
package/src/app/component/message/buttons/action-button/action-button.component.scss CHANGED
@@ -22,11 +22,10 @@
22
22
  font-family: var(--font-family);
23
23
  font-size: var(--buttonFontSize);
24
24
  color: var(--buttonTextColor);
25
- overflow: hidden;
26
- -o-text-overflow: ellipsis;
27
- text-overflow: ellipsis;
28
- white-space: nowrap;
29
- word-wrap: break-word;
25
+ max-width: 100%;
26
+ white-space: normal;
27
+ overflow-wrap: anywhere;
28
+ word-break: break-word;
30
29
  -webkit-font-smoothing: antialiased;
31
30
  line-height: 16px;
32
31
  font-weight: 500;
package/src/app/component/message/buttons/link-button/link-button.component.scss CHANGED
@@ -23,11 +23,11 @@
23
23
  font-family: var(--font-family);
24
24
  font-size: var(--buttonFontSize);
25
25
  color: var(--buttonTextColor);
26
- overflow: hidden;
27
- -o-text-overflow: ellipsis;
28
- text-overflow: ellipsis;
29
- white-space: nowrap;
30
- word-wrap: break-word;
26
+ max-width: 100%;
27
+ padding-right: 40px;
28
+ white-space: normal;
29
+ overflow-wrap: anywhere;
30
+ word-break: break-word;
31
31
  -webkit-font-smoothing: antialiased;
32
32
  line-height: 16px;
33
33
  font-weight: 500;
@@ -42,15 +42,18 @@
42
42
  transition: background-color .6s ease;
43
43
  .icon-button-action {
44
44
  position: absolute;
45
- top: -1px;
46
- right: 1px;
45
+ top: 50%;
46
+ right: 8px;
47
+ transform: translateY(-50%);
47
48
  svg {
48
49
  fill: var(--textColor);
49
50
  }
50
51
  }
51
52
  .icon-button-action-self{
52
53
  position: absolute;
53
- right: 1px;
54
+ top: 50%;
55
+ right: 8px;
56
+ transform: translateY(-50%);
54
57
  svg {
55
58
  fill: var(--textColor);
56
59
  }
package/src/app/component/message/buttons/text-button/text-button.component.scss CHANGED
@@ -23,11 +23,10 @@
23
23
  font-family: var(--font-family);
24
24
  font-size: var(--buttonFontSize);
25
25
  color: var(--buttonTextColor);
26
- overflow: hidden;
27
- -o-text-overflow: ellipsis;
28
- text-overflow: ellipsis;
29
- // white-space: nowrap;
30
- word-wrap: break-word;
26
+ max-width: 100%;
27
+ white-space: normal;
28
+ overflow-wrap: anywhere;
29
+ word-break: break-word;
31
30
  // letter-spacing: -0.24px;
32
31
  -webkit-font-smoothing: antialiased;
33
32
  line-height: 16px;
package/src/app/component/message-attachment/message-attachment.component.scss CHANGED
@@ -4,9 +4,11 @@
4
4
  // margin-right: 16px; //align attachment-buttons to bubble sent message
5
5
  height: auto;
6
6
  // width: 85%;
7
- max-width: 95%;
7
+ width: 100%;
8
+ max-width: 100%;
8
9
  float: left;
9
10
  padding-left: calc(var(--avatar-width) + 10px);
11
+ box-sizing: border-box;
10
12
 
11
13
  .buttons-wrapper {
12
14
  margin-top: 0px;
@@ -16,6 +18,7 @@
16
18
  // justify-content: flex-end;
17
19
  justify-content: flex-start;
18
20
  width: 100%;
21
+ max-width: 100%;
19
22
  border: none;
20
23
  }
21
24
 
@@ -24,6 +27,8 @@
24
27
  // overflow: hidden;
25
28
  // text-overflow: ellipsis;
26
29
  // min-width: inherit;
30
+ max-width: 100%;
31
+ min-width: 0;
27
32
  .button-in-msg {
28
33
  padding: 8px 16px!important;
29
34
  }
package/src/app/pipe/marked.pipe.ts CHANGED
@@ -1,46 +1,66 @@
1
1
  import { Pipe, PipeTransform } from '@angular/core';
2
- import { marked } from 'marked';
2
+ import { marked, Tokens } from 'marked';
3
3
 
4
4
  @Pipe({
5
5
  name: 'marked'
6
6
  })
7
7
  export class MarkedPipe implements PipeTransform {
8
8
 
9
- transform(value: any): any {
10
- // Convertiamo tutto in stringa sicura
9
+ transform(value: any): string {
10
+
11
11
  const input =
12
12
  typeof value === 'string'
13
13
  ? value
14
14
  : (value === null || value === undefined) ? '' : String(value);
15
15
 
16
- // Converti \n letterali in newline reali
17
16
  const inputWithNewlines = input.replace(/\\n/g, '\n');
18
17
 
19
- // Renderer custom solo per i link
20
18
  const renderer = new marked.Renderer();
19
+
20
+ /* --------------------------------------------------
21
+ ๐Ÿ” 1. NON renderizzare HTML raw
22
+ -------------------------------------------------- */
23
+ renderer.html = function(token: Tokens.HTML | Tokens.Tag): string {
24
+ const html = 'text' in token ? token.text : '';
25
+
26
+ return html
27
+ .replace(/&/g, '&')
28
+ .replace(/</g, '&lt;')
29
+ .replace(/>/g, '&gt;');
30
+ };
31
+
32
+ /* --------------------------------------------------
33
+ ๐Ÿ” 2. Link sicuri
34
+ -------------------------------------------------- */
21
35
  const originalLinkRenderer = renderer.link.bind(renderer);
22
36
 
23
- // Lista protocolli / pattern pericolosi
24
- const dangerousPatterns = [
37
+ const dangerousProtocols = [
25
38
  /^javascript:/i,
26
39
  /^data:/i,
27
40
  /^vbscript:/i
28
41
  ];
29
42
 
30
43
  renderer.link = function({ href, title, tokens }) {
44
+
31
45
  const normalized = (href || '').trim();
32
46
 
33
- // Se il link รจ pericoloso, restituisci solo il testo
34
- const isDangerous = dangerousPatterns.some(pattern => pattern.test(normalized));
47
+ const isDangerous = dangerousProtocols.some(pattern =>
48
+ pattern.test(normalized)
49
+ );
50
+
35
51
  if (isDangerous) {
36
52
  return tokens ? tokens.map(t => t.raw).join('') : href || '';
37
53
  }
38
54
 
39
- // Altrimenti delega al renderer originale di marked
40
- return originalLinkRenderer({ href, title, tokens });
55
+ const html = originalLinkRenderer({ href, title, tokens });
56
+
57
+ // aggiunge sicurezza ai link
58
+ return html.replace(
59
+ '<a ',
60
+ '<a target="_blank" rel="noopener noreferrer" '
61
+ );
41
62
  };
42
63
 
43
- // Opzioni marked
44
64
  marked.setOptions({
45
65
  renderer,
46
66
  gfm: true,
@@ -48,9 +68,9 @@ export class MarkedPipe implements PipeTransform {
48
68
  });
49
69
 
50
70
  try {
51
- return marked.parse(inputWithNewlines);
71
+ return marked.parse(inputWithNewlines) as string;
52
72
  } catch (err) {
53
- console.error('Errore nel parsing markdown:', err);
73
+ console.error('Errore parsing markdown:', err);
54
74
  return inputWithNewlines;
55
75
  }
56
76
  }