npm - @microsoft/omnichannel-chat-widget - Versions diffs - 1.8.1-main.3ee330c → 1.8.1-main.565f247 - Mend

@microsoft/omnichannel-chat-widget 1.8.1-main.3ee330c → 1.8.1-main.565f247

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@microsoft/omnichannel-chat-widget",
-  "version": "1.8.1-main.3ee330c",
+  "version": "1.8.1-main.565f247",
   "description": "Microsoft Omnichannel Chat Widget",
   "main": "lib/cjs/index.js",
   "types": "lib/types/index.d.ts",
@@ -87,7 +87,7 @@
     "@azure/core-tracing": "^1.2.0",
     "@microsoft/applicationinsights-web": "^3.3.6",
     "@microsoft/omnichannel-chat-components": "1.1.12",
-    "@microsoft/omnichannel-chat-sdk": "^1.11.2",
+    "@microsoft/omnichannel-chat-sdk": "^1.11.1",
     "@opentelemetry/api": "^1.9.0",
     "abort-controller": "^3",
     "abort-controller-es5": "^2.0.1",

package/lib/cjs/common/utils/xssUtils.js DELETED Viewed

@@ -1,79 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.detectAndCleanXSS = void 0;
-var _dompurify = _interopRequireDefault(require("dompurify"));
-function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
-/**
- * Detects potential Cross-Site Scripting (XSS) attacks in text input and sanitizes the content.
- *
- * This function performs comprehensive XSS detection using pattern matching for common attack vectors
- * and then sanitizes the input using DOMPurify with strict configuration. It's designed to protect
- * against various XSS techniques including script injection, event handler injection, style-based
- * attacks, and encoded payloads.
- *
- * Security patterns detected:
- * - JavaScript protocol URLs (javascript:)
- * - HTML event handlers (onmouseover, onclick, etc.)
- * - Script tags (<script>)
- * - CSS expression() functions
- * - CSS url() functions
- * - Position-based CSS attacks (position: fixed/absolute)
- * - VBScript protocol URLs
- * - Data URLs with HTML content
- * - Fragment identifiers with escaped quotes
- * - HTML entity-encoded angle brackets
- *
- * @param text - The input text to be analyzed and sanitized
- * @returns An object containing:
- *   - cleanText: The sanitized version of the input text with all HTML tags and attributes removed
- *   - isXSSDetected: Boolean flag indicating whether potential XSS patterns were found in the original text
- */
-const detectAndCleanXSS = text => {
-  // Comprehensive array of regular expressions to detect common XSS attack patterns
-  const xssPatterns = [/javascript\s*:/gi,
-  // JavaScript protocol URLs (with optional spaces)
-  /vbscript\s*:/gi,
-  // VBScript protocol URLs (with optional spaces)
-  /on\w+\s*=/gi,
-  // HTML event handlers (onmouseover, onclick, onload, etc.)
-  /<\s*script/gi,
-  // Script tag opening (with optional spaces)
-  /expression\s*\(/gi,
-  // CSS expression() function (IE-specific)
-  /url\s*\(/gi,
-  // CSS url() function
-  /style\s*=.*position\s*:\s*fixed/gi,
-  // CSS position fixed attacks
-  /style\s*=.*position\s*:\s*absolute/gi,
-  // CSS position absolute attacks
-  /data\s*:\s*text\s*\/\s*html/gi,
-  // Data URLs containing HTML
-  /#.*\\"/gi,
-  // Fragment identifiers with escaped quotes
-  /&gt;.*&lt;/gi // HTML entity-encoded angle brackets indicating tag structure
-  ];
-  // Check if any XSS patterns are detected in the input text
-  const isXSSDetected = xssPatterns.some(pattern => pattern.test(text));
-  // Clean the text using DOMPurify with strict config
-  const cleanText = _dompurify.default.sanitize(text, {
-    ALLOWED_TAGS: [],
-    // No HTML tags allowed in title
-    ALLOWED_ATTR: [],
-    KEEP_CONTENT: true,
-    // Keep text content
-    ALLOW_DATA_ATTR: false,
-    ALLOW_UNKNOWN_PROTOCOLS: false,
-    SANITIZE_DOM: true,
-    FORCE_BODY: false
-  });
-  return {
-    cleanText,
-    isXSSDetected
-  };
-};
-exports.detectAndCleanXSS = detectAndCleanXSS;

package/lib/cjs/components/errorboundary/ErrorBoundary.js DELETED Viewed

@@ -1,68 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.default = void 0;
-var _react = _interopRequireWildcard(require("react"));
-function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
-function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
-function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } }
-function _defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if ("value" in descriptor) descriptor.writable = true; Object.defineProperty(target, _toPropertyKey(descriptor.key), descriptor); } }
-function _createClass(Constructor, protoProps, staticProps) { if (protoProps) _defineProperties(Constructor.prototype, protoProps); if (staticProps) _defineProperties(Constructor, staticProps); Object.defineProperty(Constructor, "prototype", { writable: false }); return Constructor; }
-function _toPropertyKey(arg) { var key = _toPrimitive(arg, "string"); return typeof key === "symbol" ? key : String(key); }
-function _toPrimitive(input, hint) { if (typeof input !== "object" || input === null) return input; var prim = input[Symbol.toPrimitive]; if (prim !== undefined) { var res = prim.call(input, hint || "default"); if (typeof res !== "object") return res; throw new TypeError("@@toPrimitive must return a primitive value."); } return (hint === "string" ? String : Number)(input); }
-function _inherits(subClass, superClass) { if (typeof superClass !== "function" && superClass !== null) { throw new TypeError("Super expression must either be null or a function"); } subClass.prototype = Object.create(superClass && superClass.prototype, { constructor: { value: subClass, writable: true, configurable: true } }); Object.defineProperty(subClass, "prototype", { writable: false }); if (superClass) _setPrototypeOf(subClass, superClass); }
-function _setPrototypeOf(o, p) { _setPrototypeOf = Object.setPrototypeOf ? Object.setPrototypeOf.bind() : function _setPrototypeOf(o, p) { o.__proto__ = p; return o; }; return _setPrototypeOf(o, p); }
-function _createSuper(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
-function _possibleConstructorReturn(self, call) { if (call && (typeof call === "object" || typeof call === "function")) { return call; } else if (call !== void 0) { throw new TypeError("Derived constructors may only return object or undefined"); } return _assertThisInitialized(self); }
-function _assertThisInitialized(self) { if (self === void 0) { throw new ReferenceError("this hasn't been initialised - super() hasn't been called"); } return self; }
-function _isNativeReflectConstruct() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
-function _getPrototypeOf(o) { _getPrototypeOf = Object.setPrototypeOf ? Object.getPrototypeOf.bind() : function _getPrototypeOf(o) { return o.__proto__ || Object.getPrototypeOf(o); }; return _getPrototypeOf(o); }
-const RenderChildrenFunction = _ref => {
-  let {
-    children
-  } = _ref;
-  return typeof children === 'function' ? children() : children;
-};
-let ErrorBoundary = /*#__PURE__*/function (_Component) {
-  _inherits(ErrorBoundary, _Component);
-  var _super = _createSuper(ErrorBoundary);
-  function ErrorBoundary(props) {
-    var _this;
-    _classCallCheck(this, ErrorBoundary);
-    _this = _super.call(this, props);
-    _this.state = {
-      hasError: false
-    };
-    return _this;
-  }
-  _createClass(ErrorBoundary, [{
-    key: "componentDidCatch",
-    value: function componentDidCatch(error) {
-      const {
-        onError
-      } = this.props;
-      this.setState({
-        hasError: true
-      });
-      if (onError) {
-        onError(error);
-      }
-    }
-  }, {
-    key: "render",
-    value: function render() {
-      const {
-        children
-      } = this.props;
-      const {
-        hasError
-      } = this.state;
-      return !hasError && /*#__PURE__*/_react.default.createElement(RenderChildrenFunction, null, children);
-    }
-  }]);
-  return ErrorBoundary;
-}(_react.Component);
-var _default = ErrorBoundary;
-exports.default = _default;

package/lib/esm/common/utils/xssUtils.js DELETED Viewed

@@ -1,72 +0,0 @@
-import DOMPurify from "dompurify";
-/**
- * Detects potential Cross-Site Scripting (XSS) attacks in text input and sanitizes the content.
- *
- * This function performs comprehensive XSS detection using pattern matching for common attack vectors
- * and then sanitizes the input using DOMPurify with strict configuration. It's designed to protect
- * against various XSS techniques including script injection, event handler injection, style-based
- * attacks, and encoded payloads.
- *
- * Security patterns detected:
- * - JavaScript protocol URLs (javascript:)
- * - HTML event handlers (onmouseover, onclick, etc.)
- * - Script tags (<script>)
- * - CSS expression() functions
- * - CSS url() functions
- * - Position-based CSS attacks (position: fixed/absolute)
- * - VBScript protocol URLs
- * - Data URLs with HTML content
- * - Fragment identifiers with escaped quotes
- * - HTML entity-encoded angle brackets
- *
- * @param text - The input text to be analyzed and sanitized
- * @returns An object containing:
- *   - cleanText: The sanitized version of the input text with all HTML tags and attributes removed
- *   - isXSSDetected: Boolean flag indicating whether potential XSS patterns were found in the original text
- */
-export const detectAndCleanXSS = text => {
-  // Comprehensive array of regular expressions to detect common XSS attack patterns
-  const xssPatterns = [/javascript\s*:/gi,
-  // JavaScript protocol URLs (with optional spaces)
-  /vbscript\s*:/gi,
-  // VBScript protocol URLs (with optional spaces)
-  /on\w+\s*=/gi,
-  // HTML event handlers (onmouseover, onclick, onload, etc.)
-  /<\s*script/gi,
-  // Script tag opening (with optional spaces)
-  /expression\s*\(/gi,
-  // CSS expression() function (IE-specific)
-  /url\s*\(/gi,
-  // CSS url() function
-  /style\s*=.*position\s*:\s*fixed/gi,
-  // CSS position fixed attacks
-  /style\s*=.*position\s*:\s*absolute/gi,
-  // CSS position absolute attacks
-  /data\s*:\s*text\s*\/\s*html/gi,
-  // Data URLs containing HTML
-  /#.*\\"/gi,
-  // Fragment identifiers with escaped quotes
-  /&gt;.*&lt;/gi // HTML entity-encoded angle brackets indicating tag structure
-  ];
-  // Check if any XSS patterns are detected in the input text
-  const isXSSDetected = xssPatterns.some(pattern => pattern.test(text));
-  // Clean the text using DOMPurify with strict config
-  const cleanText = DOMPurify.sanitize(text, {
-    ALLOWED_TAGS: [],
-    // No HTML tags allowed in title
-    ALLOWED_ATTR: [],
-    KEEP_CONTENT: true,
-    // Keep text content
-    ALLOW_DATA_ATTR: false,
-    ALLOW_UNKNOWN_PROTOCOLS: false,
-    SANITIZE_DOM: true,
-    FORCE_BODY: false
-  });
-  return {
-    cleanText,
-    isXSSDetected
-  };
-};

package/lib/esm/components/errorboundary/ErrorBoundary.js DELETED Viewed

@@ -1,59 +0,0 @@
-function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } }
-function _defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if ("value" in descriptor) descriptor.writable = true; Object.defineProperty(target, _toPropertyKey(descriptor.key), descriptor); } }
-function _createClass(Constructor, protoProps, staticProps) { if (protoProps) _defineProperties(Constructor.prototype, protoProps); if (staticProps) _defineProperties(Constructor, staticProps); Object.defineProperty(Constructor, "prototype", { writable: false }); return Constructor; }
-function _toPropertyKey(arg) { var key = _toPrimitive(arg, "string"); return typeof key === "symbol" ? key : String(key); }
-function _toPrimitive(input, hint) { if (typeof input !== "object" || input === null) return input; var prim = input[Symbol.toPrimitive]; if (prim !== undefined) { var res = prim.call(input, hint || "default"); if (typeof res !== "object") return res; throw new TypeError("@@toPrimitive must return a primitive value."); } return (hint === "string" ? String : Number)(input); }
-function _inherits(subClass, superClass) { if (typeof superClass !== "function" && superClass !== null) { throw new TypeError("Super expression must either be null or a function"); } subClass.prototype = Object.create(superClass && superClass.prototype, { constructor: { value: subClass, writable: true, configurable: true } }); Object.defineProperty(subClass, "prototype", { writable: false }); if (superClass) _setPrototypeOf(subClass, superClass); }
-function _setPrototypeOf(o, p) { _setPrototypeOf = Object.setPrototypeOf ? Object.setPrototypeOf.bind() : function _setPrototypeOf(o, p) { o.__proto__ = p; return o; }; return _setPrototypeOf(o, p); }
-function _createSuper(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
-function _possibleConstructorReturn(self, call) { if (call && (typeof call === "object" || typeof call === "function")) { return call; } else if (call !== void 0) { throw new TypeError("Derived constructors may only return object or undefined"); } return _assertThisInitialized(self); }
-function _assertThisInitialized(self) { if (self === void 0) { throw new ReferenceError("this hasn't been initialised - super() hasn't been called"); } return self; }
-function _isNativeReflectConstruct() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
-function _getPrototypeOf(o) { _getPrototypeOf = Object.setPrototypeOf ? Object.getPrototypeOf.bind() : function _getPrototypeOf(o) { return o.__proto__ || Object.getPrototypeOf(o); }; return _getPrototypeOf(o); }
-import React, { Component } from 'react';
-const RenderChildrenFunction = _ref => {
-  let {
-    children
-  } = _ref;
-  return typeof children === 'function' ? children() : children;
-};
-let ErrorBoundary = /*#__PURE__*/function (_Component) {
-  _inherits(ErrorBoundary, _Component);
-  var _super = _createSuper(ErrorBoundary);
-  function ErrorBoundary(props) {
-    var _this;
-    _classCallCheck(this, ErrorBoundary);
-    _this = _super.call(this, props);
-    _this.state = {
-      hasError: false
-    };
-    return _this;
-  }
-  _createClass(ErrorBoundary, [{
-    key: "componentDidCatch",
-    value: function componentDidCatch(error) {
-      const {
-        onError
-      } = this.props;
-      this.setState({
-        hasError: true
-      });
-      if (onError) {
-        onError(error);
-      }
-    }
-  }, {
-    key: "render",
-    value: function render() {
-      const {
-        children
-      } = this.props;
-      const {
-        hasError
-      } = this.state;
-      return !hasError && /*#__PURE__*/React.createElement(RenderChildrenFunction, null, children);
-    }
-  }]);
-  return ErrorBoundary;
-}(Component);
-export default ErrorBoundary;

package/lib/types/common/utils/xssUtils.d.ts DELETED Viewed

@@ -1,29 +0,0 @@
-/**
- * Detects potential Cross-Site Scripting (XSS) attacks in text input and sanitizes the content.
- *
- * This function performs comprehensive XSS detection using pattern matching for common attack vectors
- * and then sanitizes the input using DOMPurify with strict configuration. It's designed to protect
- * against various XSS techniques including script injection, event handler injection, style-based
- * attacks, and encoded payloads.
- *
- * Security patterns detected:
- * - JavaScript protocol URLs (javascript:)
- * - HTML event handlers (onmouseover, onclick, etc.)
- * - Script tags (<script>)
- * - CSS expression() functions
- * - CSS url() functions
- * - Position-based CSS attacks (position: fixed/absolute)
- * - VBScript protocol URLs
- * - Data URLs with HTML content
- * - Fragment identifiers with escaped quotes
- * - HTML entity-encoded angle brackets
- *
- * @param text - The input text to be analyzed and sanitized
- * @returns An object containing:
- *   - cleanText: The sanitized version of the input text with all HTML tags and attributes removed
- *   - isXSSDetected: Boolean flag indicating whether potential XSS patterns were found in the original text
- */
-export declare const detectAndCleanXSS: (text: string) => {
-    cleanText: string;
-    isXSSDetected: boolean;
-};

package/lib/types/components/errorboundary/ErrorBoundary.d.ts DELETED Viewed

@@ -1,14 +0,0 @@
-import React, { Component } from 'react';
-interface ErrorBoundaryProps {
-    children: React.ReactNode | (() => React.ReactNode);
-    onError?: (error: Error) => void;
-}
-interface ErrorBoundaryState {
-    hasError: boolean;
-}
-declare class ErrorBoundary extends Component<ErrorBoundaryProps, ErrorBoundaryState> {
-    constructor(props: ErrorBoundaryProps);
-    componentDidCatch(error: Error): void;
-    render(): false | React.JSX.Element;
-}
-export default ErrorBoundary;