@microsoft/omnichannel-chat-widget 1.8.1-main.65a1ab5 → 1.8.1-main.83a55ab

package/lib/esm/common/telemetry/loggers/appInsightsLogger.js

@@ -16,14 +16,14 @@ var AllowedKeys;
   AllowedKeys["ElapsedTimeInMilliseconds"] = "DurationInMilliseconds";
 })(AllowedKeys || (AllowedKeys = {}));
 let initializationPromise = null;
-export const appInsightsLogger = (appInsightsKey, disableCookiesUsage) => {
+export const appInsightsLogger = appInsightsKey => {
   const isValidKey = key => {
     const INSTRUMENTATION_KEY_PATTERN = "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}";
     const INSTRUMENTATION_KEY_REGEX = new RegExp(`^${INSTRUMENTATION_KEY_PATTERN}$`);
     const CONNECTION_STRING_REGEX = new RegExp(`^InstrumentationKey=${INSTRUMENTATION_KEY_PATTERN};IngestionEndpoint=https://[a-zA-Z0-9\\-\\.]+\\.applicationinsights\\.azure\\.com/.*`);
     return INSTRUMENTATION_KEY_REGEX.test(key) || CONNECTION_STRING_REGEX.test(key);
   };
-  const initializeAppInsights = async (appInsightsKey, disableCookiesUsage) => {
+  const initializeAppInsights = async appInsightsKey => {
     if (!window.appInsights && appInsightsKey) {
       if (!isValidKey(appInsightsKey)) {
         TelemetryHelper.logActionEvent(LogLevel.ERROR, {
@@ -45,8 +45,7 @@ export const appInsightsLogger = (appInsightsKey, disableCookiesUsage) => {
             connectionString: appInsightsKey
           } : {
             instrumentationKey: appInsightsKey
-          }),
-          disableCookiesUsage: disableCookiesUsage
+          })
         };
 
         // Initialize Application Insights instance
@@ -73,7 +72,7 @@ export const appInsightsLogger = (appInsightsKey, disableCookiesUsage) => {
   };
   const logger = async () => {
     if (!initializationPromise) {
-      initializationPromise = initializeAppInsights(appInsightsKey, disableCookiesUsage);
+      initializationPromise = initializeAppInsights(appInsightsKey);
     }
     await initializationPromise;
     return window.appInsights;

package/lib/esm/common/utils/xssUtils.js

@@ -0,0 +1,72 @@
+import DOMPurify from "dompurify";
+
+/**
+ * Detects potential Cross-Site Scripting (XSS) attacks in text input and sanitizes the content.
+ * 
+ * This function performs comprehensive XSS detection using pattern matching for common attack vectors
+ * and then sanitizes the input using DOMPurify with strict configuration. It's designed to protect
+ * against various XSS techniques including script injection, event handler injection, style-based
+ * attacks, and encoded payloads.
+ * 
+ * Security patterns detected:
+ * - JavaScript protocol URLs (javascript:)
+ * - HTML event handlers (onmouseover, onclick, etc.)
+ * - Script tags (<script>)
+ * - CSS expression() functions
+ * - CSS url() functions
+ * - Position-based CSS attacks (position: fixed/absolute)
+ * - VBScript protocol URLs
+ * - Data URLs with HTML content
+ * - Fragment identifiers with escaped quotes
+ * - HTML entity-encoded angle brackets
+ * 
+ * @param text - The input text to be analyzed and sanitized
+ * @returns An object containing:
+ *   - cleanText: The sanitized version of the input text with all HTML tags and attributes removed
+ *   - isXSSDetected: Boolean flag indicating whether potential XSS patterns were found in the original text
+ */
+export const detectAndCleanXSS = text => {
+  // Comprehensive array of regular expressions to detect common XSS attack patterns
+  const xssPatterns = [/javascript\s*:/gi,
+  // JavaScript protocol URLs (with optional spaces)
+  /vbscript\s*:/gi,
+  // VBScript protocol URLs (with optional spaces)
+  /on\w+\s*=/gi,
+  // HTML event handlers (onmouseover, onclick, onload, etc.)
+  /<\s*script/gi,
+  // Script tag opening (with optional spaces)
+  /expression\s*\(/gi,
+  // CSS expression() function (IE-specific)
+  /url\s*\(/gi,
+  // CSS url() function
+  /style\s*=.*position\s*:\s*fixed/gi,
+  // CSS position fixed attacks
+  /style\s*=.*position\s*:\s*absolute/gi,
+  // CSS position absolute attacks
+  /data\s*:\s*text\s*\/\s*html/gi,
+  // Data URLs containing HTML
+  /#.*\\"/gi,
+  // Fragment identifiers with escaped quotes
+  /&gt;.*&lt;/gi // HTML entity-encoded angle brackets indicating tag structure
+  ];
+
+  // Check if any XSS patterns are detected in the input text
+  const isXSSDetected = xssPatterns.some(pattern => pattern.test(text));
+
+  // Clean the text using DOMPurify with strict config
+  const cleanText = DOMPurify.sanitize(text, {
+    ALLOWED_TAGS: [],
+    // No HTML tags allowed in title
+    ALLOWED_ATTR: [],
+    KEEP_CONTENT: true,
+    // Keep text content
+    ALLOW_DATA_ATTR: false,
+    ALLOW_UNKNOWN_PROTOCOLS: false,
+    SANITIZE_DOM: true,
+    FORCE_BODY: false
+  });
+  return {
+    cleanText,
+    isXSSDetected
+  };
+};

package/lib/esm/common/utils.js

@@ -385,6 +385,9 @@ export const getConversationDetailsCall = async function (facadeChatSDK) {
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 export const checkContactIdError = e => {
+  TelemetryHelper.logSDKEvent(LogLevel.ERROR, {
+    Event: TelemetryEvent.CheckContactIdError
+  });
   if ((e === null || e === void 0 ? void 0 : e.message) === ChatSDKErrorName.AuthContactIdNotFoundFailure) {
     const contactIdNotFoundErrorEvent = {
       eventName: BroadcastEvent.ContactIdNotFound,

package/lib/esm/components/errorboundary/ErrorBoundary.js

@@ -0,0 +1,59 @@
+function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } }
+function _defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if ("value" in descriptor) descriptor.writable = true; Object.defineProperty(target, _toPropertyKey(descriptor.key), descriptor); } }
+function _createClass(Constructor, protoProps, staticProps) { if (protoProps) _defineProperties(Constructor.prototype, protoProps); if (staticProps) _defineProperties(Constructor, staticProps); Object.defineProperty(Constructor, "prototype", { writable: false }); return Constructor; }
+function _toPropertyKey(arg) { var key = _toPrimitive(arg, "string"); return typeof key === "symbol" ? key : String(key); }
+function _toPrimitive(input, hint) { if (typeof input !== "object" || input === null) return input; var prim = input[Symbol.toPrimitive]; if (prim !== undefined) { var res = prim.call(input, hint || "default"); if (typeof res !== "object") return res; throw new TypeError("@@toPrimitive must return a primitive value."); } return (hint === "string" ? String : Number)(input); }
+function _inherits(subClass, superClass) { if (typeof superClass !== "function" && superClass !== null) { throw new TypeError("Super expression must either be null or a function"); } subClass.prototype = Object.create(superClass && superClass.prototype, { constructor: { value: subClass, writable: true, configurable: true } }); Object.defineProperty(subClass, "prototype", { writable: false }); if (superClass) _setPrototypeOf(subClass, superClass); }
+function _setPrototypeOf(o, p) { _setPrototypeOf = Object.setPrototypeOf ? Object.setPrototypeOf.bind() : function _setPrototypeOf(o, p) { o.__proto__ = p; return o; }; return _setPrototypeOf(o, p); }
+function _createSuper(Derived) { var hasNativeReflectConstruct = _isNativeReflectConstruct(); return function _createSuperInternal() { var Super = _getPrototypeOf(Derived), result; if (hasNativeReflectConstruct) { var NewTarget = _getPrototypeOf(this).constructor; result = Reflect.construct(Super, arguments, NewTarget); } else { result = Super.apply(this, arguments); } return _possibleConstructorReturn(this, result); }; }
+function _possibleConstructorReturn(self, call) { if (call && (typeof call === "object" || typeof call === "function")) { return call; } else if (call !== void 0) { throw new TypeError("Derived constructors may only return object or undefined"); } return _assertThisInitialized(self); }
+function _assertThisInitialized(self) { if (self === void 0) { throw new ReferenceError("this hasn't been initialised - super() hasn't been called"); } return self; }
+function _isNativeReflectConstruct() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
+function _getPrototypeOf(o) { _getPrototypeOf = Object.setPrototypeOf ? Object.getPrototypeOf.bind() : function _getPrototypeOf(o) { return o.__proto__ || Object.getPrototypeOf(o); }; return _getPrototypeOf(o); }
+import React, { Component } from 'react';
+const RenderChildrenFunction = _ref => {
+  let {
+    children
+  } = _ref;
+  return typeof children === 'function' ? children() : children;
+};
+let ErrorBoundary = /*#__PURE__*/function (_Component) {
+  _inherits(ErrorBoundary, _Component);
+  var _super = _createSuper(ErrorBoundary);
+  function ErrorBoundary(props) {
+    var _this;
+    _classCallCheck(this, ErrorBoundary);
+    _this = _super.call(this, props);
+    _this.state = {
+      hasError: false
+    };
+    return _this;
+  }
+  _createClass(ErrorBoundary, [{
+    key: "componentDidCatch",
+    value: function componentDidCatch(error) {
+      const {
+        onError
+      } = this.props;
+      this.setState({
+        hasError: true
+      });
+      if (onError) {
+        onError(error);
+      }
+    }
+  }, {
+    key: "render",
+    value: function render() {
+      const {
+        children
+      } = this.props;
+      const {
+        hasError
+      } = this.state;
+      return !hasError && /*#__PURE__*/React.createElement(RenderChildrenFunction, null, children);
+    }
+  }]);
+  return ErrorBoundary;
+}(Component);
+export default ErrorBoundary;

package/lib/esm/components/livechatwidget/LiveChatWidget.js

@@ -1,7 +1,8 @@
-import React, { useReducer, useState } from "react";
+import React, { useEffect, useReducer, useState } from "react";
 import { ChatAdapterStore } from "../../contexts/ChatAdapterStore";
 import { ChatContextStore } from "../../contexts/ChatContextStore";
 import { ChatSDKStore } from "../../contexts/ChatSDKStore";
+import ErrorBoundary from "../errorboundary/ErrorBoundary";
 import { FacadeChatSDK } from "../../common/facades/FacadeChatSDK";
 import { FacadeChatSDKStore } from "../../contexts/FacadeChatSDKStore";
 import LiveChatWidgetStateful from "./livechatwidgetstateful/LiveChatWidgetStateful";
@@ -10,6 +11,8 @@ import { getLiveChatWidgetContextInitialState } from "../../contexts/common/Live
 import { getMockChatSDKIfApplicable } from "./common/getMockChatSDKIfApplicable";
 import { isNullOrUndefined } from "../../common/utils";
 import overridePropsOnMockIfApplicable from "./common/overridePropsOnMockIfApplicable";
+import { registerTelemetryLoggers } from "./common/registerTelemetryLoggers";
+import { logWidgetLoadWithUnexpectedError } from "./common/startChatErrorHandler";
 export const LiveChatWidget = props => {
   var _props$mock, _props$featureConfigP, _props$chatConfig, _props$chatConfig$Liv;
   const reducer = createReducer();
@@ -37,7 +40,14 @@ export const LiveChatWidget = props => {
       "isSDKMocked": !isNullOrUndefined(props === null || props === void 0 ? void 0 : (_props$mock2 = props.mock) === null || _props$mock2 === void 0 ? void 0 : _props$mock2.type)
     }, disableReauthentication));
   }
-  return /*#__PURE__*/React.createElement(FacadeChatSDKStore.Provider, {
+  useEffect(() => {
+    registerTelemetryLoggers(props, dispatch);
+  }, [dispatch]);
+  return /*#__PURE__*/React.createElement(ErrorBoundary, {
+    onError: error => {
+      logWidgetLoadWithUnexpectedError(error);
+    }
+  }, /*#__PURE__*/React.createElement(FacadeChatSDKStore.Provider, {
     value: [facadeChatSDK, setFacadeChatSDK]
   }, /*#__PURE__*/React.createElement(ChatSDKStore.Provider, {
     value: chatSDK
@@ -45,6 +55,6 @@ export const LiveChatWidget = props => {
     value: [adapter, setAdapter]
   }, /*#__PURE__*/React.createElement(ChatContextStore.Provider, {
     value: [state, dispatch]
-  }, /*#__PURE__*/React.createElement(LiveChatWidgetStateful, props)))));
+  }, /*#__PURE__*/React.createElement(LiveChatWidgetStateful, props))))));
 };
 export default LiveChatWidget;

package/lib/esm/components/livechatwidget/common/reconnectChatHelper.js

@@ -67,6 +67,10 @@ const getChatReconnectContext = async (facadeChatSDK, chatConfig, props, isAuthe
       // AuthToken will be reset later at start chat
       removeAuthTokenProvider(facadeChatSDK.getChatSDK());
     }
+    TelemetryHelper.logSDKEvent(LogLevel.INFO, {
+      Event: TelemetryEvent.GetChatReconnectContextSDKCallSucceeded,
+      Description: "Reconnect context SDK call succeeded"
+    });
     return reconnectChatContext;
   }
   // eslint-disable-next-line @typescript-eslint/no-explicit-any

package/lib/esm/components/livechatwidget/common/startChat.js

@@ -307,13 +307,7 @@ const canConnectToExistingChat = async (props, facadeChatSDK, state, dispatch, s
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 const setCustomContextParams = async (state, props) => {
-  var _props$chatConfig, _props$chatConfig$Liv, _state$domainStates8, _persistedState$domai8;
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  const isAuthenticatedChat = props !== null && props !== void 0 && (_props$chatConfig = props.chatConfig) !== null && _props$chatConfig !== void 0 && (_props$chatConfig$Liv = _props$chatConfig.LiveChatConfigAuthSettings) !== null && _props$chatConfig$Liv !== void 0 && _props$chatConfig$Liv.msdyn_javascriptclientfunction ? true : false;
-  //Should not set custom context for auth chat
-  if (isAuthenticatedChat) {
-    return;
-  }
+  var _state$domainStates8, _persistedState$domai8;
   if (state !== null && state !== void 0 && (_state$domainStates8 = state.domainStates) !== null && _state$domainStates8 !== void 0 && _state$domainStates8.customContext) {
     var _state$domainStates9;
     optionalParams = Object.assign({}, optionalParams, {

package/lib/esm/components/livechatwidget/common/startChatErrorHandler.js

@@ -141,6 +141,34 @@ const logWidgetLoadCompleteWithError = ex => {
     ElapsedTimeInMilliseconds: TelemetryTimers === null || TelemetryTimers === void 0 ? void 0 : (_TelemetryTimers$Widg3 = TelemetryTimers.WidgetLoadTimer) === null || _TelemetryTimers$Widg3 === void 0 ? void 0 : _TelemetryTimers$Widg3.milliSecondsElapsed
   });
 };
+export const logWidgetLoadWithUnexpectedError = ex => {
+  var _TelemetryTimers$Widg4;
+  // eslint-disable-line @typescript-eslint/no-explicit-any
+  const details = {
+    message: (ex === null || ex === void 0 ? void 0 : ex.message) || "An unexpected error occurred",
+    stack: (ex === null || ex === void 0 ? void 0 : ex.stack) || "No stack trace available"
+  };
+  let additionalDetails = "";
+  try {
+    additionalDetails = JSON.stringify(details);
+  } catch (error) {
+    additionalDetails = "Failed to stringify error details";
+  }
+
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const exDetails = {
+    Exception: `Widget load with unexpected error: ${additionalDetails}`
+  };
+  if (ex !== null && ex !== void 0 && ex.httpResponseStatusCode) {
+    exDetails.HttpResponseStatusCode = ex.httpResponseStatusCode;
+  }
+  TelemetryHelper.logLoadingEventToAllTelemetry(LogLevel.ERROR, {
+    Event: TelemetryEvent.WidgetLoadFailed,
+    Description: "Widget load with unexpected error",
+    ExceptionDetails: exDetails,
+    ElapsedTimeInMilliseconds: TelemetryTimers === null || TelemetryTimers === void 0 ? void 0 : (_TelemetryTimers$Widg4 = TelemetryTimers.WidgetLoadTimer) === null || _TelemetryTimers$Widg4 === void 0 ? void 0 : _TelemetryTimers$Widg4.milliSecondsElapsed
+  });
+};
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 const forceEndChat = facadeChatSDK => {

package/lib/esm/components/livechatwidget/livechatwidgetstateful/LiveChatWidgetStateful.js

@@ -48,7 +48,6 @@ import { initCallingSdk } from "../common/initCallingSdk";
 import { initConfirmationPropsComposer } from "../common/initConfirmationPropsComposer";
 import { initWebChatComposer } from "../common/initWebChatComposer";
 import { registerBroadcastServiceForStorage } from "../../../common/storage/default/defaultCacheManager";
-import { registerTelemetryLoggers } from "../common/registerTelemetryLoggers";
 import { setPostChatContextAndLoadSurvey } from "../common/setPostChatContextAndLoadSurvey";
 import { startProactiveChat } from "../common/startProactiveChat";
 import useChatAdapterStore from "../../../hooks/useChatAdapterStore";
@@ -75,6 +74,7 @@ export const LiveChatWidgetStateful = props => {
   const [facadeChatSDK] = useFacadeSDKStore();
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
   const [voiceVideoCallingSDK, setVoiceVideoCallingSDK] = useState(undefined);
+  const [conversationId, setConversationId] = useState("");
   const {
     Composer
   } = Components;
@@ -220,7 +220,6 @@ export const LiveChatWidgetStateful = props => {
     state.domainStates.confirmationPaneConfirmedOptionClicked = false;
     state.domainStates.confirmationState = ConfirmationState.NotSet;
     setupClientDataStore();
-    registerTelemetryLoggers(props, dispatch);
     createInternetConnectionChangeHandler(state);
     dispatch({
       type: LiveChatWidgetActionType.SET_WIDGET_ELEMENT_ID,
@@ -570,6 +569,14 @@ export const LiveChatWidgetStateful = props => {
       });
     });
 
+    // Retrieve convId
+    BroadcastService.getMessageByEventName(BroadcastEvent.UpdateConversationDataForTelemetry).subscribe(msg => {
+      var _msg$payload11, _msg$payload11$liveWo;
+      if ((_msg$payload11 = msg.payload) !== null && _msg$payload11 !== void 0 && (_msg$payload11$liveWo = _msg$payload11.liveWorkItem) !== null && _msg$payload11$liveWo !== void 0 && _msg$payload11$liveWo.conversationId) {
+        setConversationId(msg.payload.liveWorkItem.conversationId);
+      }
+    });
+
     // Check for TPC and log in telemetry if blocked
     isCookieAllowed();
     return () => {
@@ -912,6 +919,8 @@ export const LiveChatWidgetStateful = props => {
   }, livechatProps.callingContainerProps)), !((_livechatProps$contro11 = livechatProps.controlProps) !== null && _livechatProps$contro11 !== void 0 && _livechatProps$contro11.hideWebChatContainer) && shouldShowWebChatContainer(state) && (decodeComponentString((_livechatProps$compon9 = livechatProps.componentOverrides) === null || _livechatProps$compon9 === void 0 ? void 0 : _livechatProps$compon9.webChatContainer) || /*#__PURE__*/React.createElement(WebChatContainerStateful, livechatProps)), !((_livechatProps$contro12 = livechatProps.controlProps) !== null && _livechatProps$contro12 !== void 0 && _livechatProps$contro12.hideConfirmationPane) && shouldShowConfirmationPane(state) && (decodeComponentString((_livechatProps$compon10 = livechatProps.componentOverrides) === null || _livechatProps$compon10 === void 0 ? void 0 : _livechatProps$compon10.confirmationPane) || /*#__PURE__*/React.createElement(ConfirmationPaneStateful, _extends({}, confirmationPaneProps, {
     setPostChatContext: setPostChatContextRelay,
     prepareEndChat: prepareEndChatRelay
-  }))), !((_livechatProps$contro13 = livechatProps.controlProps) !== null && _livechatProps$contro13 !== void 0 && _livechatProps$contro13.hidePostChatLoadingPane) && shouldShowPostChatLoadingPane(state) && (decodeComponentString((_livechatProps$compon11 = livechatProps.componentOverrides) === null || _livechatProps$compon11 === void 0 ? void 0 : _livechatProps$compon11.postChatLoadingPane) || /*#__PURE__*/React.createElement(PostChatLoadingPaneStateful, livechatProps.postChatLoadingPaneProps)), shouldShowPostChatSurveyPane(state) && (decodeComponentString((_livechatProps$compon12 = livechatProps.componentOverrides) === null || _livechatProps$compon12 === void 0 ? void 0 : _livechatProps$compon12.postChatSurveyPane) || /*#__PURE__*/React.createElement(PostChatSurveyPaneStateful, _extends({}, livechatProps.postChatSurveyPaneProps, livechatProps.chatSDK))), createFooter(livechatProps, state), shouldShowEmailTranscriptPane(state) && (decodeComponentString((_livechatProps$compon13 = livechatProps.componentOverrides) === null || _livechatProps$compon13 === void 0 ? void 0 : _livechatProps$compon13.emailTranscriptPane) || /*#__PURE__*/React.createElement(EmailTranscriptPaneStateful, livechatProps.emailTranscriptPane))))));
+  }))), !((_livechatProps$contro13 = livechatProps.controlProps) !== null && _livechatProps$contro13 !== void 0 && _livechatProps$contro13.hidePostChatLoadingPane) && shouldShowPostChatLoadingPane(state) && (decodeComponentString((_livechatProps$compon11 = livechatProps.componentOverrides) === null || _livechatProps$compon11 === void 0 ? void 0 : _livechatProps$compon11.postChatLoadingPane) || /*#__PURE__*/React.createElement(PostChatLoadingPaneStateful, livechatProps.postChatLoadingPaneProps)), shouldShowPostChatSurveyPane(state) && (decodeComponentString((_livechatProps$compon12 = livechatProps.componentOverrides) === null || _livechatProps$compon12 === void 0 ? void 0 : _livechatProps$compon12.postChatSurveyPane) || /*#__PURE__*/React.createElement(PostChatSurveyPaneStateful, _extends({}, livechatProps.postChatSurveyPaneProps, livechatProps.chatSDK, {
+    customerVoiceSurveyCorrelationId: conversationId
+  }))), createFooter(livechatProps, state), shouldShowEmailTranscriptPane(state) && (decodeComponentString((_livechatProps$compon13 = livechatProps.componentOverrides) === null || _livechatProps$compon13 === void 0 ? void 0 : _livechatProps$compon13.emailTranscriptPane) || /*#__PURE__*/React.createElement(EmailTranscriptPaneStateful, livechatProps.emailTranscriptPane))))));
 };
 export default LiveChatWidgetStateful;

package/lib/esm/components/ooohpanestateful/OOOHPaneStateful.js

@@ -1,12 +1,13 @@
 import { LogLevel, TelemetryEvent } from "../../common/telemetry/TelemetryConstants";
 import React, { useEffect } from "react";
 import { createTimer, findAllFocusableElement } from "../../common/utils";
-import DOMPurify from "dompurify";
 import { OutOfOfficeHoursPane } from "@microsoft/omnichannel-chat-components";
 import { TelemetryHelper } from "../../common/telemetry/TelemetryHelper";
 import { defaultGeneralStyleProps } from "./common/defaultStyleProps/defaultgeneralOOOHPaneStyleProps";
+import { detectAndCleanXSS } from "../../common/utils/xssUtils";
 import useChatContextStore from "../../hooks/useChatContextStore";
 let uiTimer;
+const OOOHPaneTitleText = "Thanks for contacting us. You have reached us outside of our operating hours. An agent will respond when we open.";
 export const OutOfOfficeHoursPaneStateful = props => {
   var _props$styleProps;
   useEffect(() => {
@@ -45,8 +46,28 @@ export const OutOfOfficeHoursPaneStateful = props => {
       ElapsedTimeInMilliseconds: uiTimer.milliSecondsElapsed
     });
   }, []);
+
+  // Enhanced titleText sanitization
   if (controlProps !== null && controlProps !== void 0 && controlProps.titleText) {
-    controlProps.titleText = DOMPurify.sanitize(controlProps.titleText);
+    const {
+      cleanText,
+      isXSSDetected
+    } = detectAndCleanXSS(controlProps.titleText);
+    if (!isXSSDetected) {
+      // replace with the sanitized text
+      controlProps.titleText = cleanText;
+    } else {
+      TelemetryHelper.logLoadingEventToAllTelemetry(LogLevel.WARN, {
+        Event: TelemetryEvent.XSSTextDetected,
+        Description: "Potential XSS attempt detected in titleText",
+        CustomProperties: {
+          originalText: controlProps.titleText.substring(0, 100),
+          // Log first 100 chars for analysis
+          cleanedText: cleanText.substring(0, 100)
+        }
+      });
+      controlProps.titleText = OOOHPaneTitleText;
+    }
   }
   return /*#__PURE__*/React.createElement(OutOfOfficeHoursPane, {
     componentOverrides: props.componentOverrides,

package/lib/esm/components/postchatsurveypanestateful/PostChatSurveyPaneStateful.js

@@ -9,13 +9,14 @@ import { defaultGeneralPostChatSurveyPaneStyleProps } from "./common/defaultStyl
 import { findAllFocusableElement } from "../../common/utils";
 import useChatContextStore from "../../hooks/useChatContextStore";
 import isValidSurveyUrl from "./common/isValidSurveyUrl";
-const generateSurveyInviteLink = function (surveyInviteLink, isEmbed, locale, compact) {
-  let showMultiLingual = arguments.length > 4 && arguments[4] !== undefined ? arguments[4] : false;
+const generateSurveyInviteLink = function (surveyInviteLink, isEmbed, locale, compact, customerVoiceSurveyCorrelationId) {
+  let showMultiLingual = arguments.length > 5 && arguments[5] !== undefined ? arguments[5] : false;
   const surveyLinkParams = new URLSearchParams({
     embed: isEmbed.toString(),
     compact: (compact ?? true).toString(),
     lang: locale ?? "en-us",
-    showmultilingual: (showMultiLingual ?? false).toString()
+    showmultilingual: (showMultiLingual ?? false).toString(),
+    cvResponsePageRequestId: customerVoiceSurveyCorrelationId
   });
   return `${surveyInviteLink}&${surveyLinkParams.toString()}`;
 };
@@ -31,9 +32,9 @@ export const PostChatSurveyPaneStateful = props => {
   // Bot survey enabled
   state.appStates.postChatParticipantType === ParticipantType.Bot) {
     // Only Bot has engaged
-    surveyInviteLink = generateSurveyInviteLink(state.domainStates.postChatContext.botSurveyInviteLink, surveyMode, state.domainStates.postChatContext.botFormsProLocale, props.isCustomerVoiceSurveyCompact ?? true);
+    surveyInviteLink = generateSurveyInviteLink(state.domainStates.postChatContext.botSurveyInviteLink, surveyMode, state.domainStates.postChatContext.botFormsProLocale, props.isCustomerVoiceSurveyCompact ?? true, props.customerVoiceSurveyCorrelationId || "");
   } else {
-    surveyInviteLink = generateSurveyInviteLink(state.domainStates.postChatContext.surveyInviteLink, surveyMode, state.domainStates.postChatContext.formsProLocale, props.isCustomerVoiceSurveyCompact ?? true);
+    surveyInviteLink = generateSurveyInviteLink(state.domainStates.postChatContext.surveyInviteLink, surveyMode, state.domainStates.postChatContext.formsProLocale, props.isCustomerVoiceSurveyCompact ?? true, props.customerVoiceSurveyCorrelationId || "");
   }
   if (props.copilotSurveyContext) {
     surveyInviteLink = `${surveyInviteLink}&mcs_additionalcontext=${JSON.stringify(props.copilotSurveyContext)}`;
@@ -96,6 +97,14 @@ export const PostChatSurveyPaneStateful = props => {
             message: "Customer Voice form response error."
           }
         });
+      } else if (typeof data === "string" && data.startsWith(CustomerVoiceEvents.FormsError)) {
+        TelemetryHelper.logActionEventToAllTelemetry(LogLevel.ERROR, {
+          Event: TelemetryEvent.CustomerVoiceFormsError,
+          Description: "Customer Voice failed to load with forms error.",
+          ExceptionDetails: {
+            message: `Customer Voice forms error details: ${data}`
+          }
+        });
       }
     });
   }, []);

package/lib/esm/components/postchatsurveypanestateful/enums/CustomerVoiceEvents.js

@@ -3,4 +3,5 @@ export let CustomerVoiceEvents;
   CustomerVoiceEvents["ResponsePageLoaded"] = "ResponsePageLoaded";
   CustomerVoiceEvents["FormResponseSubmitted"] = "FormResponseSubmitted";
   CustomerVoiceEvents["FormResponseError"] = "FormResponseError";
+  CustomerVoiceEvents["FormsError"] = "FormsError";
 })(CustomerVoiceEvents || (CustomerVoiceEvents = {}));

package/lib/esm/firstresponselatency/util.js

@@ -64,11 +64,13 @@ export const polyfillMessagePayloadForEvent = (activity, payload, conversationId
   };
 };
 export const getScenarioType = activity => {
-  var _activity$from3, _activity$channelData4, _activity$channelData5;
-  if ((activity === null || activity === void 0 ? void 0 : (_activity$from3 = activity.from) === null || _activity$from3 === void 0 ? void 0 : _activity$from3.role) === Constants.userMessageTag) {
+  var _activity$from3, _activity$channelData4;
+  const role = activity === null || activity === void 0 ? void 0 : (_activity$from3 = activity.from) === null || _activity$from3 === void 0 ? void 0 : _activity$from3.role;
+  const tags = activity === null || activity === void 0 ? void 0 : (_activity$channelData4 = activity.channelData) === null || _activity$channelData4 === void 0 ? void 0 : _activity$channelData4.tags;
+  if (role === Constants.userMessageTag) {
     return ScenarioType.UserSendMessageStrategy;
   }
-  if (activity !== null && activity !== void 0 && (_activity$channelData4 = activity.channelData) !== null && _activity$channelData4 !== void 0 && (_activity$channelData5 = _activity$channelData4.tags) !== null && _activity$channelData5 !== void 0 && _activity$channelData5.includes(Constants.systemMessageTag)) {
+  if (tags && tags.includes(Constants.systemMessageTag) || role === Constants.channelMessageTag) {
     return ScenarioType.SystemMessageStrategy;
   }
   return ScenarioType.ReceivedMessageStrategy;

package/lib/types/common/Constants.d.ts

@@ -3,6 +3,7 @@ export declare class Constants {
     static readonly magicCodeResponseBroadcastChannel = "MagicCodeResponseChannel";
     static readonly systemMessageTag = "system";
     static readonly userMessageTag = "user";
+    static readonly channelMessageTag = "channel";
     static readonly historyMessageTag = "history";
     static readonly agentEndConversationMessageTag = "agentendconversation";
     static readonly supervisorForceCloseMessageTag = "supervisorforceclosedconversation";

package/lib/types/common/telemetry/TelemetryConstants.d.ts

@@ -94,6 +94,8 @@ export declare enum TelemetryEvent {
     DisconnectEndChatSDKCallFailed = "DisconnectEndChatSDKCallFailed",
     GetChatReconnectContextSDKCallStarted = "GetChatReconnectContextSDKCallStarted",
     GetChatReconnectContextSDKCallFailed = "GetChatReconnectContextSDKCallFailed",
+    CheckContactIdError = "checkContactIdError",
+    GetChatReconnectContextSDKCallSucceeded = "GetChatReconnectContextSDKCallSucceeded",
     ParseAdaptiveCardFailed = "ParseAdaptiveCardFailed",
     ClientDataStoreProviderFailed = "ClientDataStoreProviderFailed",
     InMemoryDataStoreFailed = "InMemoryDataStoreFailed",
@@ -161,6 +163,7 @@ export declare enum TelemetryEvent {
     CustomerVoiceResponsePageLoaded = "CustomerVoiceResponsePageLoaded",
     CustomerVoiceFormResponseSubmitted = "CustomerVoiceFormResponseSubmitted",
     CustomerVoiceFormResponseError = "CustomerVoiceFormResponseError",
+    CustomerVoiceFormsError = "CustomerVoiceFormsError",
     BotAuthActivityEmptySasUrl = "BotAuthActivityEmptySasUrl",
     SetBotAuthProviderFetchConfig = "SetBotAuthProviderFetchConfig",
     SetBotAuthProviderHideCard = "SetBotAuthProviderHideCard",
@@ -238,6 +241,7 @@ export declare enum TelemetryEvent {
     UXNotificationPaneCompleted = "UXNotificationPaneCompleted",
     UXOutOfOfficeHoursPaneStart = "UXOutOfOfficeHoursPaneStart",
     UXOutOfOfficeHoursPaneCompleted = "UXOutOfOfficeHoursPaneCompleted",
+    XSSTextDetected = "XSSTextDetected",
     UXPostChatLoadingPaneStart = "UXPostChatLoadingPaneStart",
     UXPostChatLoadingPaneCompleted = "UXPostChatLoadingPaneCompleted",
     UXPrechatPaneStart = "UXPrechatPaneStart",

package/lib/types/common/telemetry/loggers/appInsightsLogger.d.ts

@@ -4,7 +4,7 @@ declare global {
         appInsights?: any;
     }
 }
-export declare const appInsightsLogger: (appInsightsKey: string, disableCookiesUsage: boolean) => IChatSDKLogger;
+export declare const appInsightsLogger: (appInsightsKey: string) => IChatSDKLogger;
 export interface ICustomProperties {
     [key: string]: any;
 }

package/lib/types/common/utils/xssUtils.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Detects potential Cross-Site Scripting (XSS) attacks in text input and sanitizes the content.
+ *
+ * This function performs comprehensive XSS detection using pattern matching for common attack vectors
+ * and then sanitizes the input using DOMPurify with strict configuration. It's designed to protect
+ * against various XSS techniques including script injection, event handler injection, style-based
+ * attacks, and encoded payloads.
+ *
+ * Security patterns detected:
+ * - JavaScript protocol URLs (javascript:)
+ * - HTML event handlers (onmouseover, onclick, etc.)
+ * - Script tags (<script>)
+ * - CSS expression() functions
+ * - CSS url() functions
+ * - Position-based CSS attacks (position: fixed/absolute)
+ * - VBScript protocol URLs
+ * - Data URLs with HTML content
+ * - Fragment identifiers with escaped quotes
+ * - HTML entity-encoded angle brackets
+ *
+ * @param text - The input text to be analyzed and sanitized
+ * @returns An object containing:
+ *   - cleanText: The sanitized version of the input text with all HTML tags and attributes removed
+ *   - isXSSDetected: Boolean flag indicating whether potential XSS patterns were found in the original text
+ */
+export declare const detectAndCleanXSS: (text: string) => {
+    cleanText: string;
+    isXSSDetected: boolean;
+};

package/lib/types/components/errorboundary/ErrorBoundary.d.ts

@@ -0,0 +1,14 @@
+import React, { Component } from 'react';
+interface ErrorBoundaryProps {
+    children: React.ReactNode | (() => React.ReactNode);
+    onError?: (error: Error) => void;
+}
+interface ErrorBoundaryState {
+    hasError: boolean;
+}
+declare class ErrorBoundary extends Component<ErrorBoundaryProps, ErrorBoundaryState> {
+    constructor(props: ErrorBoundaryProps);
+    componentDidCatch(error: Error): void;
+    render(): false | React.JSX.Element;
+}
+export default ErrorBoundary;

package/lib/types/components/livechatwidget/common/startChatErrorHandler.d.ts

@@ -4,3 +4,4 @@ import { ILiveChatWidgetAction } from "../../../contexts/common/ILiveChatWidgetA
 import { ILiveChatWidgetProps } from "../interfaces/ILiveChatWidgetProps";
 export declare const handleStartChatError: (dispatch: Dispatch<ILiveChatWidgetAction>, facadeChatSDK: FacadeChatSDK, props: ILiveChatWidgetProps | undefined, ex: any, isStartChatSuccessful: boolean) => void;
 export declare const logWidgetLoadComplete: (additionalMessage?: string) => void;
+export declare const logWidgetLoadWithUnexpectedError: (ex: any) => void;

package/lib/types/components/postchatsurveypanestateful/enums/CustomerVoiceEvents.d.ts

@@ -1,5 +1,6 @@
 export declare enum CustomerVoiceEvents {
     ResponsePageLoaded = "ResponsePageLoaded",
     FormResponseSubmitted = "FormResponseSubmitted",
-    FormResponseError = "FormResponseError"
+    FormResponseError = "FormResponseError",
+    FormsError = "FormsError"
 }

package/lib/types/components/postchatsurveypanestateful/interfaces/IPostChatSurveyPaneStatefulProps.d.ts

@@ -2,4 +2,5 @@ import { IPostChatSurveyPaneProps } from "@microsoft/omnichannel-chat-components
 export interface IPostChatSurveyPaneStatefulProps extends IPostChatSurveyPaneProps {
     isCustomerVoiceSurveyCompact?: boolean;
     copilotSurveyContext?: Record<string, string>;
+    customerVoiceSurveyCorrelationId?: string;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@microsoft/omnichannel-chat-widget",
-  "version": "1.8.1-main.65a1ab5",
+  "version": "1.8.1-main.83a55ab",
   "description": "Microsoft Omnichannel Chat Widget",
   "main": "lib/cjs/index.js",
   "types": "lib/types/index.d.ts",
@@ -87,7 +87,7 @@
     "@azure/core-tracing": "^1.2.0",
     "@microsoft/applicationinsights-web": "^3.3.6",
     "@microsoft/omnichannel-chat-components": "1.1.12",
-    "@microsoft/omnichannel-chat-sdk": "^1.11.1",
+    "@microsoft/omnichannel-chat-sdk": "^1.11.2",
     "@opentelemetry/api": "^1.9.0",
     "abort-controller": "^3",
     "abort-controller-es5": "^2.0.1",