scottk/chatwoot
1
0
Fork 0
mirror of https://github.com/lingble/chatwoot.git synced 2025-11-14 18:14:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' into feat/voice-channel

Browse Source
This commit is contained in:
Sojan Jose
2025-08-21 18:34:45 +02:00
committed by GitHub
parent 691ab47b6f 1a1dfd09cb
commit 73e10090b9
13 changed files with 292 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
app/javascript/sdk/IFrameHelper.js
View File

@@ -50,35 +50,11 @@ const updateCampaignReadStatus = baseDomain => {
});
};
const sanitizeURL = url => {
if (url === '') return '';
try {
// any invalid url will not be accepted
// example - JaVaScRiP%0at:alert(document.domain)"
// this has an obfuscated javascript protocol
const parsedURL = new URL(url);
// filter out dangerous protocols like `javascript`, `data`, `vbscript`
if (!['https', 'http'].includes(parsedURL.protocol)) {
throw new Error('Invalid Protocol');
}
} catch (e) {
// eslint-disable-next-line no-console
console.error('Invalid URL', e);
}
return 'about:blank'; // blank page URL
};
export const IFrameHelper = {
getUrl({ baseUrl, websiteToken }) {
baseUrl = sanitizeURL(baseUrl);
return `${baseUrl}/widget?website_token=${websiteToken}`;
},
createFrame: ({ baseUrl, websiteToken }) => {
baseUrl = sanitizeURL(baseUrl);
if (IFrameHelper.getAppFrame()) {
return;
}
@@ -126,12 +102,10 @@ export const IFrameHelper = {
window.onmessage = e => {
if (
typeof e.data !== 'string' ||
e.data.indexOf('chatwoot-widget:') !== 0 ||
e.origin !== window.location.origin
e.data.indexOf('chatwoot-widget:') !== 0
) {
return;
}
const message = JSON.parse(e.data.replace('chatwoot-widget:', ''));
if (typeof IFrameHelper.events[message.event] === 'function') {
IFrameHelper.events[message.event](message);
@@ -166,9 +140,7 @@ export const IFrameHelper = {
},
setupAudioListeners: () => {
let { baseUrl = '' } = window.$chatwoot;
baseUrl = sanitizeURL(baseUrl);
const { baseUrl = '' } = window.$chatwoot;
getAlertAudio(baseUrl, { type: 'widget', alertTone: 'ding' }).then(() =>
initOnEvents.forEach(event => {
document.removeEventListener(
@@ -262,7 +234,6 @@ export const IFrameHelper = {
},
popoutChatWindow: ({ baseUrl, websiteToken, locale }) => {
baseUrl = sanitizeURL(baseUrl);
const cwCookie = Cookies.get('cw_conversation');
window.$chatwoot.toggle('close');
popoutChatWindow(baseUrl, websiteToken, locale, cwCookie);