This PR includes some specific security related fixes
1. Validate the origin of any message events
2. Sanitize URLs before opening them
---------
Co-authored-by: Pranav <pranav@chatwoot.com>
Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
# Pull Request Template
## Description
This PR allows users to dynamically pass custom welcome and availability
messages, along with UI feature toggles, via `window.chatwootSettings`.
If any of the following settings are provided, the widget will use them;
otherwise, it falls back to default behavior.
**New options:**
```
window.chatwootSettings = {
welcomeTitle: 'Need help?', // Custom widget title
welcomeDescription: 'We’re here to support you.', // Subtitle in the header
availableMessage: 'We’re online and ready to chat!', // Shown when team is online
unavailableMessage: 'We’re currently offline.', // Shown when team is unavailable
enableFileUpload: true, // Enable file attachments
enableEmojiPicker: true, // Enable emoji picker in chat input
enableEndConversation: true // Allow users to end the conversation
}
```
Fixes
https://linear.app/chatwoot/issue/CW-4589/add-options-to-windowchatwootsettings
## Type of change
- [x] New feature (non-breaking change which adds functionality)
## How Has This Been Tested?
### Loom video
https://www.loom.com/share/413fc4aa59384366b071450bd19d1bf8?sid=ff30fb4c-267c-4beb-80ab-d6f583aa960d
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [ ] I have commented on my code, particularly in hard-to-understand
areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream
modules
---------
Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
This PR addresses an issue with the `createNotificationBubble` function, which generates an empty `span` element with the class `woot--notification`. This `span` element is currently not utilized anywhere in the code and lacks associated CSS, leading to an overflow issue, specifically in the Firefox browser. It solves the website overflow issue by removing this unused `span` element. This change is unrelated to the unread notification dot, which is working as before.
Fixes https://linear.app/chatwoot/issue/PR-1098/missing-css-for-woot-notification-div
* feat: add ids to each element
* feat: restore elements for apps that use view transitions
* fix: remove generator check condition
* feat: handle turbolinks
* fix: new body handling
* chore: undo debug changes
This PR will add a new event chatwoot:on-start-conversation to the chat widget, which you can listen to and trigger custom interactions on your end.
Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
* fix: Adds domain option to user cookies set by SDK
* Adds domain to init event from chatwootSettings variable
* Testing multiple domains on heroku
* Updates with sdk from staging
* Removes sdk init code
* Testing why cookie is not getting set
* Cleans up testing code
* Refactors code to fix codeclimate issues
* Update app/javascript/sdk/cookieHelpers.js
Co-authored-by: Shivam Mishra <scm.mymail@gmail.com>
* Adds test cases for setCookieWithDomain
---------
Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
Co-authored-by: Shivam Mishra <scm.mymail@gmail.com>
* Chore: moves localstorage helper as a shared utility and refactors constants
* Refactors constants file
* feat: Hides dismissed campaigns while browsing
* Snoozes all campaigns for an hour after dismissing
* Fixes error with date parsing
* Snooze ongoing campaigns
* Review fixes
---------
Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
* fix: AudioContext warning when loading widget on Chrome
* minor fixes
* Minor fixes
* adds event on document
* Play audio from parent window through SDK
* Adds notification to dashboard
Co-authored-by: Nithin David Thomas <1277421+nithindavid@users.noreply.github.com>
Co-authored-by: Vishnu Narayanan <vishnu@chatwoot.com>
