Skip to content

Commit

Permalink
Merge pull request #80 from webitel/hotfix/sanitize-chat-input
Browse files Browse the repository at this point in the history 
24.08.1 hotfix: sanitize chat input before send [WTEL-5195]
  • Loading branch information
@dlohvinov
dlohvinov authored Oct 1, 2024
2 parents e5646b8 + 3684699 commit 286c5ac
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 10 deletions.
6 changes: 2 additions & 4 deletions src/modules/chat/components/wt-omni-widget-chat-footer/chat-input.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@

<script>
import autosize from 'autosize';
import dompurify from 'dompurify';
import insertTextAtCursor from 'insert-text-at-cursor';
import { mapActions, mapState } from 'vuex';
import ChatFooterActions from './chat-footer-actions.vue';
Expand Down Expand Up @@ -51,13 +50,12 @@ export default {
},
}),
handleInput(value) {
const purifiedValue = dompurify.sanitize(value);
this.setDraft(purifiedValue);
this.setDraft(value);
},
handleEnter(event) {
if (!event.shiftKey && !event.ctrlKey) {
event.preventDefault();
this.sendDraft(event);
this.sendDraft();
}
},
insertEmoji(unicode) {
Expand Down
15 changes: 9 additions & 6 deletions src/modules/chat/store/chat.js
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
import axios from 'axios';
import { objSnakeToCamel } from '@webitel/ui-sdk/src/scripts/caseConverters';
import axios from 'axios';
import dompurify from 'dompurify';
import i18n from '../../../app/locale/i18n';
import MessageEvents from '../../../app/websocket/enums/MessageEvents.enum';
import ChatAPI from '../api/chat';
import Message from '../classes/Message.class';
import MessageType from '../enums/MessageType.enum';
import MessageEvents from '../../../app/websocket/enums/MessageEvents.enum';
import bToMb from '../scripts/bToMb';

const triggerListeners = ({
Expand Down Expand Up @@ -42,7 +43,8 @@ const getters = {
}
return -1;
};
return state.messages.indexOf(message) > findLastIndexOf(state.messages)((msg) => getters.IS_MY_MESSAGE(msg));
return state.messages.indexOf(message) >
findLastIndexOf(state.messages)((msg) => getters.IS_MY_MESSAGE(msg));
},
};

Expand Down Expand Up @@ -175,10 +177,10 @@ const actions = {
},

SEND_DRAFT: async (context) => {
const text = context.state.draft.trim();
if (!text) return; // DO NOT send empty message

try {
const text = dompurify.sanitize(context.state.draft.trim());
if (!text) return; // DO NOT send empty message

const message = await context.dispatch('GENERATE_USER_MESSAGE', {
text,
type: MessageType.TEXT,
Expand All @@ -187,6 +189,7 @@ const actions = {
await context.dispatch('SEND_MESSAGE', { seq: message.seq, message });
await context.dispatch('SET_DRAFT', '');
} catch (err) {
console.info(err);
throw err;
}
},
Expand Down

0 comments on commit 286c5ac

Please sign in to comment.