CodeCow/chatwoot
1
0
Fork 0
mirror of https://github.com/chatwoot/chatwoot.git synced 2026-06-04 21:02:35 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
2192af80f4
chatwoot/lib
History
Vishnu Narayanan 2192af80f4
fix: html-escape captured values in helpcenter article markdown embeds (#14140) 
Embed templates interpolate regex captures from user-authored article
URLs into HTML attribute values. CommonMark's angle-bracket link
destination syntax allows characters that the capture regexes don't
filter, so the unescaped substitution could produce malformed attribute
output. Escaping at substitution time keeps the render deterministic
regardless of the URL.

### How was this tested?
Added specs.

Fixes [CW-6934](https://linear.app/chatwoot/issue/CW-6934/)

Co-authored-by: Sony Mathew <sony@chatwoot.com>
Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com>
2026-05-05 17:46:21 +05:30
..
action_view/template/handlers feat: Customisable Email Templates (#1095) 2020-08-06 15:21:06 +05:30
assets Initial Commit 2019-08-14 15:18:44 +05:30
captain fix(captain): localize AI summary to account language (#13790) 2026-04-14 17:36:10 +05:30
custom_exceptions feat(voice): Assignment aware visibility and join conflict for inbound calls (#14333) 2026-04-30 18:38:10 +04:00
events feat: captain decides if conversation should be resolved or kept open (#13336) 2026-03-13 10:03:58 +05:30
filters fix: standardize contact company field on company_name (#14099) 2026-04-27 18:43:26 +05:30
integrations fix: render slack emoji shortcodes as unicode characters (#12928) 2026-04-29 23:19:52 +05:30
linear fix: escape special characters in Linear GraphQL queries (#13490) 2026-02-09 16:18:04 +05:30
llm fix: use committed model registry for RubyLLM (#14067) 2026-04-16 10:28:38 +05:30
redis fix(whatsapp): Prevent duplicate conversations from concurrent uploads (#14060) 2026-04-28 10:30:27 +04:00
safe_fetch fix: [CW-6940] Fix SSRF issue for webhook trigger used by macros and automations (#14155) 2026-04-27 20:30:59 +05:30
seeders Revert "chore: Upgrade Rails to 7.2.2 and update Gemfile dependencies (#11037)" 2026-02-03 21:09:42 -08:00
tasks feat: onboarding account details with enriched data [UPM-17][UPM-18] (#13979) 2026-04-28 10:35:51 +05:30
test_data chore: Generate test data for bulk insertion (#11229) 2025-05-06 11:13:11 +05:30
webhooks fix: [CW-6940] Fix SSRF issue for webhook trigger used by macros and automations (#14155) 2026-04-27 20:30:59 +05:30
base_markdown_renderer.rb fix: oversized email signature images in Letter render (#14144) 2026-04-27 13:31:43 +05:30
chatwoot_app.rb feat: search documentation tool for reply suggestions (#13340) 2026-01-30 16:18:33 +05:30
chatwoot_captcha.rb feat: Add hCaptcha for public forms (#4017) 2022-02-18 20:02:50 +05:30
chatwoot_exception_tracker.rb fix: modify exception tracker to log even if sentry configured (#7563) 2023-07-21 11:58:49 +03:00
chatwoot_hub.rb feat(super-admin): Add push diagnostics tool (#14105) 2026-04-21 15:55:12 +04:00
chatwoot_markdown_renderer.rb fix: Preserve single newlines in outgoing email messages (#14138) 2026-04-28 12:47:03 +04:00
config_loader.rb chore: Add display manifest to whitelabel settings (#8708) 2024-01-16 09:50:23 +04:00
current.rb feat: captain decides if conversation should be resolved or kept open (#13336) 2026-03-13 10:03:58 +05:30
custom_markdown_renderer.rb fix: html-escape captured values in helpcenter article markdown embeds (#14140) 2026-05-05 17:46:21 +05:30
dyte.rb feat: Upgrade Dyte apis to v2 (#10706) 2025-02-19 14:47:48 -08:00
exception_list.rb fix: call authorization_error! on IMAP auth failures (#13560) (revert) (#13671) 2026-02-26 18:45:18 -08:00
global_config_service.rb fix(signup): normalize account signup config checks (#13745) 2026-03-10 16:35:09 +05:30
global_config.rb chore: Add display manifest to whitelabel settings (#8708) 2024-01-16 09:50:23 +04:00
limits.rb feat: Advanced Search Backend (#12917) 2026-01-07 15:30:49 +05:30
linear.rb feat(linear): Support refresh tokens and migrate legacy OAuth tokens (#13721) 2026-03-17 13:09:03 +04:00
llm_constants.rb fix: default model for captain assistant (#13496) 2026-02-10 14:53:53 +05:30
microsoft_graph_auth.rb Revert "feat: Support Azure single-tenant application using the Graph… (#7436) 2023-06-29 16:50:18 -07:00
online_status_tracker.rb perf: reduce presence update frequency and fix background tab throttling (#13726) 2026-03-09 18:23:44 +05:30
opentelemetry_config.rb feat: Add support for Langfuse LLM Tracing via OTEL (#12905) 2025-11-21 16:31:45 -08:00
regex_helper.rb fix: Escape closing bracket in mention regex (#11877) 2025-07-04 10:35:11 +05:30
safe_fetch.rb fix: [CW-6940] Fix SSRF issue for webhook trigger used by macros and automations (#14155) 2026-04-27 20:30:59 +05:30
test_data.rb chore: Generate test data for bulk insertion (#11229) 2025-05-06 11:13:11 +05:30
url_helper.rb fix: Referer URL validation (#4309) 2022-03-30 14:36:22 +05:30
vapid_service.rb chore: Switch to web-push gem (#6390) 2023-02-03 18:55:22 +05:30