Concierge Example - Widget messages - sanitize js from html

Title: expects a string that will be used to lookup entry in localization file (en.yml)

Message: expects html or text

Call to Action: expects html or text

Icon: expects replace-friendly string that will be used as src for icon img tag ('/SCRIPT_LOCATION/foo')

Send Widget Message

If you see any of these console messages, then the test failed, as we were NOT able to sanitize the javascript from the html.

If instead you see this widget popup, and no console errors, then the test succeeded , as we were able to sanitize the javascript from the html.

JavaScript Frameworks

• No Framework
• No Framework with ClearHistory
• ClearHistory From an iFrame
• Without Concierge or CSS
• Without a CSS framework or anything
• Default Custom Data
• Custom Actions
• Custom Actions KbLike
• Custom Actions Sample KbLike
• jQuery - API 1.0
• jQuery - Concierge Ready Predefined
• jQuery - RequireJS
• Dojo
• Mapper
• Security: Widget messages - sanitize js from html
• Security: Cross domain widget messages
• Angular 2+
• Angular 1.x
• React 16.x
• React 16.x via Tag Manager
• Slow Loading Storage Bridge
• Turbolinks
• Load Concierge using onLoad event
• Load Concierge using DomContentLoaded
• Moxie Store
• Form Fields
• UpdatePage
• HTML5 & Javascript Single Page App.
• Rule Criteria Test
• Mobile Testing:
  NOTE: These all use Tailwind CSS, which has a CSS reset (which could affect us)
  • Customer adjusting page themselves:
    • Page is pushed very wide by content
    • Page has body set to position:relative
    • Page body had a min-height
    • Style on the body
    • Classes on the body
    • Style on the html element
    • Classes on the html element
  • Customer resetting page styles with reset libraries:
    • Normalize.css
    • Sanitize.css
    • Reset CSS (Eric Meyer)
    • Reset CSS (Andy Bell)
    • Bootstrap Reboot
  • Different viewport specifications
  • No viewport
  • Viewport with everything
  • Initial Scale
  • Min Scale
  • Max Scale
  • User Scalable: Fixed
  • User Scalable: Zoom
• Content Security Policy (CSP):
  NOTE: be sure to disable all browser extensions before testing, or you may get CSP errors that are not related to us.
  • Simplified List (wild cards)
  • Itemized List (no wild cards)
  • Block All Mixed Content

Example Cross Domain Hosts

• example.qagomoxie.solutions
• crossdome.qagomoxie.solutions
• crossdome2.qagomoxie.solutions
• one.crossdome.qagomoxie.solutions

Certificate Links

• concierge-client.js
• identity-dev.qagomoxie.test
• Queue Status