JavaScript errors when entering chat with a question with a quotation mark.


Status Graveyard
9 years ago
5 years ago


(Reporter: Andrew Cook, Assigned: zzxc)





(1 attachment)



9 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre; .NET CLR 3.5; ffco7) Gecko/20090508 Minefield/3.6a1pre
Build Identifier: 

When I try to use Live Chat on SUMO and type something into the question field that includes a quotation mark ('), then when the main chat window loads my chats aren't sent to the helper, the helper's chats aren't sent to me, and the helper's name does not appear.

Looking at the error console shows what it believes is a line not terminated by a semicolon. Instead it's an unmatched ' mark which mangles the JavaScript after it. The console also shows functions as undefined; these functions are hidden in the screwy strings.

The error appears to be caused by improper escaping of the question field when JSP injects the transcript URL (for me to visit after the chat finishes) in chatmain.jsp in the JavaScript showTranscriptWindow function.

I checked upstream ( and it doesn't look like the bug is there, but in SUMO-specific customizations, somewhere around line #224.

Reproducible: Always

Steps to Reproduce:
1. Go to while chat is open.
2. Click Foxkeh.
3. Enter information into the fields, using a ' mark in the Question field.
4. Wait in the queue.
Some time later, a chat window appears.
Actual Results:  
The chat window that appears is blank and nonfunctional. Although you can read what you type, you can't see what the helper types and the helper can't see what you type.

Expected Results:  
The chat window that appears should be fully functional, listing a helper's name at the top and allowing chats back-and-forth.

Comment 1

9 years ago
Thanks for catching this!  This is likely the source of a lot of user disconnections.  The version of this code used on SUMO is at

Adding support for CSAT surveys added extra variables to this url, but the url itself is enclosed with '' instead of "".  This results in the javascript error you found, since single quotes aren't url encoded.  Changing to double quotes here (and at should fix this.
Assignee: nobody → bugs
Severity: normal → major
Ever confirmed: true
Target Milestone: --- → 1.1

Comment 2

9 years ago
Created attachment 376566 [details] [diff] [review]
Fix the bug
Attachment #376566 - Flags: review?


9 years ago
Attachment #376566 - Flags: review? → review?(ozten.bugs)


9 years ago
Attachment #376566 - Flags: review?(ozten.bugs) → review+

Comment 3

9 years ago
Comment on attachment 376566 [details] [diff] [review]
Fix the bug

Patch looks good. I didn't not test.

Comment 4

9 years ago
Fixed r25608
Last Resolved: 9 years ago
Resolution: --- → FIXED
Component: Chat → Chat
Product: → Graveyard
You need to log in before you can comment on or make changes to this bug.