microsoft/simplechat v0.241.007

v0.241.007

Repository: microsoft/simplechat

Tag: v0.241.007

Published: 2026-05-07T21:57:41Z

Prerelease: no

Release notes:

v0.241.007

New Feature

• Improved Mobile UI Support

Bug Fixes

• Uploaded File Preview Body XSS Hardening
• Fixed the uploaded-file preview modal so stored file bodies no longer reach the preview pane through raw HTML sinks.
• Plain-text previews now render as inert preformatted text, CSV-backed previews are built with DOM text nodes, and legacy HTML-backed table payloads now fall back to inert text instead of live markup.
• Added focused functional and UI regression coverage plus versioned fix documentation for the hardened preview path.
• (Ref: chat-input-actions.js, test_uploaded_file_preview_xss_fix.py, test_uploaded_file_preview_escaping.py, UPLOADED_FILE_PREVIEW_XSS_FIX.md)

• Public Workspace Tag Color XSS Hardening
• Fixed the public workspace tag surfaces so stored tag colors no longer reach folder-grid actions, tag badges, tag management rows, or selected-tag chips through inline handler or style interpolation.
• Shared tag helper paths now normalize and validate tag colors on create and update across personal, group, and public routes, and previously stored invalid colors fall back to safe deterministic values on read.
• Added focused functional and UI regression coverage plus versioned fix documentation for the hardened public tag rendering path.
• (Ref: functions_documents.py, route_backend_documents.py, route_backend_group_documents.py, route_backend_public_documents.py, public_workspace.js, test_public_workspace_tag_color_xss_fix.py, test_public_workspace_tag_color_rendering.py, PUBLIC_WORKSPACE_TAG_COLOR_XSS_FIX.md)

• Agent Template Gallery Actions Escaping
• Fixed the agent template gallery so stored actions_to_load values no longer reach the recommended-actions row through a raw HTML sink.
• Agent template helper paths now normalize actions_to_load consistently on read, create, and update flows, and invalid write payload shapes are rejected before they can persist.
• Added focused functional and UI regression coverage plus versioned fix documentation for the hardened gallery path.
• (Ref: agent_templates_gallery.js, functions_agent_templates.py, test_agent_template_gallery_actions_to_load_xss_fix.py, test_agent_template_gallery_actions_escaping.py, AGENT_TEMPLATE_GALLERY_ACTIONS_TO_LOAD_XSS_FIX.md)

• Stored XSS Share, Activity, and Masking Hardening
• Fixed the remaining stored-XSS share-modal flows so attacker-controlled user names, group names, descriptions, emails, and toast content no longer render through inline handlers or raw HTML sinks.
• Hardened the group activity timeline and raw-activity modal so stored activity metadata and serialized activity JSON now render as inert text instead of executable markup.
• Rebuilt masked-range rendering with DOM APIs and bound masking display names to the authenticated server-side user instead of trusting browser-supplied identity fields.
• Added focused functional and UI regression coverage plus versioned fix documentation for the hardened sharing, activity, and masking paths.
• (Ref: chat-toast.js, workspace-documents-sharing.js, group-documents-sharing.js, manage_group.js, chat-messages.js, route_backend_chats.py, test_stored_xss_share_activity_and_masking_fix.py, test_document_share_modal_escaping.py, STORED_XSS_SHARE_ACTIVITY_AND_MASKING_FIX.md)

• Chat Scope Picker and Conversation Details XSS Hardening
• Fixed the chat scope-lock picker so stored group and public workspace names no longer reach the locked-workspaces modal through raw HTML interpolation.
• Hardened the conversation-details modal so attacker-controlled titles, context names, participant labels, document labels, semantic tags, classifications, and scope-lock names render as inert text, and invalid web-source values no longer produce active javascript: links.
• Added focused functional and UI regression coverage plus versioned fix documentation for the affected chat modal surfaces.
• (Ref: chat-documents.js, chat-conversation-details.js, test_stored_xss_chat_scope_and_conversation_details_fix.py, test_chat_scope_lock_and_conversation_details_escaping.py, CHAT_SCOPE_LOCK_AND_CONVERSATION_DETAILS_XSS_FIX.md)

• Chat Citation and Uploaded File Modal Filename XSS Hardening
• Fixed the first-render chat citation modal so attacker-controlled document filenames returned from citation APIs no longer reach the modal header as raw HTML on the first open.
• The uploaded-file preview modal now uses the same safe title-population path, closing the adjacent filename sink before it can regress into the same stored-XSS family.
• Added focused functional and UI regression coverage plus versioned fix documentation for both modal title flows.
• (Ref: chat-citations.js, chat-input-actions.js, test_stored_xss_chat_modal_filename_fix.py, test_chat_modal_filename_escaping.py, CITATION_AND_FILE_MODAL_FILENAME_XSS_FIX.md)

• Stored XSS Agent and Member Rendering Hardening
• Fixed the stored-XSS sink in chat message rendering so agent display names no longer reach the sender header, image header, or metadata drawer as raw HTML.
• Public and group workspace member-management views now escape untrusted member display names and emails before rendering member rows, pending requests, ownership-transfer options, bulk-remove summaries, user-search results, and CSV validation previews, and the public member search no longer embeds untrusted values inside an inline onclick handler.
• /api/userSearch now escapes Microsoft Graph OData filter literals before composing the $filter expression, so apostrophes in search input cannot break the backend Graph query.
• Added focused functional and UI regression coverage plus versioned fix documentation for the hardened chat, workspace member-management, and Graph filter paths.
• (Ref: chat-messages.js, manage_public_workspace.js, manage_group.js, route_backend_users.py, test_stored_xss_chat_workspace_rendering_fix.py, test_public_workspace_member_rendering_escaping.py, test_group_workspace_member_rendering_escaping.py, STORED_XSS_AGENT_AND_MEMBER_RENDERING_FIX.md)

• Chat Selected Document Metadata Authorization Fix
• Fixed chat selected-document metadata resolution so /api/chat, /api/chat/stream, and the selected tabular document helper no longer trust…