fix(a2a-core, iframe-app): sanitize chat HTML against XSS, add build version metadata & enable coverage (#8860)

* fix(a2a-core): sanitize HTML output to prevent DOM XSS in Message component

Add DOMPurify sanitization to all dangerouslySetInnerHTML paths in
Message.tsx where marked.parse() and Prism.highlight() output was
rendered without sanitization, allowing XSS via crafted markdown.

- Add sanitizeHtml() utility with strict ALLOWED_TAGS/ATTR whitelist
- Sanitize all 6 dangerouslySetInnerHTML paths in Message.tsx
- Harden marked link renderer to block javascript: URLs
- Add 13 XSS prevention unit tests

MSRC Case 108268 / IcM 31000000555406

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* feat(iframe-app): inject build version metadata for traceability

Add git tag, SHA, branch, and build timestamp to the compiled output:
- <meta name="build-version"> tag in the HTML head
- __BUILD_*__ globals available in JS at runtime
- Console log at app startup with version info

Enables tracing any deployed iframe back to its source tag/commit.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(security): HTML-escape attribute values to prevent XSS

- Escape git metadata (tag, sha, branch) in vite build meta tag injection
- Escape href and title attributes in marked link renderer

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* test(a2a-core): add tests for HTML escaping and sanitization

- Add Message.escapeAttr tests for link attribute escaping
- Add sanitize.test.ts tests for style, form, event handlers, etc.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Update imports

* fix(a2a-core): enable coverage collection in vitest config

Align with other libs by using istanbul provider with enabled: true,
so coverage data is collected during test:lib CI runs.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(a2a-core): fix TypeScript errors in Message test files

- Replace invalid 'delivered' status with 'sent' (MessageStatus type)
- Add missing 'status' property to AuthRequiredPart mock

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* refactor(iframe-app): remove console.info build version log from main.tsx

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: ccastrotrejo

apps/iframe-app/src/global.d.ts

@@ -1,3 +1,9 @@
+declare const __BUILD_VERSION__: string;
+declare const __BUILD_TAG__: string;
+declare const __BUILD_SHA__: string;
+declare const __BUILD_BRANCH__: string;
+declare const __BUILD_TIME__: string;
+
 declare global {
   interface Window {
     LOGGED_IN_USER_NAME?: string;

apps/iframe-app/vite.config.ts

@@ -4,6 +4,45 @@ import type { Plugin } from 'vite';
 import { defineConfig } from 'vite';
 import react from '@vitejs/plugin-react';
 import mkcert from 'vite-plugin-mkcert';
+import { execSync } from 'child_process';
+
+// Resolve git version info at build time
+function getGitVersion(): { tag: string; sha: string; branch: string; buildTime: string } {
+  const run = (cmd: string) => {
+    try {
+      return execSync(cmd, { encoding: 'utf-8' }).trim();
+    } catch {
+      return 'unknown';
+    }
+  };
+  return {
+    tag: run('git describe --tags --abbrev=0 2>/dev/null || echo untagged'),
+    sha: run('git rev-parse --short HEAD'),
+    branch: run('git rev-parse --abbrev-ref HEAD'),
+    buildTime: new Date().toISOString(),
+  };
+}
+
+// HTML-escape a string for safe insertion into HTML attributes
+function escapeHtmlAttr(value: string): string {
+  return value.replace(/&/g, '&amp;').replace(/"/g, '&quot;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+}
+
+// Custom plugin to inject build version as a <meta> tag in HTML
+function injectBuildVersion(version: ReturnType<typeof getGitVersion>): Plugin {
+  return {
+    name: 'inject-build-version',
+    transformIndexHtml(html) {
+      const tag = escapeHtmlAttr(version.tag);
+      const sha = escapeHtmlAttr(version.sha);
+      const branch = escapeHtmlAttr(version.branch);
+      const buildTime = escapeHtmlAttr(version.buildTime);
+      const versionString = `${tag}+${sha}`;
+      const meta = `<meta name="build-version" content="${versionString}" data-tag="${tag}" data-sha="${sha}" data-branch="${branch}" data-build-time="${buildTime}" />`;
+      return html.replace('</head>', `  ${meta}\n</head>`);
+    },
+  };
+}
 
 // Custom plugin to rename index.html to iframe.html after build
 function renameIndexHtml(): Plugin {
@@ -22,27 +61,38 @@ function renameIndexHtml(): Plugin {
   };
 }
 
-export default defineConfig({
-  plugins: [
-    react(),
-    renameIndexHtml(),
-    // Only use mkcert (HTTPS) locally, not in CI or E2E
-    ...(process.env.CI || process.env.E2E ? [] : [mkcert()]),
-  ],
-  base: './', // Use relative paths instead of absolute
-  build: {
-    outDir: 'dist',
-    rollupOptions: {
-      output: {
-        manualChunks: undefined,
-        assetFileNames: '[name]-[hash].[ext]',
-        chunkFileNames: '[name]-[hash].js',
-        entryFileNames: '[name]-[hash].js',
+export default defineConfig(() => {
+  const version = getGitVersion();
+  return {
+    plugins: [
+      react(),
+      injectBuildVersion(version),
+      renameIndexHtml(),
+      // Only use mkcert (HTTPS) locally, not in CI or E2E
+      ...(process.env.CI || process.env.E2E ? [] : [mkcert()]),
+    ],
+    define: {
+      __BUILD_VERSION__: JSON.stringify(`${version.tag}+${version.sha}`),
+      __BUILD_TAG__: JSON.stringify(version.tag),
+      __BUILD_SHA__: JSON.stringify(version.sha),
+      __BUILD_BRANCH__: JSON.stringify(version.branch),
+      __BUILD_TIME__: JSON.stringify(version.buildTime),
+    },
+    base: './', // Use relative paths instead of absolute
+    build: {
+      outDir: 'dist',
+      rollupOptions: {
+        output: {
+          manualChunks: undefined,
+          assetFileNames: '[name]-[hash].[ext]',
+          chunkFileNames: '[name]-[hash].js',
+          entryFileNames: '[name]-[hash].js',
+        },
       },
     },
-  },
-  server: {
-    port: 3001,
-    host: true,
-  },
+    server: {
+      port: 3001,
+      host: true,
+    },
+  };
 });

libs/a2a-core/package.json

@@ -43,10 +43,11 @@
     "@testing-library/user-event": "^14.6.1",
     "@types/events": "^3.0.3",
     "@types/node": "^24.0.12",
+    "@types/dompurify": "3.0.5",
     "@types/prismjs": "^1.26.5",
     "@types/react": "^19.0.0",
     "@types/react-dom": "^19.2.2",
-    "@vitest/coverage-v8": "^3.2.4",
+    "@vitest/coverage-istanbul": "^3.2.4",
     "@vitest/ui": "^3.2.4",
     "jsdom": "^26.1.0",
     "postcss": "^8.5.6",
@@ -69,6 +70,7 @@
   "dependencies": {
     "@fluentui/react-components": "9.70.0",
     "@fluentui/react-icons": "^2.0.306",
+    "dompurify": "3.2.4",
     "eventemitter3": "^5.0.1",
     "idb": "^8.0.3",
     "immer": "^10.1.1",

libs/a2a-core/src/react/components/Message/Message.tsx

@@ -27,6 +27,7 @@ import Prism from 'prismjs';
 import { AuthenticationMessage } from './AuthenticationMessage';
 import { CodeBlockHeader } from './CodeBlockHeader';
 import { getUserFriendlyErrorMessage } from '../../utils/errorUtils';
+import { sanitizeHtml } from '../../../utils/sanitize';
 import 'prismjs/themes/prism.css';
 // Import all Prism language components
 import 'prismjs/components/prism-clike';
@@ -75,12 +76,18 @@ marked.use(
   })
 );
 
+// HTML-escape a string for safe insertion into HTML attributes
+function escapeAttr(value: string): string {
+  return value.replace(/&/g, '&amp;').replace(/"/g, '&quot;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+}
+
 // Configure marked to open links in new tabs
 marked.use({
   renderer: {
     link(href, title, text) {
-      const titleAttr = title ? ` title="${title}"` : '';
-      return `<a href="${href}"${titleAttr} target="_blank" rel="noopener noreferrer">${text}</a>`;
+      const safeHref = href && /^\s*javascript:/i.test(href) ? '#' : escapeAttr(href);
+      const titleAttr = title ? ` title="${escapeAttr(title)}"` : '';
+      return `<a href="${safeHref}"${titleAttr} target="_blank" rel="noopener noreferrer">${text}</a>`;
     },
   },
 });
@@ -495,7 +502,7 @@ function MessageComponent({
                 <pre>
                   <code
                     className={`language-${language}`}
-                    dangerouslySetInnerHTML={{ __html: highlighted }}
+                    dangerouslySetInnerHTML={{ __html: sanitizeHtml(highlighted) }}
                   />
                 </pre>
               </div>
@@ -529,7 +536,7 @@ function MessageComponent({
         // Add content before the code block
         if (match.index > lastIndex) {
           const textContent = message.content.slice(lastIndex, match.index);
-          const html = marked.parse(textContent, { gfm: true, breaks: true }) as string;
+          const html = sanitizeHtml(marked.parse(textContent, { gfm: true, breaks: true }) as string);
           elements.push(
             <div key={`text-${lastIndex}`} dangerouslySetInnerHTML={{ __html: html }} />
           );
@@ -555,7 +562,7 @@ function MessageComponent({
               <pre>
                 <code
                   className={language ? `language-${language}` : ''}
-                  dangerouslySetInnerHTML={{ __html: highlighted }}
+                  dangerouslySetInnerHTML={{ __html: sanitizeHtml(highlighted) }}
                 />
               </pre>
             </div>
@@ -568,13 +575,13 @@ function MessageComponent({
       // Add any remaining content after the last code block
       if (lastIndex < message.content.length) {
         const remainingContent = message.content.slice(lastIndex);
-        const html = marked.parse(remainingContent, { gfm: true, breaks: true }) as string;
+        const html = sanitizeHtml(marked.parse(remainingContent, { gfm: true, breaks: true }) as string);
         elements.push(<div key={`text-${lastIndex}`} dangerouslySetInnerHTML={{ __html: html }} />);
       }
 
       // If no code blocks were found, just return the parsed markdown
       if (elements.length === 0) {
-        const html = marked.parse(message.content, { gfm: true, breaks: true }) as string;
+        const html = sanitizeHtml(marked.parse(message.content, { gfm: true, breaks: true }) as string);
         return <div dangerouslySetInnerHTML={{ __html: html }} />;
       }
 
@@ -720,7 +727,7 @@ function MessageComponent({
                                   <pre>
                                     <code
                                       className={`language-${language}`}
-                                      dangerouslySetInnerHTML={{ __html: highlighted }}
+                                      dangerouslySetInnerHTML={{ __html: sanitizeHtml(highlighted) }}
                                     />
                                   </pre>
                                 </div>

libs/a2a-core/src/react/components/Message/__tests__/AuthenticationMessage.test.tsx

@@ -19,6 +19,7 @@ describe('AuthenticationMessage', () => {
     {
       serviceName: 'External Service',
       consentLink: 'https://example.com/auth',
+      status: 'pending',
       description: 'This action requires authentication with an external service.',
     },
   ];

libs/a2a-core/src/react/components/Message/__tests__/CodeBlockHeader.test.tsx

@@ -1,5 +1,5 @@
 import { render, screen, fireEvent, waitFor, act } from '@testing-library/react';
-import { vi } from 'vitest';
+import { vi, describe, expect, it, beforeEach } from 'vitest';
 import '@testing-library/jest-dom';
 import { CodeBlockHeader } from '../CodeBlockHeader';
 

libs/a2a-core/src/react/components/Message/__tests__/Message.codeblock.test.tsx

@@ -1,5 +1,5 @@
 import { render, screen, fireEvent } from '@testing-library/react';
-import { vi } from 'vitest';
+import { vi, describe, beforeEach, it, expect } from 'vitest';
 import '@testing-library/jest-dom';
 import { Message } from '../Message';
 import type { Message as MessageType } from '../../../types';
@@ -22,7 +22,7 @@ describe('Message - Code Block Headers', () => {
       content: '```javascript\nconsole.log("Hello, World!");\n```',
       sender: 'assistant',
       timestamp: new Date(),
-      status: 'delivered',
+      status: 'sent',
     };
 
     render(<Message message={message} />);
@@ -48,7 +48,7 @@ greeting = "Hello"
 \`\`\``,
       sender: 'assistant',
       timestamp: new Date(),
-      status: 'delivered',
+      status: 'sent',
     };
 
     render(<Message message={message} />);
@@ -69,7 +69,7 @@ greeting = "Hello"
       content: `\`\`\`javascript\n${codeContent}\n\`\`\``,
       sender: 'assistant',
       timestamp: new Date(),
-      status: 'delivered',
+      status: 'sent',
     };
 
     render(<Message message={message} />);
@@ -86,7 +86,7 @@ greeting = "Hello"
       content: '```\nplain code block\n```',
       sender: 'assistant',
       timestamp: new Date(),
-      status: 'delivered',
+      status: 'sent',
     };
 
     render(<Message message={message} />);
@@ -101,7 +101,7 @@ greeting = "Hello"
       content: 'Use the `console.log()` function to debug.',
       sender: 'assistant',
       timestamp: new Date(),
-      status: 'delivered',
+      status: 'sent',
     };
 
     render(<Message message={message} />);
@@ -117,7 +117,7 @@ greeting = "Hello"
       content: 'Generated code',
       sender: 'assistant',
       timestamp: new Date(),
-      status: 'delivered',
+      status: 'sent',
       metadata: {
         isArtifact: true,
         artifactName: 'test.js',

libs/a2a-core/src/react/components/Message/__tests__/Message.escapeAttr.test.tsx

@@ -0,0 +1,67 @@
+import { render } from '@testing-library/react';
+import '@testing-library/jest-dom';
+import { Message } from '../Message';
+import type { Message as MessageType } from '../../../types';
+import { describe, it, expect } from 'vitest';
+
+describe('Message - link attribute escaping', () => {
+  const createAssistantMessage = (content: string): MessageType => ({
+    id: '1',
+    content,
+    sender: 'assistant',
+    timestamp: new Date(),
+    status: 'sent',
+  });
+
+  it('should escape double quotes in link title attributes', () => {
+    const message = createAssistantMessage('Check [this link](https://example.com "My \\"quoted\\" title")');
+    const { container } = render(<Message message={message} />);
+
+    const link = container.querySelector('a');
+    // The link should render without breaking the HTML structure
+    expect(link).toBeInTheDocument();
+    expect(link?.getAttribute('target')).toBe('_blank');
+    expect(link?.getAttribute('rel')).toBe('noopener noreferrer');
+  });
+
+  it('should not create script elements from angle brackets in href', () => {
+    const message = createAssistantMessage('[click](https://example.com/path?q=<script>alert(1)</script>)');
+    const { container } = render(<Message message={message} />);
+
+    const link = container.querySelector('a');
+    expect(link).toBeInTheDocument();
+    // Escaping prevents <script> in href from becoming a DOM element
+    expect(container.querySelector('script')).not.toBeInTheDocument();
+  });
+
+  it('should block javascript: protocol in href', () => {
+    const message = createAssistantMessage('[click](javascript:alert(1))');
+    const { container } = render(<Message message={message} />);
+
+    const link = container.querySelector('a');
+    if (link) {
+      const href = link.getAttribute('href') ?? '';
+      expect(href).not.toMatch(/javascript:/i);
+    }
+  });
+
+  it('should preserve valid links with special characters', () => {
+    const message = createAssistantMessage('[search](https://example.com/search?q=hello&lang=en)');
+    const { container } = render(<Message message={message} />);
+
+    const link = container.querySelector('a');
+    expect(link).toBeInTheDocument();
+    expect(link?.getAttribute('target')).toBe('_blank');
+    expect(link?.getAttribute('rel')).toBe('noopener noreferrer');
+  });
+
+  it('should render links with no title attribute when title is absent', () => {
+    const message = createAssistantMessage('[example](https://example.com)');
+    const { container } = render(<Message message={message} />);
+
+    const link = container.querySelector('a');
+    expect(link).toBeInTheDocument();
+    expect(link?.hasAttribute('title')).toBe(false);
+    expect(link?.getAttribute('href')).toContain('example.com');
+  });
+});