fix: potential xss issue reported in mynah-ui (aws#2209)

* fix: potential xss issue

* fix: addressing comments

* fix: unescaping the history message while opening history tab

Author: laileni-aws

package-lock.json

@@ -67,13 +67,15 @@
         "vscode-uri": "^3.1.0",
         "ws": "^8.18.0",
         "xml2js": "^0.6.2",
-        "xmlbuilder2": "^3.1.1"
+        "xmlbuilder2": "^3.1.1",
+        "unescape-html": "^1.1.0"
     },
     "devDependencies": {
         "@types/adm-zip": "^0.5.5",
         "@types/archiver": "^6.0.2",
         "@types/diff": "^7.0.2",
         "@types/encoding-japanese": "^2.2.1",
+        "@types/escape-html": "^1.0.4",
         "@types/ignore-walk": "^4.0.3",
         "@types/local-indexing": "file:./types/types-local-indexing-1.1.0.tgz",
         "@types/lokijs": "^1.5.14",

server/aws-lsp-codewhisperer/package.json

@@ -57,7 +57,7 @@ import { LocalProjectContextController } from '../../shared/localProjectContextC
 import { CancellationError } from '@aws/lsp-core'
 import { ToolApprovalException } from './tools/toolShared'
 import * as constants from './constants/constants'
-import { DEFAULT_MODEL_ID, GENERATE_ASSISTANT_RESPONSE_INPUT_LIMIT, GENERIC_ERROR_MS } from './constants/constants'
+import { GENERATE_ASSISTANT_RESPONSE_INPUT_LIMIT, GENERIC_ERROR_MS } from './constants/constants'
 import { MISSING_BEARER_TOKEN_ERROR } from '../../shared/constants'
 import {
     AmazonQError,

server/aws-lsp-codewhisperer/src/language-server/agenticChat/agenticChatController.test.ts

@@ -179,7 +179,6 @@ import {
     OUTPUT_LIMIT_EXCEEDS_PARTIAL_MSG,
     RESPONSE_TIMEOUT_MS,
     RESPONSE_TIMEOUT_PARTIAL_MSG,
-    DEFAULT_MODEL_ID,
     COMPACTION_BODY,
     COMPACTION_HEADER_BODY,
     DEFAULT_MACOS_RUN_SHORTCUT,
@@ -230,6 +229,7 @@ import { CodeWhispererServiceToken } from '../../shared/codeWhispererService'
 import { DisplayFindings } from './tools/qCodeAnalysis/displayFindings'
 import { IDE } from '../../shared/constants'
 import { IdleWorkspaceManager } from '../workspaceContext/IdleWorkspaceManager'
+import escapeHTML = require('escape-html')
 
 type ChatHandlers = Omit<
     LspHandlers<Chat>,
@@ -1363,7 +1363,7 @@ export class AgenticChatController implements ChatHandlers {
                     this.#debug('Skipping adding user message to history - cancelled by user')
                 } else {
                     this.#chatHistoryDb.addMessage(tabId, 'cwc', conversationIdentifier, {
-                        body: currentMessage.userInputMessage?.content ?? '',
+                        body: escapeHTML(currentMessage.userInputMessage?.content ?? ''),
                         type: 'prompt' as any,
                         userIntent: currentMessage.userInputMessage?.userIntent,
                         origin: currentMessage.userInputMessage?.origin,

server/aws-lsp-codewhisperer/src/language-server/agenticChat/agenticChatController.ts

@@ -14,7 +14,6 @@ export const SERVICE_MANAGER_POLL_INTERVAL_MS = 100
 
 // LLM Constants
 export const GENERATE_ASSISTANT_RESPONSE_INPUT_LIMIT = 500_000
-export const DEFAULT_MODEL_ID = BedrockModel.CLAUDE_SONNET_4_20250514_V1_0
 
 // Compaction
 export const COMPACTION_BODY = (threshold: number) =>

server/aws-lsp-codewhisperer/src/language-server/agenticChat/constants/constants.ts

@@ -35,6 +35,7 @@ import { ChatItemType } from '@aws/mynah-ui'
 import { getUserHomeDir } from '@aws/lsp-core/out/util/path'
 import { ChatHistoryMaintainer } from './chatHistoryMaintainer'
 import { existsSync, renameSync } from 'fs'
+import escapeHTML = require('escape-html')
 
 export class ToolResultValidationError extends Error {
     constructor(message?: string) {
@@ -693,6 +694,7 @@ export class ChatDatabase {
             }
             return {
                 ...message,
+                body: escapeHTML(message.body),
                 userInputMessageContext: {
                     // keep falcon context when inputMessage is not a toolResult message
                     editorState: hasToolResults ? undefined : message.userInputMessageContext?.editorState,

server/aws-lsp-codewhisperer/src/language-server/agenticChat/tools/chatDb/chatDb.ts

@@ -28,6 +28,7 @@ import { activeFileCmd } from '../../context/additionalContextProvider'
 import { PriorityQueue } from 'typescript-collections'
 import { Features } from '@aws/language-server-runtimes/server-interface/server'
 import * as crypto from 'crypto'
+import unescapeHTML = require('unescape-html')
 
 // Ported from https://github.com/aws/aws-toolkit-vscode/blob/master/packages/core/src/shared/db/chatDb/util.ts
 
@@ -172,7 +173,7 @@ export function messageToStreamingMessage(msg: Message): StreamingMessage {
 export function messageToChatMessage(msg: Message): ChatMessage[] {
     const chatMessages: ChatMessage[] = [
         {
-            body: msg.body,
+            body: unescapeHTML(msg.body),
             type: msg.type,
             codeReference: msg.codeReference,
             relatedContent:

server/aws-lsp-codewhisperer/src/language-server/agenticChat/tools/chatDb/util.ts

@@ -9,7 +9,6 @@ import { MCPServerConfig, PersonaConfig, MCPServerPermission, McpPermissionType,
 import path = require('path')
 import { QClientCapabilities } from '../../../configuration/qConfigurationServer'
 import crypto = require('crypto')
-import { Features } from '@aws/language-server-runtimes/server-interface/server'
 
 /**
  * Load, validate, and parse MCP server configurations from JSON files.

server/aws-lsp-codewhisperer/src/language-server/agenticChat/tools/mcp/mcpUtils.ts

@@ -0,0 +1,4 @@
+declare module 'unescape-html' {
+    function unescapeHTML(str: string): string
+    export = unescapeHTML
+}