From b85e402807f70eb8b240547f0cf064c6e32a9e2c Mon Sep 17 00:00:00 2001
From: Thorsten Eckel <te@zammad.com>
Date: Tue, 28 Sep 2021 15:28:57 +0200
Subject: [PATCH 01/65] Maintenance: Pluralize admin navigation entry name for
 Core Workflows.

---
 app/assets/javascripts/app/controllers/core_workflow.coffee | 4 ++--
 spec/system/system/core_workflow_spec.rb                    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/assets/javascripts/app/controllers/core_workflow.coffee b/app/assets/javascripts/app/controllers/core_workflow.coffee
index a537a9077..a39a2a61b 100644
--- a/app/assets/javascripts/app/controllers/core_workflow.coffee
+++ b/app/assets/javascripts/app/controllers/core_workflow.coffee
@@ -1,6 +1,6 @@
 class CoreWorkflow extends App.ControllerSubContent
   requiredPermission: 'admin.core_workflow'
-  header: 'Core Workflow'
+  header: 'Core Workflows'
   constructor: ->
     super
 
@@ -54,4 +54,4 @@ class CoreWorkflow extends App.ControllerSubContent
     }
     return mapping[screen] || screen
 
-App.Config.set('CoreWorkflowObject', { prio: 1750, parent: '#system', name: 'Core Workflow', target: '#system/core_workflow', controller: CoreWorkflow, permission: ['admin.core_workflow'] }, 'NavBarAdmin')
+App.Config.set('CoreWorkflowObject', { prio: 1750, parent: '#system', name: 'Core Workflows', target: '#system/core_workflow', controller: CoreWorkflow, permission: ['admin.core_workflow'] }, 'NavBarAdmin')
diff --git a/spec/system/system/core_workflow_spec.rb b/spec/system/system/core_workflow_spec.rb
index ccbf5f6c2..0530b0289 100644
--- a/spec/system/system/core_workflow_spec.rb
+++ b/spec/system/system/core_workflow_spec.rb
@@ -2,7 +2,7 @@
 
 require 'rails_helper'
 
-RSpec.describe 'System > Core Workflow', type: :system do
+RSpec.describe 'System > Core Workflows', type: :system do
   before do
     ensure_websocket do
       visit 'system/core_workflow'

From 5f2181d8a3e8a86acdc6ce0576343e23242c407d Mon Sep 17 00:00:00 2001
From: Rolf Schmidt <rolf.schmidt@zammad.com>
Date: Wed, 29 Sep 2021 10:03:04 +0200
Subject: [PATCH 02/65] Fixes #3757 - escaped 'Set fixed' workflows don't
 refresh set values on active ticket sessions.

---
 .../_ui_element/core_workflow_perform.coffee  |  3 +-
 .../form_handler_core_workflow.coffee         |  4 +-
 .../ticket_zoom/sidebar_ticket.coffee         | 29 ++++++-----
 app/models/core_workflow/attributes.rb        | 27 +++++++++-
 app/models/core_workflow/result/backend.rb    | 22 ++++++++
 .../core_workflow/result/remove_option.rb     |  8 ++-
 .../core_workflow/result/set_fixed_to.rb      | 14 ++---
 .../system/examples/core_workflow_examples.rb | 10 ++--
 spec/system/ticket/zoom_spec.rb               | 51 +++++++++++++++++++
 9 files changed, 139 insertions(+), 29 deletions(-)

diff --git a/app/assets/javascripts/app/controllers/_ui_element/core_workflow_perform.coffee b/app/assets/javascripts/app/controllers/_ui_element/core_workflow_perform.coffee
index 4d0e3110c..b20780c62 100644
--- a/app/assets/javascripts/app/controllers/_ui_element/core_workflow_perform.coffee
+++ b/app/assets/javascripts/app/controllers/_ui_element/core_workflow_perform.coffee
@@ -128,9 +128,10 @@ class App.UiElement.core_workflow_perform extends App.UiElement.ApplicationSelec
   @buildValueConfigMultiple: (config, meta) ->
     if _.contains(['add_option', 'remove_option', 'set_fixed_to'], meta.operator)
       config.multiple = true
+      config.nulloption = true
     else
       config.multiple = false
-    config.nulloption = false
+      config.nulloption = false
     return config
 
   @HasPreCondition: ->
diff --git a/app/assets/javascripts/app/controllers/ticket_zoom/form_handler_core_workflow.coffee b/app/assets/javascripts/app/controllers/ticket_zoom/form_handler_core_workflow.coffee
index e1548091c..d0ca39503 100644
--- a/app/assets/javascripts/app/controllers/ticket_zoom/form_handler_core_workflow.coffee
+++ b/app/assets/javascripts/app/controllers/ticket_zoom/form_handler_core_workflow.coffee
@@ -119,7 +119,9 @@ class App.FormHandlerCoreWorkflow
 
         valueFound = false
         for value in values
-          if value && paramValue
+
+          # false values are valid values e.g. for boolean fields (be careful)
+          if value isnt undefined && paramValue isnt undefined
             if value.toString() == paramValue.toString()
               valueFound = true
               break
diff --git a/app/assets/javascripts/app/controllers/ticket_zoom/sidebar_ticket.coffee b/app/assets/javascripts/app/controllers/ticket_zoom/sidebar_ticket.coffee
index 5f033dd86..2cf626c38 100644
--- a/app/assets/javascripts/app/controllers/ticket_zoom/sidebar_ticket.coffee
+++ b/app/assets/javascripts/app/controllers/ticket_zoom/sidebar_ticket.coffee
@@ -1,12 +1,14 @@
-class Edit extends App.ControllerObserver
-  model: 'Ticket'
-  observeNot:
-    created_at: true
-    updated_at: true
-  globalRerender: false
+# No usage of a ControllerObserver here because we want to use
+# the data of the ticket zoom ajax request which is using the all=true parameter
+# and contain the core workflow information as well. Without observer we also
+# dont have double rendering because of the zoom (all=true) and observer (full=true) render callback
+class Edit extends App.Controller
+  constructor: (params) ->
+    super
+    @render()
 
-  render: (ticket, diff) =>
-    defaults = ticket.attributes()
+  render: =>
+    defaults = @ticket.attributes()
     delete defaults.article # ignore article infos
     followUpPossible = App.Group.find(defaults.group_id).follow_up_possible
     ticketState = App.TicketState.find(defaults.state_id).name
@@ -19,7 +21,7 @@ class Edit extends App.ControllerObserver
 
     if followUpPossible == 'new_ticket' && ticketState != 'closed' ||
        followUpPossible != 'new_ticket' ||
-       @permissionCheck('admin') || ticket.currentView() is 'agent'
+       @permissionCheck('admin') || @ticket.currentView() is 'agent'
       @controllerFormSidebarTicket = new App.ControllerForm(
         elReplace:      @el
         model:          { className: 'Ticket', configure_attributes: @formMeta.configure_attributes || App.Ticket.configure_attributes }
@@ -28,7 +30,7 @@ class Edit extends App.ControllerObserver
         filter:         @formMeta.filter
         formMeta:       @formMeta
         params:         defaults
-        isDisabled:     !ticket.editable()
+        isDisabled:     !@ticket.editable()
         taskKey:        @taskKey
         core_workflow: {
           callbacks: [@markForm]
@@ -44,7 +46,7 @@ class Edit extends App.ControllerObserver
         filter:         @formMeta.filter
         formMeta:       @formMeta
         params:         defaults
-        isDisabled:     ticket.editable()
+        isDisabled:     @ticket.editable()
         taskKey:        @taskKey
         core_workflow: {
           callbacks: [@markForm]
@@ -57,8 +59,8 @@ class Edit extends App.ControllerObserver
     return if @resetBind
     @resetBind = true
     @controllerBind('ui::ticket::taskReset', (data) =>
-      return if data.ticket_id.toString() isnt ticket.id.toString()
-      @render(ticket)
+      return if data.ticket_id.toString() isnt @ticket.id.toString()
+      @render()
     )
 
 class SidebarTicket extends App.Controller
@@ -128,6 +130,7 @@ class SidebarTicket extends App.Controller
 
     @edit = new Edit(
       object_id: @ticket.id
+      ticket:    @ticket
       el:        localEl.find('.edit')
       taskGet:   @taskGet
       formMeta:  @formMeta
diff --git a/app/models/core_workflow/attributes.rb b/app/models/core_workflow/attributes.rb
index 0cb4da236..7005155af 100644
--- a/app/models/core_workflow/attributes.rb
+++ b/app/models/core_workflow/attributes.rb
@@ -30,10 +30,26 @@ class CoreWorkflow::Attributes
     end
   end
 
+  def selectable_field?(key)
+    return if key == 'id'
+    return if !@payload['params'].key?(key)
+
+    # some objects have no attributes like "CoreWorkflow"-object as well.
+    # attributes only exists in the frontend so we skip this check
+    return true if object_elements.blank?
+
+    object_elements_hash.key?(key)
+  end
+
   def overwrite_selected(result)
     selected_attributes = selected_only.attributes
     selected_attributes.each_key do |key|
-      next if selected_attributes[key].nil?
+      next if !selectable_field?(key)
+
+      # special behaviour for owner id
+      if key == 'owner_id' && selected_attributes[key].nil?
+        selected_attributes[key] = 1
+      end
 
       result[key.to_sym] = selected_attributes[key]
     end
@@ -55,7 +71,10 @@ class CoreWorkflow::Attributes
     # dont use lookup here because the cache will not
     # know about new attributes and make crashes
     @saved_only ||= payload_class.find_by(id: @payload['params']['id'])
-    @saved_only.dup
+
+    # we use marshal here because clone still uses references and dup can't
+    # detect changes for the rails object
+    Marshal.load(Marshal.dump(@saved_only))
   end
 
   def saved
@@ -68,6 +87,10 @@ class CoreWorkflow::Attributes
     end
   end
 
+  def object_elements_hash
+    @object_elements_hash ||= object_elements.index_by { |x| x[:name] }
+  end
+
   def screen_value(attribute, type)
     attribute[:screens].dig(@payload['screen'], type)
   end
diff --git a/app/models/core_workflow/result/backend.rb b/app/models/core_workflow/result/backend.rb
index 0a458f4b6..4c8452dbf 100644
--- a/app/models/core_workflow/result/backend.rb
+++ b/app/models/core_workflow/result/backend.rb
@@ -18,4 +18,26 @@ class CoreWorkflow::Result::Backend
   def result(backend, field, value = nil)
     @result_object.run_backend_value(backend, field, value)
   end
+
+  def saved_value
+
+    # make sure we have a saved object
+    return if @result_object.attributes.saved_only.blank?
+
+    # we only want to have the saved value in the restrictions
+    # if no changes happend to the form. If the users does changes
+    # to the form then also the saved value should get removed
+    return if @result_object.attributes.selected.changed?
+
+    # attribute can be blank e.g. in custom development
+    # or if attribute is only available in the frontend but not
+    # in the backend
+    return if attribute.blank?
+
+    @result_object.attributes.saved_attribute_value(attribute).to_s
+  end
+
+  def attribute
+    @attribute ||= @result_object.attributes.object_elements_hash[field]
+  end
 end
diff --git a/app/models/core_workflow/result/remove_option.rb b/app/models/core_workflow/result/remove_option.rb
index a75e7f06c..03b0bcb7e 100644
--- a/app/models/core_workflow/result/remove_option.rb
+++ b/app/models/core_workflow/result/remove_option.rb
@@ -3,8 +3,14 @@
 class CoreWorkflow::Result::RemoveOption < CoreWorkflow::Result::BaseOption
   def run
     @result_object.result[:restrict_values][field] ||= Array(@result_object.payload['params'][field])
-    @result_object.result[:restrict_values][field] -= Array(@perform_config['remove_option'])
+    @result_object.result[:restrict_values][field] -= Array(config_value)
     remove_excluded_param_values
     true
   end
+
+  def config_value
+    result = Array(@perform_config['remove_option'])
+    result -= Array(saved_value)
+    result
+  end
 end
diff --git a/app/models/core_workflow/result/set_fixed_to.rb b/app/models/core_workflow/result/set_fixed_to.rb
index 45c481b10..9203f12e3 100644
--- a/app/models/core_workflow/result/set_fixed_to.rb
+++ b/app/models/core_workflow/result/set_fixed_to.rb
@@ -5,21 +5,23 @@ class CoreWorkflow::Result::SetFixedTo < CoreWorkflow::Result::BaseOption
     @result_object.result[:restrict_values][field] = if restriction_set?
                                                        restrict_values
                                                      else
-                                                       replace_values
+                                                       config_value
                                                      end
     remove_excluded_param_values
     true
   end
 
+  def config_value
+    result = Array(@perform_config['set_fixed_to'])
+    result |= Array(saved_value)
+    result
+  end
+
   def restriction_set?
     @result_object.result[:restrict_values][field]
   end
 
   def restrict_values
-    @result_object.result[:restrict_values][field].reject { |v| Array(@perform_config['set_fixed_to']).exclude?(v) }
-  end
-
-  def replace_values
-    Array(@perform_config['set_fixed_to'])
+    @result_object.result[:restrict_values][field].reject { |v| config_value.exclude?(v) }
   end
 end
diff --git a/spec/system/examples/core_workflow_examples.rb b/spec/system/examples/core_workflow_examples.rb
index b507bd2a8..5635bee28 100644
--- a/spec/system/examples/core_workflow_examples.rb
+++ b/spec/system/examples/core_workflow_examples.rb
@@ -525,15 +525,15 @@ RSpec.shared_examples 'core workflow' do
                perform: {
                  "#{object_name.downcase}.#{field_name}": {
                    operator:     'set_fixed_to',
-                   set_fixed_to: %w[true]
+                   set_fixed_to: %w[false]
                  },
                })
       end
 
       it 'does perform' do
         before_it.call
-        expect(page).to have_selector("select[name='#{field_name}'] option[value='true']", wait: 10)
-        expect(page).to have_no_selector("select[name='#{field_name}'] option[value='false']", wait: 10)
+        expect(page).to have_selector("select[name='#{field_name}'] option[value='false']", wait: 10)
+        expect(page).to have_no_selector("select[name='#{field_name}'] option[value='true']", wait: 10)
       end
     end
 
@@ -562,7 +562,7 @@ RSpec.shared_examples 'core workflow' do
                perform: {
                  "#{object_name.downcase}.#{field_name}": {
                    operator:     'set_fixed_to',
-                   set_fixed_to: ['', 'true'],
+                   set_fixed_to: ['', 'false'],
                  },
                })
         create(:core_workflow,
@@ -577,7 +577,7 @@ RSpec.shared_examples 'core workflow' do
 
       it 'does perform' do
         before_it.call
-        expect(page).to have_selector("select[name='#{field_name}'] option[value='true'][selected]", wait: 10)
+        expect(page).to have_selector("select[name='#{field_name}'] option[value='false'][selected]", wait: 10)
       end
     end
   end
diff --git a/spec/system/ticket/zoom_spec.rb b/spec/system/ticket/zoom_spec.rb
index 588b9ef3e..ebcf07f0b 100644
--- a/spec/system/ticket/zoom_spec.rb
+++ b/spec/system/ticket/zoom_spec.rb
@@ -2083,4 +2083,55 @@ RSpec.describe 'Ticket zoom', type: :system do
       expect(ticket.reload.owner_id).to eq(admin.id)
     end
   end
+
+  describe "escaped 'Set fixed' workflows don't refresh set values on active ticket sessions #3757", authenticated_as: :authenticate, db_strategy: :reset do
+    let(:field_name) { SecureRandom.uuid }
+    let(:ticket) { create(:ticket, group: Group.find_by(name: 'Users'), field_name => false) }
+
+    def authenticate
+      workflow
+      create :object_manager_attribute_boolean, name: field_name, display: field_name, screens: attributes_for(:required_screen)
+      ObjectManager::Attribute.migration_execute
+      ticket
+      true
+    end
+
+    before do
+      visit "#ticket/zoom/#{ticket.id}"
+    end
+
+    context 'when operator set_fixed_to' do
+      let(:workflow) do
+        create(:core_workflow,
+               object:  'Ticket',
+               perform: { "ticket.#{field_name}" => { 'operator' => 'set_fixed_to', 'set_fixed_to' => ['false'] } })
+      end
+
+      context 'when saved value is removed by set_fixed_to operator' do
+        it 'does show up the saved value if it would not be possible because of the restriction' do
+          expect(page.find("select[name='#{field_name}']").value).to eq('false')
+          ticket.update(field_name => true)
+          wait(10, interval: 0.5).until { page.find("select[name='#{field_name}']").value == 'true' }
+          expect(page.find("select[name='#{field_name}']").value).to eq('true')
+        end
+      end
+    end
+
+    context 'when operator remove_option' do
+      let(:workflow) do
+        create(:core_workflow,
+               object:  'Ticket',
+               perform: { "ticket.#{field_name}" => { 'operator' => 'remove_option', 'remove_option' => ['true'] } })
+      end
+
+      context 'when saved value is removed by set_fixed_to operator' do
+        it 'does show up the saved value if it would not be possible because of the restriction' do
+          expect(page.find("select[name='#{field_name}']").value).to eq('false')
+          ticket.update(field_name => true)
+          wait(10, interval: 0.5).until { page.find("select[name='#{field_name}']").value == 'true' }
+          expect(page.find("select[name='#{field_name}']").value).to eq('true')
+        end
+      end
+    end
+  end
 end

From 8d37feceb64bcb894fa0941e2a8243b391f59ddf Mon Sep 17 00:00:00 2001
From: Mantas Masalskis <mm@zammad.com>
Date: Wed, 29 Sep 2021 10:09:08 +0200
Subject: [PATCH 03/65] Fixes #3772 - Existing tickets: New article modal with
 padding-left: 0; padding-right: 0;

---
 app/assets/stylesheets/zammad.scss | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/app/assets/stylesheets/zammad.scss b/app/assets/stylesheets/zammad.scss
index 55370dabd..5be9eecfd 100644
--- a/app/assets/stylesheets/zammad.scss
+++ b/app/assets/stylesheets/zammad.scss
@@ -7017,8 +7017,8 @@ footer {
   .article-new .textBubble {
     border-color: #b3b3b3;
     border-radius: 5px;
-    padding-left: 0;
-    padding-right: 0;
+    padding-left: 12px;
+    padding-right: 12px;
     cursor: text;
   }
 
@@ -7057,7 +7057,12 @@ footer {
     .attachments:not(:empty) {
       padding: 9px 5px;
       border-top: 1px solid hsl(0,0%,93%);
-      margin: 6px 0 30px;
+      margin: 6px -12px 30px;
+    }
+
+    .ticket-create .attachments:not(:empty) {
+      margin-left: 0;
+      margin-right: 0;
     }
 
     .attachment.attachment--row {

From 0cc5764ab35f073f1e8e82d10dee257fee700199 Mon Sep 17 00:00:00 2001
From: Martin Edenhofer <me@zammad.com>
Date: Wed, 29 Sep 2021 10:13:40 +0200
Subject: [PATCH 04/65] Fixes #3365 - No script content (e. g. JavaScript) in
 emails

---
 config/initializers/html_sanitizer.rb              |  2 +-
 spec/models/channel/email_parser_spec.rb           |  2 +-
 .../concerns/has_xss_sanitized_note_examples.rb    |  4 ++--
 spec/models/ticket/article_spec.rb                 |  6 +++---
 test/unit/html_sanitizer_test.rb                   | 14 +++++++-------
 5 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/config/initializers/html_sanitizer.rb b/config/initializers/html_sanitizer.rb
index 8183f9a85..80ae25b52 100644
--- a/config/initializers/html_sanitizer.rb
+++ b/config/initializers/html_sanitizer.rb
@@ -5,11 +5,11 @@ Rails.application.config.html_sanitizer_tags_remove_content = %w[
   style
   comment
   meta
+  script
 ]
 
 # content of this tags will will be inserted html quoted
 Rails.application.config.html_sanitizer_tags_quote_content = %w[
-  script
 ]
 
 # only this tags are allowed
diff --git a/spec/models/channel/email_parser_spec.rb b/spec/models/channel/email_parser_spec.rb
index b553db6f3..9a30a3102 100644
--- a/spec/models/channel/email_parser_spec.rb
+++ b/spec/models/channel/email_parser_spec.rb
@@ -1258,7 +1258,7 @@ RSpec.describe Channel::EmailParser, type: :model do
         let(:content_type) { 'text/html' }
 
         it 'removes injected <script> tags from body' do
-          expect(article.body).to eq("no HTML alert('XSS')")
+          expect(article.body).to eq('no HTML')
         end
       end
 
diff --git a/spec/models/concerns/has_xss_sanitized_note_examples.rb b/spec/models/concerns/has_xss_sanitized_note_examples.rb
index c64d728a0..6a8952af6 100644
--- a/spec/models/concerns/has_xss_sanitized_note_examples.rb
+++ b/spec/models/concerns/has_xss_sanitized_note_examples.rb
@@ -5,8 +5,8 @@ RSpec.shared_examples 'HasXssSanitizedNote' do |model_factory:|
     context 'with injected JS' do
       subject { create(model_factory, note: 'test 123 <script type="text/javascript">alert("XSS!");</script> <b>some text</b>') }
 
-      it 'strips out <script> tag' do
-        expect(subject.note).to eq('test 123 alert("XSS!"); <b>some text</b>')
+      it 'strips out <script> tag with content' do
+        expect(subject.note).to eq('test 123  <b>some text</b>')
       end
     end
   end
diff --git a/spec/models/ticket/article_spec.rb b/spec/models/ticket/article_spec.rb
index abb1824d6..4dd3e102e 100644
--- a/spec/models/ticket/article_spec.rb
+++ b/spec/models/ticket/article_spec.rb
@@ -87,11 +87,11 @@ RSpec.describe Ticket::Article, type: :model do
 
       context 'when body contains only injected JS' do
         let(:body) { <<~RAW.chomp }
-          <script type="text/javascript">alert("XSS!");</script>
+          <script type="text/javascript">alert("XSS!");</script> some other text
         RAW
 
         it 'removes <script> tags' do
-          expect(article.body).to eq('alert("XSS!");')
+          expect(article.body).to eq(' some other text')
         end
       end
 
@@ -102,7 +102,7 @@ RSpec.describe Ticket::Article, type: :model do
 
         it 'removes <script> tags' do
           expect(article.body).to eq(<<~SANITIZED.chomp)
-            please tell me this doesn't work: alert("XSS!");
+            please tell me this doesn't work:#{' '}
           SANITIZED
         end
       end
diff --git a/test/unit/html_sanitizer_test.rb b/test/unit/html_sanitizer_test.rb
index c3d74e07d..0539c1359 100644
--- a/test/unit/html_sanitizer_test.rb
+++ b/test/unit/html_sanitizer_test.rb
@@ -6,18 +6,18 @@ class HtmlSanitizerTest < ActiveSupport::TestCase
 
   test 'xss' do
     assert_equal(HtmlSanitizer.strict('<b>123</b>'), '<b>123</b>')
-    assert_equal(HtmlSanitizer.strict('<script><b>123</b></script>'), '&lt;b&gt;123&lt;/b&gt;')
-    assert_equal(HtmlSanitizer.strict('<script><style><b>123</b></style></script>'), '&lt;style&gt;&lt;b&gt;123&lt;/b&gt;&lt;/style&gt;')
+    assert_equal(HtmlSanitizer.strict('<script><b>123</b></script>'), '')
+    assert_equal(HtmlSanitizer.strict('<script><style><b>123</b></style></script>'), '')
     assert_equal(HtmlSanitizer.strict('<abc><i><b>123</b><bbb>123</bbb></i></abc>'), '<i><b>123</b>123</i>')
     assert_equal(HtmlSanitizer.strict('<abc><i><b>123</b><bbb>123<i><ccc>abc</ccc></i></bbb></i></abc>'), '<i><b>123</b>123<i>abc</i></i>')
     assert_equal(HtmlSanitizer.strict('<not_existing>123</not_existing>'), '123')
-    assert_equal(HtmlSanitizer.strict('<script type="text/javascript">alert("XSS!");</script>'), 'alert("XSS!");')
+    assert_equal(HtmlSanitizer.strict('<script type="text/javascript">alert("XSS!");</script>'), '')
     assert_equal(HtmlSanitizer.strict('<SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>'), '')
     assert_equal(HtmlSanitizer.strict('<IMG SRC="javascript:alert(\'XSS\');">'), '')
     assert_equal(HtmlSanitizer.strict('<IMG SRC=javascript:alert(\'XSS\')>'), '')
     assert_equal(HtmlSanitizer.strict('<IMG SRC=JaVaScRiPt:alert(\'XSS\')>'), '')
     assert_equal(HtmlSanitizer.strict('<IMG SRC=`javascript:alert("RSnake says, \'XSS\'")`>'), '')
-    assert_equal(HtmlSanitizer.strict('<IMG """><SCRIPT>alert("XSS")</SCRIPT>">'), '<img>alert("XSS")"&gt;')
+    assert_equal(HtmlSanitizer.strict('<IMG """><SCRIPT>alert("XSS")</SCRIPT>">'), '<img>"&gt;')
     assert_equal(HtmlSanitizer.strict('<IMG SRC=# onmouseover="alert(\'xxs\')">'), '<img src="#">')
     assert_equal(HtmlSanitizer.strict('<IMG SRC="jav  ascript:alert(\'XSS\');">'), '')
     assert_equal(HtmlSanitizer.strict('<IMG SRC="jav&#x09;ascript:alert(\'XSS\');">'), '')
@@ -27,13 +27,13 @@ class HtmlSanitizerTest < ActiveSupport::TestCase
     assert_equal(HtmlSanitizer.strict('<SCRIPT/XSS SRC="http://xss.rocks/xss.js"></SCRIPT>'), '')
     assert_equal(HtmlSanitizer.strict('<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>'), '')
     assert_equal(HtmlSanitizer.strict('<SCRIPT/SRC="http://xss.rocks/xss.js"></SCRIPT>'), '')
-    assert_equal(HtmlSanitizer.strict('<<SCRIPT>alert("XSS");//<</SCRIPT>'), '&lt;alert("XSS");//&lt;')
+    assert_equal(HtmlSanitizer.strict('<<SCRIPT>alert("XSS");//<</SCRIPT>'), '&lt;')
     assert_equal(HtmlSanitizer.strict('<SCRIPT SRC=http://xss.rocks/xss.js?< B >'), '')
     assert_equal(HtmlSanitizer.strict('<SCRIPT SRC=//xss.rocks/.j>'), '')
     assert_equal(HtmlSanitizer.strict('<IMG SRC="javascript:alert(\'XSS\')"'), '')
     assert_equal(HtmlSanitizer.strict('<IMG SRC="javascript:alert(\'XSS\')" abc<b>123</b>'), '123')
     assert_equal(HtmlSanitizer.strict('<iframe src=http://xss.rocks/scriptlet.html <'), '')
-    assert_equal(HtmlSanitizer.strict('</script><script>alert(\'XSS\');</script>'), 'alert(\'XSS\');')
+    assert_equal(HtmlSanitizer.strict('</script><script>alert(\'XSS\');</script>'), '')
     assert_equal(HtmlSanitizer.strict('<STYLE>li {list-style-image: url("javascript:alert(\'XSS\')");}</STYLE><UL><LI>XSS</br>'), '<ul><li>XSS</li></ul>')
     assert_equal(HtmlSanitizer.strict('<IMG SRC=\'vbscript:msgbox("XSS")\'>'), '')
     assert_equal(HtmlSanitizer.strict('<IMG SRC="livescript:[code]">'), '')
@@ -73,7 +73,7 @@ tt  p://6 6.000146.0x7.147/">XSS</A>', true), '<a href="http://h%0Att%20%20p://6
     assert_equal(HtmlSanitizer.strict('<img[a][b]src=x[d]onerror[c]=[e]"alert(1)">'), '<img>')
     assert_equal(HtmlSanitizer.strict('<a href="[a]java[b]script[c]:alert(1)">XXX</a>'), '<a href="%5Ba%5Djava%5Bb%5Dscript%5Bc%5D:alert(1)">XXX</a>')
     assert_equal(HtmlSanitizer.strict('<a href="[a]java[b]script[c]:alert(1)">XXX</a>', true), '<a href="http://%5Ba%5Djava%5Bb%5Dscript%5Bc%5D:alert(1)" rel="nofollow noreferrer noopener" target="_blank" title="http://%5Ba%5Djava%5Bb%5Dscript%5Bc%5D:alert(1)">XXX</a>')
-    assert_equal(HtmlSanitizer.strict('<svg xmlns="http://www.w3.org/2000/svg"><script>alert(1)</script></svg>'), 'alert(1)')
+    assert_equal(HtmlSanitizer.strict('<svg xmlns="http://www.w3.org/2000/svg"><script>alert(1)</script></svg>'), '')
     assert_equal(HtmlSanitizer.strict('<a style="position:fixed;top:0;left:0;width: 260px;height:100vh;background-color:red;display: block;" href="http://example.com"></a>'), '<a href="http://example.com" rel="nofollow noreferrer noopener" target="_blank" title="http://example.com"></a>')
     assert_equal(HtmlSanitizer.strict('<a style="position:fixed;top:0;left:0;width: 260px;height:100vh;background-color:red;display: block;" href="http://example.com"></a>', true), '<a href="http://example.com" rel="nofollow noreferrer noopener" target="_blank" title="http://example.com"></a>')
     assert_equal(HtmlSanitizer.strict('<div>

From 68adb3974e1c738d2074039e06763855480d6f3f Mon Sep 17 00:00:00 2001
From: Mantas <mantas@idev.lt>
Date: Mon, 27 Sep 2021 17:24:09 +0300
Subject: [PATCH 05/65] Fixes #3028 - Syntax errors break scheduler job for
 good

---
 lib/notification_factory/renderer.rb          |  4 ++
 .../lib/notification_factory/renderer_spec.rb | 52 ++++++-------------
 2 files changed, 19 insertions(+), 37 deletions(-)

diff --git a/lib/notification_factory/renderer.rb b/lib/notification_factory/renderer.rb
index b69fad924..669279bd9 100644
--- a/lib/notification_factory/renderer.rb
+++ b/lib/notification_factory/renderer.rb
@@ -37,6 +37,10 @@ examples how to use
 
   def render
     ERB.new(@template.to_s).result(binding)
+  rescue Exception => e # rubocop:disable Lint/RescueException
+    raise StandardError, e.message if e.is_a? SyntaxError
+
+    raise
   end
 
   # d - data of object
diff --git a/spec/lib/notification_factory/renderer_spec.rb b/spec/lib/notification_factory/renderer_spec.rb
index 87635a90b..1785ba2a0 100644
--- a/spec/lib/notification_factory/renderer_spec.rb
+++ b/spec/lib/notification_factory/renderer_spec.rb
@@ -19,7 +19,6 @@ RSpec.describe NotificationFactory::Renderer do
                        objects:  { ticket: ticket },
                        template: '#{ticket.customer.firstname.downcase}'
       expect(renderer.render).to eq 'nicole'
-      ticket.destroy
     end
 
     it 'correctly renders multiple value calls' do
@@ -28,7 +27,21 @@ RSpec.describe NotificationFactory::Renderer do
                        objects:  { ticket: ticket },
                        template: '#{ticket.created_at.value.value.value.value.to_s.first}'
       expect(renderer.render).to eq '2'
-      ticket.destroy
+    end
+
+    it 'raises a StandardError when rendering a template with a broken syntax' do
+      renderer = build :notification_factory_renderer, template: 'test <% if %>', objects: {}
+      expect { renderer.render }.to raise_error(StandardError)
+    end
+
+    it 'raises a StandardError when rendering a template calling a non existant method' do
+      renderer = build :notification_factory_renderer, template: 'test <% Ticket.non_existant_method %>', objects: {}
+      expect { renderer.render }.to raise_error(StandardError)
+    end
+
+    it 'raises a StandardError when rendering a template referencing a non existant object' do
+      renderer = build :notification_factory_renderer, template: 'test <% NonExistantObject.first %>', objects: {}
+      expect { renderer.render }.to raise_error(StandardError)
     end
 
     context 'when handling ObjectManager::Attribute usage', db_strategy: :reset do
@@ -44,13 +57,6 @@ RSpec.describe NotificationFactory::Renderer do
                          template: '#{ticket.select} _SEPERATOR_ #{ticket.select.value}'
 
         expect(renderer.render).to eq 'key_1 _SEPERATOR_ value_1'
-        ticket.destroy
-
-        ObjectManager::Attribute.remove(
-          object: 'Ticket',
-          name:   'select',
-        )
-        ObjectManager::Attribute.migration_execute
       end
 
       it 'correctly renders select attributes on chained user object' do
@@ -69,13 +75,6 @@ RSpec.describe NotificationFactory::Renderer do
                          template: '#{ticket.customer.select} _SEPERATOR_ #{ticket.customer.select.value}'
 
         expect(renderer.render).to eq 'key_2 _SEPERATOR_ value_2'
-        ticket.destroy
-
-        ObjectManager::Attribute.remove(
-          object: 'User',
-          name:   'select',
-        )
-        ObjectManager::Attribute.migration_execute
       end
 
       it 'correctly renders select attributes on chained group object' do
@@ -94,13 +93,6 @@ RSpec.describe NotificationFactory::Renderer do
                          template: '#{ticket.group.select} _SEPERATOR_ #{ticket.group.select.value}'
 
         expect(renderer.render).to eq 'key_3 _SEPERATOR_ value_3'
-        ticket.destroy
-
-        ObjectManager::Attribute.remove(
-          object: 'Group',
-          name:   'select',
-        )
-        ObjectManager::Attribute.migration_execute
       end
 
       it 'correctly renders select attributes on chained organization object' do
@@ -118,13 +110,6 @@ RSpec.describe NotificationFactory::Renderer do
                          template: '#{ticket.customer.organization.select} _SEPERATOR_ #{ticket.customer.organization.select.value}'
 
         expect(renderer.render).to eq 'key_2 _SEPERATOR_ value_2'
-        ticket.destroy
-
-        ObjectManager::Attribute.remove(
-          object: 'Organization',
-          name:   'select',
-        )
-        ObjectManager::Attribute.migration_execute
       end
 
       it 'correctly renders tree select attributes' do
@@ -138,13 +123,6 @@ RSpec.describe NotificationFactory::Renderer do
                          template: '#{ticket.tree_select} _SEPERATOR_ #{ticket.tree_select.value}'
 
         expect(renderer.render).to eq 'Incident::Hardware::Laptop _SEPERATOR_ Incident::Hardware::Laptop'
-        ticket.destroy
-
-        ObjectManager::Attribute.remove(
-          object: 'Ticket',
-          name:   'tree_select',
-        )
-        ObjectManager::Attribute.migration_execute
       end
     end
   end

From 1404f7b2fcb39f150aad823d0499b35d35bbf690 Mon Sep 17 00:00:00 2001
From: Mantas <mantas@idev.lt>
Date: Mon, 27 Sep 2021 15:28:53 +0300
Subject: [PATCH 06/65] Fixes #2619 - KB header and footer link-color not
 changeable

---
 .../knowledge_base/public_menu_manager.coffee |  6 +-
 .../app/models/knowledge_base.coffee          | 13 +++-
 .../app/views/knowledge_base/new_modal.coffee | 11 +--
 .../public_menu_manager.jst.eco               |  2 +-
 app/assets/stylesheets/zammad.scss            |  2 +-
 app/models/knowledge_base.rb                  |  5 +-
 .../public/_inline_stylesheet.html.erb        |  4 ++
 ...0190531180304_initialize_knowledge_base.rb |  5 +-
 ...3172256_issue_2619_kb_header_link_color.rb | 11 +++
 spec/factories/knowledge_base.rb              |  1 +
 spec/models/knowledge_base_spec.rb            |  8 +--
 spec/support/custom_matchers.rb               | 23 +++++++
 .../admin/knowledge_base/public_menu_spec.rb  | 34 ++++++++--
 .../system/admin/knowledge_base/theme_spec.rb | 30 +++++++++
 .../knowledge_base_public/menu_items_spec.rb  | 67 +++++++++++++------
 15 files changed, 177 insertions(+), 45 deletions(-)
 create mode 100644 db/migrate/20210923172256_issue_2619_kb_header_link_color.rb
 create mode 100644 spec/system/admin/knowledge_base/theme_spec.rb

diff --git a/app/assets/javascripts/app/controllers/knowledge_base/public_menu_manager.coffee b/app/assets/javascripts/app/controllers/knowledge_base/public_menu_manager.coffee
index 879497e6d..34941450c 100644
--- a/app/assets/javascripts/app/controllers/knowledge_base/public_menu_manager.coffee
+++ b/app/assets/javascripts/app/controllers/knowledge_base/public_menu_manager.coffee
@@ -27,11 +27,13 @@ class App.KnowledgeBasePublicMenuManager extends App.Controller
       {
         headline: 'Header menu',
         identifier: 'header',
-        color:      kb.color_header
+        color:      kb.color_header,
+        color_link: kb.color_header_link
       },
       {
         headline: 'Footer menu',
-        identifier: 'footer'
+        identifier: 'footer',
+        color_link: 'hsl(207,12%,50%)'
       }
     ]
 
diff --git a/app/assets/javascripts/app/models/knowledge_base.coffee b/app/assets/javascripts/app/models/knowledge_base.coffee
index a48f55bef..8bf326ba7 100644
--- a/app/assets/javascripts/app/models/knowledge_base.coffee
+++ b/app/assets/javascripts/app/models/knowledge_base.coffee
@@ -1,5 +1,5 @@
 class App.KnowledgeBase extends App.Model
-  @configure 'KnowledgeBase', 'iconset', 'color_highlight', 'color_header', 'translation_ids', 'locale_ids', 'homepage_layout', 'category_layout', 'custom_address'
+  @configure 'KnowledgeBase', 'iconset', 'color_highlight', 'color_header', 'color_header_link', 'translation_ids', 'locale_ids', 'homepage_layout', 'category_layout', 'custom_address'
   @extend Spine.Model.Ajax
   @extend App.KnowledgeBaseActions
   @url: @apiPath + '/knowledge_bases'
@@ -148,6 +148,17 @@ class App.KnowledgeBase extends App.Model
           display:    false
           horizontal: true
           shown:      true
+    }, {
+      name: 'color_header_link'
+      display: 'Header Link Color'
+      tag: 'color'
+      style: 'block'
+      null: false
+      screen:
+        admin_style_color_header_link:
+          display:    false
+          horizontal: true
+          shown:      true
     # Layout picker is disabled in V1
     #}, {
     #  name:     'homepage_layout'
diff --git a/app/assets/javascripts/app/views/knowledge_base/new_modal.coffee b/app/assets/javascripts/app/views/knowledge_base/new_modal.coffee
index 3dbb91fd8..bfd1905db 100644
--- a/app/assets/javascripts/app/views/knowledge_base/new_modal.coffee
+++ b/app/assets/javascripts/app/views/knowledge_base/new_modal.coffee
@@ -26,11 +26,12 @@ class App.KnowledgeBaseNewModal extends App.ControllerModal
       App.UiElement[attribute.tag].prepareParams?(attribute, dom, params)
 
   applyDefaults: (params) ->
-    params['iconset']         = 'FontAwesome'
-    params['color_highlight'] = '#38ae6a'
-    params['color_header']    = '#f9fafb'
-    params['homepage_layout'] = 'grid'
-    params['category_layout'] = 'grid'
+    params['iconset']           = 'FontAwesome'
+    params['color_highlight']   = '#38ae6a'
+    params['color_header']      = '#f9fafb'
+    params['color_header_link'] = 'hsl(206,8%,50%)'
+    params['homepage_layout']   = 'grid'
+    params['category_layout']   = 'grid'
 
   onSubmit: (e) ->
     params = @formParams(@el)
diff --git a/app/assets/javascripts/app/views/knowledge_base/public_menu_manager.jst.eco b/app/assets/javascripts/app/views/knowledge_base/public_menu_manager.jst.eco
index 3ccb6b454..7922cf902 100644
--- a/app/assets/javascripts/app/views/knowledge_base/public_menu_manager.jst.eco
+++ b/app/assets/javascripts/app/views/knowledge_base/public_menu_manager.jst.eco
@@ -14,7 +14,7 @@
       <div class="kb-menu-preview">
         <div class="label"><%= kb_locale.systemLocale().name %></div>
 
-        <div class="kb-menu-preview-container kb-menu-preview-container--<%= location.identifier %>" style="background-color: <%= location.color %>">
+        <div class="kb-menu-preview-container kb-menu-preview-container--<%= location.identifier %>" style="background-color: <%= location.color %>; color: <%= location.color_link %>;">
           <% menu_items = App.KnowledgeBaseMenuItem.using_kb_locale_location(kb_locale, location.identifier) %>
 
           <% if menu_items.length == 0: %>
diff --git a/app/assets/stylesheets/zammad.scss b/app/assets/stylesheets/zammad.scss
index 5be9eecfd..62d8ff644 100644
--- a/app/assets/stylesheets/zammad.scss
+++ b/app/assets/stylesheets/zammad.scss
@@ -2661,7 +2661,7 @@ input.has-error {
   }
 
   a {
-    color: hsl(206,8%,50%);
+    color: inherit;
   }
 
   .label {
diff --git a/app/models/knowledge_base.rb b/app/models/knowledge_base.rb
index fac0bfec9..4a254e95b 100644
--- a/app/models/knowledge_base.rb
+++ b/app/models/knowledge_base.rb
@@ -27,8 +27,9 @@ class KnowledgeBase < ApplicationModel
   validates :category_layout, inclusion: { in: KnowledgeBase::LAYOUTS }
   validates :homepage_layout, inclusion: { in: KnowledgeBase::LAYOUTS }
 
-  validates :color_highlight, presence: true, color: true
-  validates :color_header,    presence: true, color: true
+  validates :color_highlight,   presence: true, color: true
+  validates :color_header,      presence: true, color: true
+  validates :color_header_link, presence: true, color: true
 
   validates :iconset, inclusion: { in: KnowledgeBase::ICONSETS }
 
diff --git a/app/views/knowledge_base/public/_inline_stylesheet.html.erb b/app/views/knowledge_base/public/_inline_stylesheet.html.erb
index 0bcbfbeda..5cf8f590b 100644
--- a/app/views/knowledge_base/public/_inline_stylesheet.html.erb
+++ b/app/views/knowledge_base/public/_inline_stylesheet.html.erb
@@ -28,4 +28,8 @@
 	.header {
     background-color: <%= knowledge_base.color_header %>;
 	}
+
+  .header .menu-item {
+    color: <%= knowledge_base.color_header_link %>;
+  }
 </style>
diff --git a/db/migrate/20190531180304_initialize_knowledge_base.rb b/db/migrate/20190531180304_initialize_knowledge_base.rb
index b4de691f5..d462e4374 100644
--- a/db/migrate/20190531180304_initialize_knowledge_base.rb
+++ b/db/migrate/20190531180304_initialize_knowledge_base.rb
@@ -8,8 +8,9 @@ class InitializeKnowledgeBase < ActiveRecord::Migration[5.0]
     create_table :knowledge_bases do |t|
       t.string :iconset, limit: 30, null: false
 
-      t.string :color_highlight, limit: 25, null: false
-      t.string :color_header,    limit: 25, null: false
+      t.string :color_highlight,   limit: 25, null: false
+      t.string :color_header,      limit: 25, null: false
+      t.string :color_header_link, limit: 25, null: false
 
       t.string :homepage_layout, null: false
       t.string :category_layout, null: false
diff --git a/db/migrate/20210923172256_issue_2619_kb_header_link_color.rb b/db/migrate/20210923172256_issue_2619_kb_header_link_color.rb
new file mode 100644
index 000000000..8c7098004
--- /dev/null
+++ b/db/migrate/20210923172256_issue_2619_kb_header_link_color.rb
@@ -0,0 +1,11 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+class Issue2619KbHeaderLinkColor < ActiveRecord::Migration[6.0]
+  def up
+    return if !Setting.exists?(name: 'system_init_done')
+
+    add_column :knowledge_bases, :color_header_link, :string, limit: 25, null: false, default: 'hsl(206,8%,50%)'
+    change_column_default :knowledge_bases, :color_header_link, nil
+    KnowledgeBasis.reset_column_information
+  end
+end
diff --git a/spec/factories/knowledge_base.rb b/spec/factories/knowledge_base.rb
index 4ad0296a6..0e30049e2 100644
--- a/spec/factories/knowledge_base.rb
+++ b/spec/factories/knowledge_base.rb
@@ -8,6 +8,7 @@ FactoryBot.define do
     iconset         { 'FontAwesome' }
     color_highlight { '#AAA' }
     color_header    { '#EEE' }
+    color_header_link { '#FFF000' }
     homepage_layout { 'grid' }
     category_layout { 'list' }
 
diff --git a/spec/models/knowledge_base_spec.rb b/spec/models/knowledge_base_spec.rb
index 067d57ad1..65cfcbfa7 100644
--- a/spec/models/knowledge_base_spec.rb
+++ b/spec/models/knowledge_base_spec.rb
@@ -56,9 +56,9 @@ RSpec.describe KnowledgeBase, type: :model do
     let(:allowed_values) { ['#aaa', '#ff0000', 'rgb(0,100,100)', 'hsl(0,100%,50%)'] }
     let(:not_allowed_values) { ['aaa', '#aa', '#ff000', 'rgb(0,100,100', 'def(0,100%,0.5)', 'test'] }
 
-    it { is_expected.to allow_values(*allowed_values).for(:color_header) }
-    it { is_expected.to allow_values(*allowed_values).for(:color_highlight) }
-    it { is_expected.not_to allow_values(*not_allowed_values).for(:color_header) }
-    it { is_expected.not_to allow_values(*not_allowed_values).for(:color_highlight) }
+    %i[color_header color_header_link color_highlight].each do |attr|
+      it { is_expected.to allow_values(*allowed_values).for(attr) }
+      it { is_expected.not_to allow_values(*not_allowed_values).for(attr) }
+    end
   end
 end
diff --git a/spec/support/custom_matchers.rb b/spec/support/custom_matchers.rb
index d0b494ca3..ac8186455 100644
--- a/spec/support/custom_matchers.rb
+++ b/spec/support/custom_matchers.rb
@@ -7,3 +7,26 @@ RSpec::Matchers.define :exist_in_database do
     actual.class.exists?(actual.id)
   end
 end
+
+RSpec::Matchers.define :have_computed_style do
+
+  match do
+    actual_value == expected_value
+  end
+
+  failure_message do
+    "Expected element to have CSS property #{expected_key} with value #{expected_value}. But it was #{actual_value}."
+  end
+
+  def expected_key
+    expected[0]
+  end
+
+  def expected_value
+    expected[1]
+  end
+
+  def actual_value
+    actual.evaluate_script "getComputedStyle(this).#{expected_key}"
+  end
+end
diff --git a/spec/system/admin/knowledge_base/public_menu_spec.rb b/spec/system/admin/knowledge_base/public_menu_spec.rb
index e8829fb31..936518e62 100644
--- a/spec/system/admin/knowledge_base/public_menu_spec.rb
+++ b/spec/system/admin/knowledge_base/public_menu_spec.rb
@@ -7,20 +7,44 @@ RSpec.describe 'Admin Panel > Knowledge Base > Public Menu', type: :system do
   include_context 'basic Knowledge Base'
   include_context 'Knowledge Base menu items'
 
-  before do
-    visit '/#manage/knowledge_base'
-    find('a', text: 'Public Menu').click
-  end
-
   context 'lists menu items' do
+    before do
+      visit '/#manage/knowledge_base'
+      find('a', text: 'Public Menu').click
+    end
+
     it { expect(find_locale('Footer menu', alternative_locale).text).to include menu_item_4.title }
     it { expect(find_locale('Header menu', primary_locale).text).to include menu_item_1.title }
     it { expect(find_locale('Header menu', alternative_locale).text).not_to include menu_item_2.title }
     it { expect(find_locale('Header menu', primary_locale).text).to include menu_item_2.title }
   end
 
+  context 'menu items color' do
+    before do
+      knowledge_base.update! color_header_link: color
+      visit '/#manage/knowledge_base'
+      find('a', text: 'Public Menu').click
+    end
+
+    let(:color) { 'rgb(255, 0, 255)' }
+
+    it 'applies color for header preview' do
+      elem = all('.kb-menu-preview a')[0]
+
+      expect(elem).to have_computed_style :color, color
+    end
+
+    it 'does not apply color for footer preview' do
+      elem = all('.kb-menu-preview a')[3]
+
+      expect(elem).not_to have_computed_style :color, color
+    end
+  end
+
   context 'edit menu items' do
     before do
+      visit '/#manage/knowledge_base'
+      find('a', text: 'Public Menu').click
       find_location('Header menu').find('a', text: 'Edit').click
 
       modal_ready
diff --git a/spec/system/admin/knowledge_base/theme_spec.rb b/spec/system/admin/knowledge_base/theme_spec.rb
new file mode 100644
index 000000000..d73faa12b
--- /dev/null
+++ b/spec/system/admin/knowledge_base/theme_spec.rb
@@ -0,0 +1,30 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+require 'rails_helper'
+
+# https://github.com/zammad/zammad/issues/266
+RSpec.describe 'Admin Panel > Knowledge Base > Theme', type: :system do
+  include_context 'basic Knowledge Base'
+
+  context 'header link color' do
+    before do
+      knowledge_base
+      visit '/#manage/knowledge_base'
+    end
+
+    it 'shows color' do
+      elem = find('#color_header_link input')
+
+      expect(elem.value).to eq knowledge_base.color_header_link
+    end
+
+    it 'saves new color' do
+      find('#color_header_link input').fill_in with: '#ccc'
+      find('#color_header_link button').click
+
+      await_empty_ajax_queue
+
+      expect(knowledge_base.reload.color_header_link).to eq '#ccc'
+    end
+  end
+end
diff --git a/spec/system/knowledge_base_public/menu_items_spec.rb b/spec/system/knowledge_base_public/menu_items_spec.rb
index 53d803515..d36e8f320 100644
--- a/spec/system/knowledge_base_public/menu_items_spec.rb
+++ b/spec/system/knowledge_base_public/menu_items_spec.rb
@@ -6,35 +6,58 @@ RSpec.describe 'Public Knowledge Base menu items', type: :system, authenticated_
   include_context 'basic Knowledge Base'
   include_context 'Knowledge Base menu items'
 
-  before do
-    published_answer
+  context 'menu items visibility' do
+    before do
+      published_answer
 
-    visit help_no_locale_path
+      visit help_no_locale_path
+    end
+
+    it 'shows header public link' do
+      expect(page).to have_css('header .menu-item', text: menu_item_1.title)
+    end
+
+    it 'shows another header public link' do
+      expect(page).to have_css('header .menu-item', text: menu_item_2.title)
+    end
+
+    it "doesn't show footer link in header" do
+      expect(page).to have_no_css('header .menu-item', text: menu_item_3.title)
+    end
+
+    it 'shows footer public link' do
+      expect(page).to have_css('footer .menu-item', text: menu_item_3.title)
+    end
+
+    it "doesn't show footer link of another locale" do
+      expect(page).to have_no_css('footer .menu-item', text: menu_item_4.title)
+    end
+
+    it 'shows public links in given order' do
+      index_1 = page.body.index menu_item_1.title
+      index_2 = page.body.index menu_item_2.title
+      expect(index_1).to be < index_2
+    end
   end
 
-  it 'shows header public link' do
-    expect(page).to have_css('header .menu-item', text: menu_item_1.title)
-  end
+  context 'menu items color' do
+    before do
+      knowledge_base.update! color_header_link: color
+      visit help_no_locale_path
+    end
 
-  it 'shows another header public link' do
-    expect(page).to have_css('header .menu-item', text: menu_item_2.title)
-  end
+    let(:color) { 'rgb(255, 0, 255)' }
 
-  it "doesn't show footer link in header" do
-    expect(page).to have_no_css('header .menu-item', text: menu_item_3.title)
-  end
+    it 'applies color for header preview' do
+      elem = all('.menu-item')[0]
 
-  it 'shows footer public link' do
-    expect(page).to have_css('footer .menu-item', text: menu_item_3.title)
-  end
+      expect(elem).to have_computed_style :color, color
+    end
 
-  it "doesn't show footer link of another locale" do
-    expect(page).to have_no_css('footer .menu-item', text: menu_item_4.title)
-  end
+    it 'does not apply color for footer preview' do
+      elem = all('.menu-item')[2]
 
-  it 'shows public links in given order' do
-    index_1 = page.body.index menu_item_1.title
-    index_2 = page.body.index menu_item_2.title
-    expect(index_1).to be < index_2
+      expect(elem).not_to have_computed_style :color, color
+    end
   end
 end

From bf6da241d8190d29c7e0a2ad4c5f929b51faaa64 Mon Sep 17 00:00:00 2001
From: Romit Choudhary <rc@zammad.com>
Date: Wed, 29 Sep 2021 11:24:50 +0200
Subject: [PATCH 07/65] Fixes #2351 - Unable to cancel attachment upload

---
 app/assets/stylesheets/zammad.scss | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/assets/stylesheets/zammad.scss b/app/assets/stylesheets/zammad.scss
index 62d8ff644..a4e80733d 100644
--- a/app/assets/stylesheets/zammad.scss
+++ b/app/assets/stylesheets/zammad.scss
@@ -7051,7 +7051,7 @@ footer {
     padding: 10px 0;
     color: #b3b3b3;
     overflow: hidden;
-    @extend .u-unclickable, .u-textTruncate;
+    @extend .u-textTruncate;
   }
 
     .attachments:not(:empty) {

From 6d8f5b7d958bbfed431d78aed4461f0bc2c79dae Mon Sep 17 00:00:00 2001
From: Thorsten Eckel <te@zammad.com>
Date: Wed, 29 Sep 2021 12:16:16 +0200
Subject: [PATCH 08/65] Fixes #3777 - misspelled KnowledgeBase constant breaks
 update.

---
 db/migrate/20210923172256_issue_2619_kb_header_link_color.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/db/migrate/20210923172256_issue_2619_kb_header_link_color.rb b/db/migrate/20210923172256_issue_2619_kb_header_link_color.rb
index 8c7098004..b2b39ea8b 100644
--- a/db/migrate/20210923172256_issue_2619_kb_header_link_color.rb
+++ b/db/migrate/20210923172256_issue_2619_kb_header_link_color.rb
@@ -4,8 +4,8 @@ class Issue2619KbHeaderLinkColor < ActiveRecord::Migration[6.0]
   def up
     return if !Setting.exists?(name: 'system_init_done')
 
-    add_column :knowledge_bases, :color_header_link, :string, limit: 25, null: false, default: 'hsl(206,8%,50%)'
+    add_column :knowledge_bases, :color_header_link, :string, limit: 25, null: false, default: 'hsl(206,8%,50%)' # rubocop:disable Zammad/ExistsResetColumnInformation
     change_column_default :knowledge_bases, :color_header_link, nil
-    KnowledgeBasis.reset_column_information
+    KnowledgeBase.reset_column_information
   end
 end

From 36aa35f765874b941b3df612a7448bd881a5a509 Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Wed, 29 Sep 2021 11:01:24 +0200
Subject: [PATCH 09/65] Maintenance: Port admin_calendar_sla_test.rb to
 Capybara.

---
 script/build/test_slice_tests.sh        |  6 --
 spec/system/manage/sla_spec.rb          | 19 ++++++
 test/browser/admin_calendar_sla_test.rb | 85 -------------------------
 3 files changed, 19 insertions(+), 91 deletions(-)
 delete mode 100644 test/browser/admin_calendar_sla_test.rb

diff --git a/script/build/test_slice_tests.sh b/script/build/test_slice_tests.sh
index cd4919851..8da4c701d 100755
--- a/script/build/test_slice_tests.sh
+++ b/script/build/test_slice_tests.sh
@@ -12,7 +12,6 @@ if [ "$LEVEL" == '1' ]; then
   cp test/integration/aaa_auto_wizard_base_setup_test.rb test/browser/aaa_auto_wizard_base_setup_test.rb
   rm test/browser/abb_one_group_test.rb
   rm test/browser/admin_channel_email_test.rb
-  rm test/browser/admin_calendar_sla_test.rb
   rm test/browser/admin_drag_drop_to_new_group_test.rb
   rm test/browser/admin_overview_test.rb
   rm test/browser/admin_permissions_granular_vs_full_test.rb
@@ -72,7 +71,6 @@ elif [ "$LEVEL" == '2' ]; then
   # test/browser/aaa_getting_started_test.rb
   # test/browser/abb_one_group_test.rb
   rm test/browser/admin_channel_email_test.rb
-  rm test/browser/admin_calendar_sla_test.rb
   rm test/browser/admin_drag_drop_to_new_group_test.rb
   rm test/browser/admin_overview_test.rb
   rm test/browser/admin_permissions_granular_vs_full_test.rb
@@ -132,7 +130,6 @@ elif [ "$LEVEL" == '3' ]; then
   # test/browser/aaa_getting_started_test.rb
   # test/browser/abb_one_group_test.rb
   rm test/browser/admin_channel_email_test.rb
-  rm test/browser/admin_calendar_sla_test.rb
   rm test/browser/admin_drag_drop_to_new_group_test.rb
   rm test/browser/admin_overview_test.rb
   rm test/browser/admin_permissions_granular_vs_full_test.rb
@@ -192,7 +189,6 @@ elif [ "$LEVEL" == '4' ]; then
   # test/browser/aaa_getting_started_test.rb
   # test/browser/abb_one_group_test.rb
   rm test/browser/admin_channel_email_test.rb
-  rm test/browser/admin_calendar_sla_test.rb
   rm test/browser/admin_drag_drop_to_new_group_test.rb
   rm test/browser/admin_overview_test.rb
   rm test/browser/admin_permissions_granular_vs_full_test.rb
@@ -251,7 +247,6 @@ elif [ "$LEVEL" == '5' ]; then
   # only profile action & admin
   # test/browser/abb_one_group_test.rb
   # test/browser/admin_channel_email_test.rb
-  # test/browser/admin_calendar_sla_test.rb
   # rm test/browser/admin_drag_drop_to_new_group_test.rb
   # test/browser/admin_overview_test.rb
   # rm test/browser/admin_permissions_granular_vs_full_test.rb
@@ -313,7 +308,6 @@ elif [ "$LEVEL" == '6' ]; then
   cp test/integration/aaa_auto_wizard_base_setup_test.rb test/browser/aaa_auto_wizard_base_setup_test.rb
   rm test/browser/abb_one_group_test.rb
   rm test/browser/admin_channel_email_test.rb
-  rm test/browser/admin_calendar_sla_test.rb
   rm test/browser/admin_drag_drop_to_new_group_test.rb
   rm test/browser/admin_overview_test.rb
   rm test/browser/admin_permissions_granular_vs_full_test.rb
diff --git a/spec/system/manage/sla_spec.rb b/spec/system/manage/sla_spec.rb
index e667856ef..385109e81 100644
--- a/spec/system/manage/sla_spec.rb
+++ b/spec/system/manage/sla_spec.rb
@@ -57,4 +57,23 @@ RSpec.describe 'Manage > Sla', type: :system do
       expect(page.find('input[name=solution_time_in_text]')[:required]).not_to eq('true')
     end
   end
+
+  context 'when using custom calendars' do
+    let(:calendar) { create(:calendar) }
+
+    it 'allows to select custom calendars' do
+      calendar
+      page.refresh
+      click '.js-new'
+
+      within '.modal-dialog' do
+        fill_in :name, with: 'SLA with custom calendar'
+        select calendar.name, from: :calendar_id
+        click '.js-submit'
+      end
+
+      modal_disappear
+      expect(page).to have_text(calendar.name)
+    end
+  end
 end
diff --git a/test/browser/admin_calendar_sla_test.rb b/test/browser/admin_calendar_sla_test.rb
deleted file mode 100644
index 8f0580aa2..000000000
--- a/test/browser/admin_calendar_sla_test.rb
+++ /dev/null
@@ -1,85 +0,0 @@
-# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
-
-require 'browser_test_helper'
-
-class AdminCalendarSlaTest < TestCase
-  def test_calendar
-    @browser = browser_instance
-    login(
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-    tasks_close_all
-
-    calendar_name = "ZZZ some calendar #{SecureRandom.uuid}"
-    sla_name = "ZZZ some sla #{SecureRandom.uuid}"
-    timezone = 'Europe/Berlin'
-    timezone_verify = "Europe/Berlin\s\\(GMT\\+(2|1)\\)"
-    calendar_create(
-      data: {
-        name:     calendar_name,
-        timezone: timezone,
-      }
-    )
-
-    # got to maintanance
-    click(css: '[href="#manage"]')
-    click(css: '[href="#system/maintenance"]')
-    watch_for(
-      css:     '.content.active',
-      value:   'Enable or disable the maintenance mode',
-      timeout: 4,
-    )
-
-    # go back
-    click(css: '[href="#manage"]')
-    click(css: '[href="#manage/calendars"]')
-    watch_for(
-      css:     '.content.active',
-      value:   calendar_name,
-      timeout: 4,
-    )
-
-    logout
-
-    login(
-      username: 'admin@example.com',
-      password: 'test',
-    )
-
-    # check if admin exists
-    click(css: '[href="#manage"]')
-    click(css: '[href="#manage/calendars"]')
-    watch_for(
-      css:     '.content.active',
-      value:   calendar_name,
-      timeout: 4,
-    )
-
-    # @browser.execute_script('$(\'.content.active table tr td:contains(" ' + data[:name] + '")\').first().click()')
-    @browser.execute_script('$(\'.content.active .main .js-edit\').last().click()')
-
-    modal_ready(browser: @browser)
-    watch_for(
-      css:     '.content.active .modal input[name=name]',
-      value:   calendar_name,
-      timeout: 4,
-    )
-    watch_for(
-      css:     '.content.active .modal input.js-input',
-      value:   timezone_verify,
-      timeout: 4,
-    )
-    modal_close
-
-    sla_create(
-      data: {
-        name:                        sla_name,
-        calendar:                    "#{calendar_name} - #{timezone}",
-        first_response_time_in_text: 61
-      },
-    )
-
-  end
-end

From c335147d625d78bcc25320cb0f783379a57b59d5 Mon Sep 17 00:00:00 2001
From: Dominik Klein <dk@zammad.com>
Date: Wed, 29 Sep 2021 17:17:21 +0200
Subject: [PATCH 10/65] Maintenance: Port customer ticket create fields test to
 capybara.

---
 script/build/test_slice_tests.sh              |  6 ---
 spec/system/ticket/create_spec.rb             | 33 +++++++++++++
 .../customer_ticket_create_fields_test.rb     | 47 -------------------
 3 files changed, 33 insertions(+), 53 deletions(-)
 delete mode 100644 test/browser/customer_ticket_create_fields_test.rb

diff --git a/script/build/test_slice_tests.sh b/script/build/test_slice_tests.sh
index 8da4c701d..dd79296ab 100755
--- a/script/build/test_slice_tests.sh
+++ b/script/build/test_slice_tests.sh
@@ -46,7 +46,6 @@ if [ "$LEVEL" == '1' ]; then
   rm test/browser/agent_user_manage_test.rb
   rm test/browser/agent_user_profile_test.rb
   # test/browser/auth_test.rb
-  rm test/browser/customer_ticket_create_fields_test.rb
   rm test/browser/customer_ticket_create_test.rb
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
@@ -105,7 +104,6 @@ elif [ "$LEVEL" == '2' ]; then
   rm test/browser/agent_user_manage_test.rb
   rm test/browser/agent_user_profile_test.rb
   rm test/browser/auth_test.rb
-  rm test/browser/customer_ticket_create_fields_test.rb
   rm test/browser/customer_ticket_create_test.rb
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
@@ -164,7 +162,6 @@ elif [ "$LEVEL" == '3' ]; then
   rm test/browser/agent_user_manage_test.rb
   rm test/browser/agent_user_profile_test.rb
   rm test/browser/auth_test.rb
-  rm test/browser/customer_ticket_create_fields_test.rb
   rm test/browser/customer_ticket_create_test.rb
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
@@ -223,7 +220,6 @@ elif [ "$LEVEL" == '4' ]; then
   rm test/browser/agent_user_manage_test.rb
   rm test/browser/agent_user_profile_test.rb
   rm test/browser/auth_test.rb
-  # test/browser/customer_ticket_create_fields_test.rb
   # test/browser/customer_ticket_create_test.rb
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
@@ -281,7 +277,6 @@ elif [ "$LEVEL" == '5' ]; then
   # test/browser/agent_user_manage_test.rb
   # test/browser/agent_user_profile_test.rb
   rm test/browser/auth_test.rb
-  rm test/browser/customer_ticket_create_fields_test.rb
   rm test/browser/customer_ticket_create_test.rb
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
@@ -342,7 +337,6 @@ elif [ "$LEVEL" == '6' ]; then
   rm test/browser/agent_user_manage_test.rb
   rm test/browser/agent_user_profile_test.rb
   rm test/browser/auth_test.rb
-  rm test/browser/customer_ticket_create_fields_test.rb
   rm test/browser/customer_ticket_create_test.rb
   # test/browser/first_steps_test.rb
   # test/browser/integration_test.rb
diff --git a/spec/system/ticket/create_spec.rb b/spec/system/ticket/create_spec.rb
index 05a11b108..debac63c2 100644
--- a/spec/system/ticket/create_spec.rb
+++ b/spec/system/ticket/create_spec.rb
@@ -500,6 +500,39 @@ RSpec.describe 'Ticket Create', type: :system do
     end
   end
 
+  context 'when agent and customer user login after another' do
+    let(:agent) { create(:agent, password: 'test') }
+    let(:customer) { create(:customer, password: 'test') }
+
+    it 'customer user should not have agent object attributes', authenticated_as: :agent do
+      visit 'ticket/create'
+
+      logout
+
+      # Re-create agent session and fetch object attributes.
+      login(
+        username: agent.login,
+        password: 'test'
+      )
+      visit 'ticket/create'
+
+      # Re-remove local object attributes bound to the session
+      # there was an issue (#1856) where the old attribute values
+      # persisted and were stored as the original attributes.
+      logout
+
+      # Create customer session and fetch object attributes.
+      login(
+        username: customer.login,
+        password: 'test'
+      )
+
+      visit 'customer_ticket_new'
+
+      expect(page).to have_no_css('.newTicket input[name="customer_id"]')
+    end
+  end
+
   describe 'It should be possible to show attributes which are configured shown false #3726', authenticated_as: :authenticate, db_strategy: :reset do
     let(:field_name) { SecureRandom.uuid }
     let(:field) do
diff --git a/test/browser/customer_ticket_create_fields_test.rb b/test/browser/customer_ticket_create_fields_test.rb
deleted file mode 100644
index c7ee90222..000000000
--- a/test/browser/customer_ticket_create_fields_test.rb
+++ /dev/null
@@ -1,47 +0,0 @@
-# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
-
-require 'browser_test_helper'
-
-class CustomerTicketCreateFieldsTest < TestCase
-  def test_customer_ticket_create_fields
-    @browser = browser_instance
-
-    # create agent session and fetch object attributes
-    login(
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-    # remove local object attributes bound to the session
-    logout
-
-    # re-create agent session and fetch object attributes
-    login(
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-    # re-remove local object attributes bound to the session
-    # there was an issue (#1856) where the old attribute values
-    # persisted and were stored as the original attributes
-    logout
-
-    # create customer session and fetch object attributes
-    login(
-      username: 'nicole.braun@zammad.org',
-      password: 'test',
-      url:      browser_url,
-    )
-
-    # customer ticket create
-    click(css: 'a[href="#new"]', only_if_exists: true)
-    click(css: 'a[href="#customer_ticket_new"]')
-    sleep 2
-
-    # ensure that the object attributes of the agent session
-    # were removed properly and won't get displayed in the form
-    exists_not(
-      css: '.newTicket input[name="customer_id"]',
-    )
-  end
-end

From 4e4ba091d40484181df3dc503586dbf05feeccfa Mon Sep 17 00:00:00 2001
From: Rolf Schmidt <rolf.schmidt@zammad.com>
Date: Wed, 29 Sep 2021 15:18:47 +0100
Subject: [PATCH 11/65] Fixes #3776 - Force users to reload after system
 migration.

---
 .../20210929161701_reload_after_core_workflow.rb      | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 db/migrate/20210929161701_reload_after_core_workflow.rb

diff --git a/db/migrate/20210929161701_reload_after_core_workflow.rb b/db/migrate/20210929161701_reload_after_core_workflow.rb
new file mode 100644
index 000000000..a936e3653
--- /dev/null
+++ b/db/migrate/20210929161701_reload_after_core_workflow.rb
@@ -0,0 +1,11 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+class ReloadAfterCoreWorkflow < ActiveRecord::Migration[4.2]
+  def up
+
+    # return if it's a new setup
+    return if !Setting.exists?(name: 'system_init_done')
+
+    AppVersion.set(true, 'app_version')
+  end
+end

From 51933e3b76a6b7bfd716ae73cb0274adaf6126c8 Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Thu, 30 Sep 2021 09:18:16 +0200
Subject: [PATCH 12/65] Maintenance: Bump rubocop from 1.21.0 to 1.22.0

---
 Gemfile.lock                                   | 4 ++--
 app/models/channel/email_parser.rb             | 2 +-
 lib/html_sanitizer.rb                          | 4 ++--
 test/integration/email_postmaster_to_sender.rb | 8 ++------
 test/test_helper.rb                            | 2 +-
 5 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index f41562771..b9dbee417 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -498,13 +498,13 @@ GEM
       rspec-support (~> 3.10)
     rspec-support (3.10.2)
     rszr (0.5.2)
-    rubocop (1.21.0)
+    rubocop (1.22.0)
       parallel (~> 1.10)
       parser (>= 3.0.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml
-      rubocop-ast (>= 1.9.1, < 2.0)
+      rubocop-ast (>= 1.12.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 3.0)
     rubocop-ast (1.12.0)
diff --git a/app/models/channel/email_parser.rb b/app/models/channel/email_parser.rb
index 9c132dc48..57ed916ff 100644
--- a/app/models/channel/email_parser.rb
+++ b/app/models/channel/email_parser.rb
@@ -502,7 +502,7 @@ process unprocessable_mails (tmp/unprocessable_mail/*.eml) again
     path = Rails.root.join('tmp/unprocessable_mail')
     files = []
     Dir.glob("#{path}/*.eml") do |entry|
-      ticket, _article, _user, _mail = Channel::EmailParser.new.process(params, IO.binread(entry))
+      ticket, _article, _user, _mail = Channel::EmailParser.new.process(params, File.binread(entry))
       next if ticket.blank?
 
       files.push entry
diff --git a/lib/html_sanitizer.rb b/lib/html_sanitizer.rb
index 2ca0819b9..440f3b94e 100644
--- a/lib/html_sanitizer.rb
+++ b/lib/html_sanitizer.rb
@@ -161,8 +161,8 @@ satinize html string based on whiltelist
         # wrap plain-text URLs in <a> tags
         if node.is_a?(Nokogiri::XML::Text) && node.content.present? && node.content.include?(':') && node.ancestors.map(&:name).exclude?('a')
           urls = URI.extract(node.content, LINKABLE_URL_SCHEMES)
-                    .map { |u| u.sub(%r{[,.]$}, '') }      # URI::extract captures trailing dots/commas
-                    .reject { |u| u.match?(%r{^[^:]+:$}) } # URI::extract will match, e.g., 'tel:'
+                    .map { |u| u.sub(%r{[,.]$}, '') } # URI::extract captures trailing dots/commas
+                    .grep_v(%r{^[^:]+:$}) # URI::extract will match, e.g., 'tel:'
 
           next if urls.blank?
 
diff --git a/test/integration/email_postmaster_to_sender.rb b/test/integration/email_postmaster_to_sender.rb
index b66625921..af10ad22d 100644
--- a/test/integration/email_postmaster_to_sender.rb
+++ b/test/integration/email_postmaster_to_sender.rb
@@ -104,9 +104,7 @@ Oversized Email Message Body #{'#' * 120_000}
     # 1. verify that the oversized email has been saved locally to:
     # /tmp/oversized_mail/yyyy-mm-ddThh:mm:ss-:md5.eml
     path = Rails.root.join('tmp/oversized_mail')
-    target_files = Dir.entries(path).select do |filename|
-      filename =~ %r{^#{large_message_md5}\.eml$}
-    end
+    target_files = Dir.entries(path).grep(%r{^#{large_message_md5}\.eml$})
     assert(target_files.present?, 'Large message .eml log file must be present.')
 
     # pick the latest file that matches the criteria
@@ -193,9 +191,7 @@ Oversized Email Message Body #{'#' * 120_000}
     # 1. verify that the oversized email has been saved locally to:
     # /tmp/oversized_mail/yyyy-mm-ddThh:mm:ss-:md5.eml
     path = Rails.root.join('tmp/oversized_mail')
-    target_files = Dir.entries(path).select do |filename|
-      filename =~ %r{^.+?\.eml$}
-    end
+    target_files = Dir.entries(path).grep(%r{^.+?\.eml$})
     assert_not(target_files.blank?, 'Large message .eml log file must be blank.')
 
     # 2. verify that a postmaster response email has been sent to the sender
diff --git a/test/test_helper.rb b/test/test_helper.rb
index ad9295bfe..fe893a130 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -62,7 +62,7 @@ class ActiveSupport::TestCase
     # read config file and count type & recipients
     file = Rails.root.join('log', "#{Rails.env}.log")
     lines = []
-    IO.foreach(file) do |line|
+    File.foreach(file) do |line|
       lines.push line
     end
     count = 0

From 4f3e7f4003f97ea75e1ff953e82e46369bd9ec4b Mon Sep 17 00:00:00 2001
From: Romit Choudhary <rc@zammad.com>
Date: Thu, 30 Sep 2021 09:25:13 +0200
Subject: [PATCH 13/65] Fixes #2780 - Shared Organisation issue create your
 first ticket

---
 .../app/controllers/ticket_overview.coffee          |  2 +-
 .../app/views/customer_not_ticket_exists.jst.eco    | 12 ++++++++----
 spec/system/overview_spec.rb                        | 13 +++++++++++++
 3 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/app/assets/javascripts/app/controllers/ticket_overview.coffee b/app/assets/javascripts/app/controllers/ticket_overview.coffee
index d9231b347..aa254c6e3 100644
--- a/app/assets/javascripts/app/controllers/ticket_overview.coffee
+++ b/app/assets/javascripts/app/controllers/ticket_overview.coffee
@@ -1314,7 +1314,7 @@ class Table extends App.Controller
     return if ticketListShow[0] || @permissionCheck('ticket.agent')
 
     tickets_count = user.lifetimeCustomerTicketsCount()
-    @html App.view('customer_not_ticket_exists')(has_any_tickets: tickets_count > 0)
+    @html App.view('customer_not_ticket_exists')(has_any_tickets: tickets_count > 0, is_allowed_to_create_ticket: @Config.get('customer_ticket_create'))
 
     if tickets_count == 0
       @listenTo user, 'refresh', =>
diff --git a/app/assets/javascripts/app/views/customer_not_ticket_exists.jst.eco b/app/assets/javascripts/app/views/customer_not_ticket_exists.jst.eco
index dfd72889b..17aa5bfbe 100644
--- a/app/assets/javascripts/app/views/customer_not_ticket_exists.jst.eco
+++ b/app/assets/javascripts/app/views/customer_not_ticket_exists.jst.eco
@@ -6,11 +6,15 @@
         <% if @has_any_tickets: %>
           <p><%- @T('You have no tickets to display in this overview.') %></p>
         <% else: %>
-          <p><%- @T('You have not created a ticket yet.') %></p>
-          <p><%- @T('The way to communicate with us is this thing called "ticket".') %></p>
-          <p><%- @T('Please click the button below to create your first one.') %></p>
+          <% if @is_allowed_to_create_ticket: %>
+            <p><%- @T('You have not created a ticket yet.') %></p>
+            <p><%- @T('The way to communicate with us is this thing called "ticket".') %></p>
+            <p><%- @T('Please click the button below to create your first one.') %></p>
 
-          <p><a class="btn btn--primary" href="#customer_ticket_new"><%- @T('Create your first ticket') %></a></p>
+            <p><a class="btn btn--primary" href="#customer_ticket_new"><%- @T('Create your first ticket') %></a></p>
+          <% else: %>
+            <p><%- @T('You currently don\'t have any tickets.') %></p>
+          <% end %>
         <% end %>
       </div>
     </div>
diff --git a/spec/system/overview_spec.rb b/spec/system/overview_spec.rb
index f984e1626..50402cfe8 100644
--- a/spec/system/overview_spec.rb
+++ b/spec/system/overview_spec.rb
@@ -23,6 +23,19 @@ RSpec.describe 'Overview', type: :system do
       end
     end
 
+    def authenticate
+      Setting.set('customer_ticket_create', false)
+      customer
+    end
+
+    it 'does not show create button when ticket creation via web is disabled', authenticated_as: :authenticate do
+      visit "ticket/view/#{main_overview.link}"
+
+      within :active_content do
+        expect(page).to have_text 'You currently don\'t have any tickets.'
+      end
+    end
+
     it 'shows overview-specific message if customer has tickets in other overview', performs_jobs: true do
       perform_enqueued_jobs only: TicketUserTicketCounterJob do
         create(:ticket, customer: customer)

From dbb93bf02ce46a7aed29a39619ea9dece66e7f28 Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Thu, 30 Sep 2021 10:15:34 +0200
Subject: [PATCH 14/65] Maintenance: Improve MR template.

---
 .gitlab/merge_request_templates/Default.md | 40 ++++++++++++++++++----
 1 file changed, 34 insertions(+), 6 deletions(-)

diff --git a/.gitlab/merge_request_templates/Default.md b/.gitlab/merge_request_templates/Default.md
index 941bbfadc..477469157 100644
--- a/.gitlab/merge_request_templates/Default.md
+++ b/.gitlab/merge_request_templates/Default.md
@@ -1,8 +1,9 @@
 ## What does this MR do?
 
-<!-- Is there a lot to say? Consider creating an issue. -->
+<!--Insert the link to a GitHub issue in (), or describe the changes if there is no issue -->
+[Issue Link]()
 
-## Screenshots  <!-- Optional -->
+## Screenshots  <!-- Optional, very helpful for the reviewer colleagues from other teams -->
 
 ### Before
 
@@ -12,7 +13,7 @@
 
 ![alt text](https://example.com/after.png)
 
-## Notes
+## Code Changes
 
 * This MR
   **does**  <!-- KEEP ONLY ONE -->
@@ -58,9 +59,36 @@ How do your performance changes scale on a system of this size?
 they are really big customers, and we want to keep their business!)
 -->
 
-### Follow-up Required  <!-- Optional -->
+### Documentation Follow-up Required?
+
+<!-- Keep one of the two sections -->
 
 <!--
-Does your MR require coordination with the documentation/support teams?
-If so, apply the label and explain here.
+If this MR does change:
+- How the user experiences or uses the application
+  - Visual appearance
+  - Screen flow
+  - Texts
+- How the application is deployed an maintained
+  - Deployment process
+  - System requirements
+  - Command line interfaces
+ -->
+This MR may require follow-up by the documentation team.
+/label ~Documentation
+
+<!--
+Otherwise
 -->
+This MR does not require any follow-up.
+
+## QA Checklist (to be filled by the reviewer)
+
+- [ ] Implementation satisfies specification
+- [ ] Changes confirmed by manual testing
+- [ ] [Code style](https://git.znuny.com/zammad/zammad/-/wikis/Coding-style-guide) is appropriate
+- [ ] Performance will not degrade
+- [ ] Code is properly covered with tests
+- If follow-up by the documentation team is needed:
+  - [ ] Add a comment with this text
+> @<!-- don't treat this as a mention until copied -->MrGeneration please check if this MR requires changes to the documentation. Thanks!

From 489177cca18b87979ca437b82c201fa3ff43d7ab Mon Sep 17 00:00:00 2001
From: benrubson <6764151+benrubson@users.noreply.github.com>
Date: Tue, 28 Sep 2021 21:03:29 +0200
Subject: [PATCH 15/65] Fixes #2674, closes #3775 - Zammad preflight check
 warning output causes Syntax-Error in postinstall.sh and failing
 installation.

---
 contrib/packager.io/functions | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/packager.io/functions b/contrib/packager.io/functions
index 2847672f5..362d065d9 100644
--- a/contrib/packager.io/functions
+++ b/contrib/packager.io/functions
@@ -228,7 +228,7 @@ function create_webserver_config () {
 function setup_elasticsearch () {
   echo "# Configuring Elasticsearch..."
 
-  ES_CONNECTION="$(zammad run rails r "puts Setting.get('es_url')"| tail -n 1 2>> /dev/null)"
+  ES_CONNECTION="$(zammad run rails r "puts '',Setting.get('es_url')"| tail -n 1 2>> /dev/null)"
 
   if [ -z "${ES_CONNECTION}" ]; then
     echo "-- Nevermind, no es_url is set, leaving Elasticsearch untouched ...!"

From 9c5a11f36e603abe96a43d713ae41f8aae33483d Mon Sep 17 00:00:00 2001
From: Mantas Masalskis <mm@zammad.com>
Date: Fri, 1 Oct 2021 11:56:09 +0200
Subject: [PATCH 16/65] Maintenance: Rubocop uses custom inflections

---
 .rubocop/default.yml                                       | 2 ++
 Gemfile                                                    | 1 +
 Gemfile.lock                                               | 7 ++++++-
 config/initializers/inflections.rb                         | 2 +-
 .../20210923172256_issue_2619_kb_header_link_color.rb      | 2 +-
 spec/integration/github_spec.rb                            | 2 +-
 spec/integration/gitlab_spec.rb                            | 2 +-
 7 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/.rubocop/default.yml b/.rubocop/default.yml
index bf0656c06..f08267c10 100644
--- a/.rubocop/default.yml
+++ b/.rubocop/default.yml
@@ -6,6 +6,8 @@ require:
   - rubocop-performance
   - rubocop-rails
   - rubocop-rspec
+  - rubocop-inflector
+  - ../config/initializers/inflections.rb
   - ./rubocop_zammad.rb
 
 inherit_from:
diff --git a/Gemfile b/Gemfile
index 08c7be873..6ce41c930 100644
--- a/Gemfile
+++ b/Gemfile
@@ -198,6 +198,7 @@ group :development, :test do
   gem 'overcommit'
   gem 'rubocop'
   gem 'rubocop-faker'
+  gem 'rubocop-inflector'
   gem 'rubocop-performance'
   gem 'rubocop-rails'
   gem 'rubocop-rspec'
diff --git a/Gemfile.lock b/Gemfile.lock
index b9dbee417..f37b75ee5 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -512,6 +512,10 @@ GEM
     rubocop-faker (1.1.0)
       faker (>= 2.12.0)
       rubocop (>= 0.82.0)
+    rubocop-inflector (0.1.1)
+      activesupport
+      rubocop
+      rubocop-rspec
     rubocop-performance (1.11.5)
       rubocop (>= 1.7.0, < 2.0)
       rubocop-ast (>= 0.4.0)
@@ -729,6 +733,7 @@ DEPENDENCIES
   rszr (= 0.5.2)
   rubocop
   rubocop-faker
+  rubocop-inflector
   rubocop-performance
   rubocop-rails
   rubocop-rspec
@@ -762,4 +767,4 @@ RUBY VERSION
    ruby 2.7.4p191
 
 BUNDLED WITH
-   2.2.20
+   2.2.27
diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb
index c73fe85db..8bfe2e324 100644
--- a/config/initializers/inflections.rb
+++ b/config/initializers/inflections.rb
@@ -21,7 +21,7 @@ ActiveSupport::Inflector.inflections(:en) do |inflect|
 
   # Rails thinks the singularized version of knowledge_bases is knowledge_basis?!
   # see: KnowledgeBase.table_name.singularize
-  inflect.singular(%r{(knowledge_base)s$}i, '\1')
+  inflect.irregular 'base', 'bases'
   inflect.acronym 'SMIME'
   inflect.acronym 'GitLab'
   inflect.acronym 'GitHub'
diff --git a/db/migrate/20210923172256_issue_2619_kb_header_link_color.rb b/db/migrate/20210923172256_issue_2619_kb_header_link_color.rb
index b2b39ea8b..53e0e680d 100644
--- a/db/migrate/20210923172256_issue_2619_kb_header_link_color.rb
+++ b/db/migrate/20210923172256_issue_2619_kb_header_link_color.rb
@@ -4,7 +4,7 @@ class Issue2619KbHeaderLinkColor < ActiveRecord::Migration[6.0]
   def up
     return if !Setting.exists?(name: 'system_init_done')
 
-    add_column :knowledge_bases, :color_header_link, :string, limit: 25, null: false, default: 'hsl(206,8%,50%)' # rubocop:disable Zammad/ExistsResetColumnInformation
+    add_column :knowledge_bases, :color_header_link, :string, limit: 25, null: false, default: 'hsl(206,8%,50%)'
     change_column_default :knowledge_bases, :color_header_link, nil
     KnowledgeBase.reset_column_information
   end
diff --git a/spec/integration/github_spec.rb b/spec/integration/github_spec.rb
index 1f38c81de..060009657 100644
--- a/spec/integration/github_spec.rb
+++ b/spec/integration/github_spec.rb
@@ -1,7 +1,7 @@
 # Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
 
 require 'rails_helper'
-RSpec.describe GitHub, type: :integration, required_envs: %w[GITHUB_ENDPOINT GITHUB_APITOKEN] do # rubocop:disable RSpec/FilePath
+RSpec.describe GitHub, type: :integration, required_envs: %w[GITHUB_ENDPOINT GITHUB_APITOKEN] do
 
   let(:instance) { described_class.new(ENV['GITHUB_ENDPOINT'], ENV['GITHUB_APITOKEN']) }
   let(:issue_data) do
diff --git a/spec/integration/gitlab_spec.rb b/spec/integration/gitlab_spec.rb
index 3810c78b3..788e376f6 100644
--- a/spec/integration/gitlab_spec.rb
+++ b/spec/integration/gitlab_spec.rb
@@ -1,7 +1,7 @@
 # Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
 
 require 'rails_helper'
-RSpec.describe GitLab, type: :integration, required_envs: %w[GITLAB_ENDPOINT GITLAB_APITOKEN] do # rubocop:disable RSpec/FilePath
+RSpec.describe GitLab, type: :integration, required_envs: %w[GITLAB_ENDPOINT GITLAB_APITOKEN] do
 
   let(:instance) { described_class.new(ENV['GITLAB_ENDPOINT'], ENV['GITLAB_APITOKEN']) }
   let(:issue_data) do

From 79bacb14aa1c1dc40e50909f5ee942cd3d6dbc84 Mon Sep 17 00:00:00 2001
From: Rolf Schmidt <rolf.schmidt@zammad.com>
Date: Thu, 30 Sep 2021 13:19:08 +0100
Subject: [PATCH 17/65] Follow up 4e4ba091d40484181df3dc503586dbf05feeccfa -
 Fixes #3776 - Force users to reload after system migration.

---
 db/migrate/20210929161701_reload_after_core_workflow.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/db/migrate/20210929161701_reload_after_core_workflow.rb b/db/migrate/20210929161701_reload_after_core_workflow.rb
index a936e3653..2a3004141 100644
--- a/db/migrate/20210929161701_reload_after_core_workflow.rb
+++ b/db/migrate/20210929161701_reload_after_core_workflow.rb
@@ -1,6 +1,6 @@
 # Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
 
-class ReloadAfterCoreWorkflow < ActiveRecord::Migration[4.2]
+class ReloadAfterCoreWorkflow < ActiveRecord::Migration[6.0]
   def up
 
     # return if it's a new setup

From 5bd714878aa93f0321eaf60820d3ed95d00e2f15 Mon Sep 17 00:00:00 2001
From: Rolf Schmidt <rolf.schmidt@zammad.com>
Date: Fri, 1 Oct 2021 12:25:06 +0200
Subject: [PATCH 18/65] Fixes #3781 - ObjectManager Attribute without screen
 attribute causes CoreWorkflows migration to fail

---
 db/migrate/20210128131507_init_core_workflow.rb             | 6 ++++++
 .../20210921112300_issue_3751_missing_workflow_screens.rb   | 4 ++++
 2 files changed, 10 insertions(+)

diff --git a/db/migrate/20210128131507_init_core_workflow.rb b/db/migrate/20210128131507_init_core_workflow.rb
index ad4782b78..1c29a9e13 100644
--- a/db/migrate/20210128131507_init_core_workflow.rb
+++ b/db/migrate/20210128131507_init_core_workflow.rb
@@ -75,6 +75,8 @@ class InitCoreWorkflow < ActiveRecord::Migration[5.2]
 
   def fix_pending_time
     pending_time = ObjectManager::Attribute.find_by(name: 'pending_time', object_lookup: ObjectLookup.find_by(name: 'Ticket'))
+    return if pending_time.blank?
+
     pending_time.data_option.delete('required_if')
     pending_time.data_option.delete('shown_if')
     pending_time.save
@@ -83,6 +85,8 @@ class InitCoreWorkflow < ActiveRecord::Migration[5.2]
   def fix_organization_screens
     %w[domain note].each do |name|
       field = ObjectManager::Attribute.find_by(name: name, object_lookup: ObjectLookup.find_by(name: 'Organization'))
+      next if field.blank?
+
       field.screens['create'] ||= {}
       field.screens['create']['-all-'] ||= {}
       field.screens['create']['-all-']['null'] = true
@@ -93,6 +97,8 @@ class InitCoreWorkflow < ActiveRecord::Migration[5.2]
   def fix_user_screens
     %w[email web phone mobile organization_id fax department street zip city country address password vip note role_ids].each do |name|
       field = ObjectManager::Attribute.find_by(name: name, object_lookup: ObjectLookup.find_by(name: 'User'))
+      next if field.blank?
+
       field.screens['create'] ||= {}
       field.screens['create']['-all-'] ||= {}
       field.screens['create']['-all-']['null'] = true
diff --git a/db/migrate/20210921112300_issue_3751_missing_workflow_screens.rb b/db/migrate/20210921112300_issue_3751_missing_workflow_screens.rb
index f1eaade52..aae63c2b5 100644
--- a/db/migrate/20210921112300_issue_3751_missing_workflow_screens.rb
+++ b/db/migrate/20210921112300_issue_3751_missing_workflow_screens.rb
@@ -11,6 +11,8 @@ class Issue3751MissingWorkflowScreens < ActiveRecord::Migration[6.0]
   def fix_organization_screens_create
     %w[name shared domain_assignment active].each do |name|
       field = ObjectManager::Attribute.find_by(name: name, object_lookup: ObjectLookup.find_by(name: 'Organization'))
+      next if field.blank?
+
       field.screens['create'] ||= {}
       field.screens['create']['-all-'] ||= {}
       field.screens['create']['-all-']['null'] = false
@@ -21,6 +23,8 @@ class Issue3751MissingWorkflowScreens < ActiveRecord::Migration[6.0]
   def fix_user_screens_create
     %w[firstname lastname active].each do |name|
       field = ObjectManager::Attribute.find_by(name: name, object_lookup: ObjectLookup.find_by(name: 'User'))
+      next if field.blank?
+
       field.screens['create'] ||= {}
       field.screens['create']['-all-'] ||= {}
       field.screens['create']['-all-']['null'] = false

From 03bcf6612685e24e4be11399c976c2f8be4c7aa5 Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Mon, 4 Oct 2021 07:02:01 +0200
Subject: [PATCH 19/65] Maintenance: Updated argon2, async-pool, jwt and
 rubocop gems.

---
 Gemfile.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index f37b75ee5..f776bcd79 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -90,7 +90,7 @@ GEM
       activerecord (>= 4.2)
     addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
-    argon2 (2.0.3)
+    argon2 (2.1.0)
       ffi (~> 1.14)
       ffi-compiler (~> 1.0)
     ast (2.4.2)
@@ -110,7 +110,7 @@ GEM
       faraday
     async-io (1.32.2)
       async
-    async-pool (0.3.8)
+    async-pool (0.3.9)
       async (>= 1.25)
     autoprefixer-rails (10.3.3.0)
       execjs (~> 2)
@@ -293,7 +293,7 @@ GEM
     iniparse (1.5.0)
     interception (0.5)
     json (2.5.1)
-    jwt (2.2.3)
+    jwt (2.3.0)
     kgio (2.11.4)
     koala (3.0.0)
       addressable
@@ -498,7 +498,7 @@ GEM
       rspec-support (~> 3.10)
     rspec-support (3.10.2)
     rszr (0.5.2)
-    rubocop (1.22.0)
+    rubocop (1.22.1)
       parallel (~> 1.10)
       parser (>= 3.0.0.0)
       rainbow (>= 2.2.2, < 4.0)

From dd66c30d59d3d4d29d37e4ba0873fcba1f67316f Mon Sep 17 00:00:00 2001
From: Rolf Schmidt <rolf.schmidt@zammad.com>
Date: Mon, 4 Oct 2021 10:50:14 +0200
Subject: [PATCH 20/65] Follow up 5f2181d8a3e8a86acdc6ce0576343e23242c407d -
 Fixes #3757 - escaped 'Set fixed' workflows don't refresh set values on
 active ticket sessions.

---
 .../app/controllers/ticket_zoom.coffee        |  5 +-
 .../ticket_zoom/sidebar_ticket.coffee         | 10 ++++
 spec/system/ticket/zoom_spec.rb               | 59 +++++++++++++++++++
 3 files changed, 72 insertions(+), 2 deletions(-)

diff --git a/app/assets/javascripts/app/controllers/ticket_zoom.coffee b/app/assets/javascripts/app/controllers/ticket_zoom.coffee
index 9a9bad539..6b560691b 100644
--- a/app/assets/javascripts/app/controllers/ticket_zoom.coffee
+++ b/app/assets/javascripts/app/controllers/ticket_zoom.coffee
@@ -200,10 +200,10 @@ class App.TicketZoom extends App.Controller
     formMeta   = data.form_meta
 
     # on the following states we want to rerender the ticket:
-    # - if the object attribute configuration has changed (attribute values, restrictions, filters)
+    # - if the object attribute configuration has changed (attribute values, dependecies, filters)
     # - if the user view has changed (agent/customer)
     # - if the ticket permission has changed (read/write/full)
-    if @view && ( !_.isEqual(@formMeta, formMeta) || @view isnt view || @readable isnt readable || @changeable isnt changeable || @fullable isnt fullable )
+    if @view && ( !_.isEqual(@formMeta.configure_attributes, formMeta.configure_attributes) || !_.isEqual(@formMeta.dependencies, formMeta.dependencies) || !_.isEqual(@formMeta.filter, formMeta.filter) || @view isnt view || @readable isnt readable || @changeable isnt changeable || @fullable isnt fullable )
       @renderDone = false
 
     @view       = view
@@ -214,6 +214,7 @@ class App.TicketZoom extends App.Controller
 
     # render page
     @render(local)
+    App.Event.trigger('ui::ticket::load', data)
 
   meta: =>
 
diff --git a/app/assets/javascripts/app/controllers/ticket_zoom/sidebar_ticket.coffee b/app/assets/javascripts/app/controllers/ticket_zoom/sidebar_ticket.coffee
index 2cf626c38..bdb18819b 100644
--- a/app/assets/javascripts/app/controllers/ticket_zoom/sidebar_ticket.coffee
+++ b/app/assets/javascripts/app/controllers/ticket_zoom/sidebar_ticket.coffee
@@ -5,6 +5,13 @@
 class Edit extends App.Controller
   constructor: (params) ->
     super
+    @controllerBind('ui::ticket::load', (data) =>
+      return if data.ticket_id.toString() isnt @ticket.id.toString()
+
+      @ticket   = App.Ticket.find(@ticket.id)
+      @formMeta = data.form_meta
+      @render()
+    )
     @render()
 
   render: =>
@@ -18,6 +25,9 @@ class Edit extends App.Controller
 
     if !_.isEmpty(taskState)
       defaults = _.extend(defaults, taskState)
+      # remove core workflow data because it should trigger a request to get data
+      # for the new ticket + eventually changed task state
+      @formMeta.core_workflow = undefined
 
     if followUpPossible == 'new_ticket' && ticketState != 'closed' ||
        followUpPossible != 'new_ticket' ||
diff --git a/spec/system/ticket/zoom_spec.rb b/spec/system/ticket/zoom_spec.rb
index ebcf07f0b..8a63fba43 100644
--- a/spec/system/ticket/zoom_spec.rb
+++ b/spec/system/ticket/zoom_spec.rb
@@ -2134,4 +2134,63 @@ RSpec.describe 'Ticket zoom', type: :system do
       end
     end
   end
+
+  context 'Basic sidebar handling because of regressions in #3757' do
+    let(:ticket) { create(:ticket, group: Group.find_by(name: 'Users')) }
+
+    before do
+      visit "#ticket/zoom/#{ticket.id}"
+    end
+
+    it 'does show up the new priority' do
+      high_prio = Ticket::Priority.find_by(name: '3 high')
+      ticket.update(priority: high_prio)
+      wait(10, interval: 0.5).until { page.find("select[name='priority_id']").value == high_prio.id.to_s }
+      expect(page.find("select[name='priority_id']").value).to eq(high_prio.id.to_s)
+    end
+
+    it 'does show up the new state and pending time' do
+      pending_state = Ticket::State.find_by(name: 'pending reminder')
+      ticket.update(state: pending_state, pending_time: 1.day.from_now)
+      wait(10, interval: 0.5).until { page.find("select[name='state_id']").value == pending_state.id.to_s }
+      expect(page.find("select[name='state_id']").value).to eq(pending_state.id.to_s)
+      expect(page).to have_selector("div[data-name='pending_time']")
+    end
+
+    it 'does merge attributes with remote priority (ajax) and local state (user)' do
+      select 'closed', from: 'State'
+      high_prio = Ticket::Priority.find_by(name: '3 high')
+      closed_state = Ticket::State.find_by(name: 'closed')
+      ticket.update(priority: high_prio)
+      wait(10, interval: 0.5).until { page.find("select[name='priority_id']").value == high_prio.id.to_s }
+      expect(page.find("select[name='priority_id']").value).to eq(high_prio.id.to_s)
+      expect(page.find("select[name='state_id']").value).to eq(closed_state.id.to_s)
+    end
+
+    context 'when 2 users are in 2 different tickets' do
+      let(:ticket2) { create(:ticket, group: Group.find_by(name: 'Users')) }
+      let(:agent2) { create(:agent, password: 'test', groups: [Group.find_by(name: 'Users')]) }
+
+      before do
+        using_session(:second_browser) do
+          login(
+            username: agent2.login,
+            password: 'test',
+          )
+          visit "#ticket/zoom/#{ticket.id}"
+          visit "#ticket/zoom/#{ticket2.id}"
+        end
+      end
+
+      it 'does not make any changes to the second browser ticket' do
+        closed_state = Ticket::State.find_by(name: 'closed')
+        select 'closed', from: 'State'
+        find('.js-submit').click
+        using_session(:second_browser) do
+          sleep 3
+          expect(page.find("select[name='state_id']").value).not_to eq(closed_state.id.to_s)
+        end
+      end
+    end
+  end
 end

From ca6e510ed4859f2ff214083003d51dc9834ef03d Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Mon, 4 Oct 2021 11:57:32 +0200
Subject: [PATCH 21/65] Maintenance: Specify a certain PostgreSQL version for
 the build process that still works with older platforms.

---
 .pkgr.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pkgr.yml b/.pkgr.yml
index 4e4e94567..e4468d5b5 100644
--- a/.pkgr.yml
+++ b/.pkgr.yml
@@ -116,6 +116,6 @@ env:
   - ZAMMAD_RAILS_PORT=3000
   - ZAMMAD_WEBSOCKET_PORT=6042
 services:
-  - postgres
+  - postgres:13
 before_install: contrib/packager.io/preinstall.sh
 after_install: contrib/packager.io/postinstall.sh

From 798d45b299d7fd4cd99ccffc0fa6bec80eea0381 Mon Sep 17 00:00:00 2001
From: Rolf Schmidt <rolf.schmidt@zammad.com>
Date: Mon, 4 Oct 2021 10:16:46 +0100
Subject: [PATCH 22/65] Maintenance: Add another reload to setup new js for
 core workflow.

---
 ...20211004111501_reload_after_core_workflow_again.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 db/migrate/20211004111501_reload_after_core_workflow_again.rb

diff --git a/db/migrate/20211004111501_reload_after_core_workflow_again.rb b/db/migrate/20211004111501_reload_after_core_workflow_again.rb
new file mode 100644
index 000000000..751d6693e
--- /dev/null
+++ b/db/migrate/20211004111501_reload_after_core_workflow_again.rb
@@ -0,0 +1,11 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+class ReloadAfterCoreWorkflowAgain < ActiveRecord::Migration[6.0]
+  def up
+
+    # return if it's a new setup
+    return if !Setting.exists?(name: 'system_init_done')
+
+    AppVersion.set(true, 'app_version')
+  end
+end

From 32a23f9e8bc71219611b60ebad1c4ad8e1b95cb5 Mon Sep 17 00:00:00 2001
From: Mantas Masalskis <mm@zammad.com>
Date: Mon, 4 Oct 2021 15:42:35 +0200
Subject: [PATCH 23/65] Fixes #3783 - Improve contrasts in answer search for
 articles

---
 app/assets/stylesheets/zammad.scss | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/assets/stylesheets/zammad.scss b/app/assets/stylesheets/zammad.scss
index a4e80733d..c82d33bef 100644
--- a/app/assets/stylesheets/zammad.scss
+++ b/app/assets/stylesheets/zammad.scss
@@ -8447,6 +8447,10 @@ footer {
 
   .dropdown li.with-category, .dropdown.dropdown--actions li.with-category {
     line-height: 19.5px;
+
+    small {
+      color: #fff !important;
+    }
   }
 
   .dropdown.dropdown--actions li.with-category {

From ffa8814d0243e2365b982edcb19acbd10cb2f249 Mon Sep 17 00:00:00 2001
From: Rolf Schmidt <rolf.schmidt@zammad.com>
Date: Mon, 4 Oct 2021 15:47:30 +0200
Subject: [PATCH 24/65] Fixes #3779 - Core Workflow: Add organization condition
 attributes for object User.

---
 .../core_workflow_condition.coffee            |  2 +-
 spec/models/core_workflow_spec.rb             | 39 +++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/app/assets/javascripts/app/controllers/_ui_element/core_workflow_condition.coffee b/app/assets/javascripts/app/controllers/_ui_element/core_workflow_condition.coffee
index 10634e7a4..6cedd5b90 100644
--- a/app/assets/javascripts/app/controllers/_ui_element/core_workflow_condition.coffee
+++ b/app/assets/javascripts/app/controllers/_ui_element/core_workflow_condition.coffee
@@ -23,7 +23,7 @@ class App.UiElement.core_workflow_condition extends App.UiElement.ApplicationSel
       organization:
         name: 'Organization'
         model: 'Organization'
-        model_show: ['Organization']
+        model_show: ['User', 'Organization']
       'customer.organization':
         name: 'Organization'
         model: 'Organization'
diff --git a/spec/models/core_workflow_spec.rb b/spec/models/core_workflow_spec.rb
index 92c94f933..a98241f7a 100644
--- a/spec/models/core_workflow_spec.rb
+++ b/spec/models/core_workflow_spec.rb
@@ -1678,4 +1678,43 @@ RSpec.describe CoreWorkflow, type: :model do
       end
     end
   end
+
+  describe 'Core Workflow: Add organization condition attributes for object User #3779' do
+    let(:organization) { create(:organization, note: 'hello') }
+    let!(:base_payload) do
+      {
+        'event'      => 'core_workflow',
+        'request_id' => 'default',
+        'class_name' => 'User',
+        'screen'     => 'create',
+        'params'     => {},
+      }
+    end
+    let!(:workflow) do
+      create(:core_workflow,
+             object:             'User',
+             condition_selected: {
+               'organization.note': {
+                 operator: 'is',
+                 value:    'hello',
+               },
+             })
+    end
+
+    context 'when new user has no organization' do
+      it 'does not match the workflow' do
+        expect(result[:matched_workflows]).not_to include(workflow.id)
+      end
+    end
+
+    context 'when new user is part of the organization' do
+      let(:payload) do
+        base_payload.merge('params' => { 'organization_id' => organization.id.to_s })
+      end
+
+      it 'does match the workflow' do
+        expect(result[:matched_workflows]).to include(workflow.id)
+      end
+    end
+  end
 end

From 90eca0f1ebea230eb77a338204ca40cc14cbb67c Mon Sep 17 00:00:00 2001
From: Mantas Masalskis <mm@zammad.com>
Date: Mon, 4 Oct 2021 21:05:32 +0200
Subject: [PATCH 25/65] Fixes #3773 - Inconstant alignment in the listing of
 attachments/submit button in new article area Fixes #3774 - Broken dialog
 whiling uploading oversized attachment

---
 .../controllers/_ui_element/richtext.coffee   | 94 ++++++------------
 .../controllers/agent_ticket_create.coffee    | 10 +-
 .../ticket_zoom/article_new.coffee            | 92 ++++-------------
 .../app/lib/app_post/html5_upload.coffee      | 98 +++++++++++++++++++
 .../javascripts/app/lib/base/html5Upload.js   |  3 +-
 .../app/views/generic/attachment.jst.eco      |  2 +-
 app/assets/stylesheets/zammad.scss            |  5 +
 spec/system/ticket/create_spec.rb             | 30 ++++++
 8 files changed, 195 insertions(+), 139 deletions(-)
 create mode 100644 app/assets/javascripts/app/lib/app_post/html5_upload.coffee

diff --git a/app/assets/javascripts/app/controllers/_ui_element/richtext.coffee b/app/assets/javascripts/app/controllers/_ui_element/richtext.coffee
index e20b1479d..b7b027ae7 100644
--- a/app/assets/javascripts/app/controllers/_ui_element/richtext.coffee
+++ b/app/assets/javascripts/app/controllers/_ui_element/richtext.coffee
@@ -6,7 +6,7 @@ class App.UiElement.richtext
       attribute.value = attribute.value.text
 
     item = $( App.view('generic/richtext')(attribute: attribute, toolButtons: @toolButtons) )
-    @contenteditable = item.find('[contenteditable]').ce(
+    item.find('[contenteditable]').ce(
       mode:      attribute.type
       maxlength: attribute.maxlength
       buttons:   attribute.buttons
@@ -21,12 +21,12 @@ class App.UiElement.richtext
         new App[plugin.controller](params)
 
     if attribute.upload
-      @attachments = []
+      attachments = []
       item.append( $( App.view('generic/attachment')(attribute: attribute) ) )
 
-      renderFile = (file) =>
+      renderFile = (file) ->
         item.find('.attachments').append(App.view('generic/attachment_item')(file))
-        @attachments.push file
+        attachments.push file
 
       if params && params.attachments
         for file in params.attachments
@@ -46,10 +46,10 @@ class App.UiElement.richtext
       , form.form_id)
 
       # remove items
-      item.find('.attachments').on('click', '.js-delete', (e) =>
+      item.find('.attachments').on('click', '.js-delete', (e) ->
         id = $(e.currentTarget).data('id')
-        @attachments = _.filter(
-          @attachments,
+        attachments = _.filter(
+          attachments,
           (item) ->
             return if item.id.toString() is id.toString()
             item
@@ -71,67 +71,35 @@ class App.UiElement.richtext
           element.empty()
       )
 
-      @progressBar           = item.find('.attachmentUpload-progressBar')
-      @progressText          = item.find('.js-percentage')
-      @attachmentPlaceholder = item.find('.attachmentPlaceholder')
-      @attachmentUpload      = item.find('.attachmentUpload')
-      @attachmentsHolder     = item.find('.attachments')
-      @cancelContainer       = item.find('.js-cancel')
+      App.Delay.set( ->
+        uploader = new App.Html5Upload(
+          uploadUrl:              "#{App.Config.get('api_path')}/attachments"
+          dropContainer:          item.closest('form')
+          cancelContainer:        item.find('.js-cancel')
+          inputField:             item.find('input')
+          data:
+            form_id: item.closest('form').find('[name=form_id]').val()
 
-      u = => html5Upload.initialize(
-        uploadUrl:              "#{App.Config.get('api_path')}/attachments"
-        dropContainer:          item.closest('form').get(0)
-        cancelContainer:        @cancelContainer
-        inputField:             item.find('input').get(0)
-        maxSimultaneousUploads: 1,
-        key:                    'File'
-        data:
-          form_id: item.closest('form').find('[name=form_id]').val()
-        onFileAdded: (file) =>
+          onFileStartCallback: ->
+            item.find('[contenteditable]').trigger('fileUploadStart')
 
-          file.on(
-            onStart: =>
-              @attachmentPlaceholder.addClass('hide')
-              @attachmentUpload.removeClass('hide')
-              @cancelContainer.removeClass('hide')
-              item.find('[contenteditable]').trigger('fileUploadStart')
-              App.Log.debug 'UiElement.richtext', 'upload start'
+          onFileCompletedCallback: (response) ->
+            renderFile(response.data)
+            item.find('input').val('')
+            item.find('[contenteditable]').trigger('fileUploadStop', ['completed'])
 
-            onAborted: =>
-              @attachmentPlaceholder.removeClass('hide')
-              @attachmentUpload.addClass('hide')
-              item.find('input').val('')
-              item.find('[contenteditable]').trigger('fileUploadStop', ['aborted'])
+          onFileAbortedCallback: ->
+            item.find('input').val('')
+            item.find('[contenteditable]').trigger('fileUploadStop', ['aborted'])
 
-            # Called after received response from the server
-            onCompleted: (response) =>
-              response = JSON.parse(response)
+          attachmentPlaceholder: item.find('.attachmentPlaceholder')
+          attachmentUpload:      item.find('.attachmentUpload')
+          progressBar:           item.find('.attachmentUpload-progressBar')
+          progressText:          item.find('.js-percentage')
+        )
 
-              @attachmentPlaceholder.removeClass('hide')
-              @attachmentUpload.addClass('hide')
-
-              # reset progress bar
-              @progressBar.width(parseInt(0) + '%')
-              @progressText.text('')
-
-              renderFile(response.data)
-              item.find('input').val('')
-              item.find('[contenteditable]').trigger('fileUploadStop', ['completed'])
-              App.Log.debug 'UiElement.richtext', 'upload complete', response.data
-
-            # Called during upload progress, first parameter
-            # is decimal value from 0 to 100.
-            onProgress: (progress, fileSize, uploadedBytes) =>
-              @progressBar.width(parseInt(progress) + '%')
-              @progressText.text(parseInt(progress))
-              # hide cancel on 90%
-              if parseInt(progress) >= 90
-                @cancelContainer.addClass('hide')
-              App.Log.debug 'UiElement.richtext', 'uploadProgress ', parseInt(progress)
-
-          )
-      )
-      App.Delay.set(u, 100, undefined, 'form_upload')
+        uploader.render()
+      , 100, undefined, 'form_upload')
 
     item
 
diff --git a/app/assets/javascripts/app/controllers/agent_ticket_create.coffee b/app/assets/javascripts/app/controllers/agent_ticket_create.coffee
index 5e8a9299a..954aa8859 100644
--- a/app/assets/javascripts/app/controllers/agent_ticket_create.coffee
+++ b/app/assets/javascripts/app/controllers/agent_ticket_create.coffee
@@ -8,7 +8,7 @@ class App.TicketCreate extends App.Controller
   events:
     'click .type-tabs .tab':   'changeFormType'
     'submit form':             'submit'
-    'click .js-cancel':        'cancel'
+    'click .form-controls .js-cancel':        'cancel'
     'click .js-active-toggle': 'toggleButton'
 
   types: {
@@ -184,8 +184,11 @@ class App.TicketCreate extends App.Controller
     @controllerUnbind('ticket_create_rerender', (template) => @renderQueue(template))
 
   changed: =>
+    return true if @hasAttachments()
+
     formCurrent = @formParam( @$('.ticket-create') )
     diff = difference(@formDefault, formCurrent)
+
     return false if !diff || _.isEmpty(diff)
     return true
 
@@ -461,6 +464,9 @@ class App.TicketCreate extends App.Controller
   params: =>
     params = @formParam(@$('.main form'))
 
+  hasAttachments: =>
+    @$('.richtext .attachments .attachment').length > 0
+
   submit: (e) =>
     e.preventDefault()
 
@@ -563,7 +569,7 @@ class App.TicketCreate extends App.Controller
     # save ticket, create article
     # check attachment
     if article['body']
-      if @$('.richtext .attachments .attachment').length < 1
+      if !@hasAttachments()
         matchingWord = App.Utils.checkAttachmentReference(article['body'])
         if matchingWord
           if !confirm(App.i18n.translateContent('You use %s in text but no attachment is attached. Do you want to continue?', matchingWord))
diff --git a/app/assets/javascripts/app/controllers/ticket_zoom/article_new.coffee b/app/assets/javascripts/app/controllers/ticket_zoom/article_new.coffee
index 53ef10e57..82411fe48 100644
--- a/app/assets/javascripts/app/controllers/ticket_zoom/article_new.coffee
+++ b/app/assets/javascripts/app/controllers/ticket_zoom/article_new.coffee
@@ -117,7 +117,7 @@ class App.TicketZoomArticleNew extends App.Controller
 
     @tokanice(@type)
 
-    if @defaults.body or @isIE10()
+    if @defaults.body or @attachments or @isIE10()
       @openTextarea(null, true)
 
   tokanice: (type = 'email') ->
@@ -191,82 +191,30 @@ class App.TicketZoomArticleNew extends App.Controller
       maxlength: 150000
     })
 
-    html5Upload.initialize(
-      uploadUrl:       "#{App.Config.get('api_path')}/upload_caches/#{@form_id}"
-      dropContainer:   @$('.article-add').get(0)
-      cancelContainer: @cancelContainer
-      inputField:      @$('.article-attachment input').get(0)
-      key:             'File'
-      maxSimultaneousUploads: 1
-      onFileAdded:            (file) =>
+    new App.Html5Upload(
+      uploadUrl:              "#{App.Config.get('api_path')}/upload_caches/#{@form_id}"
+      dropContainer:          @$('.article-add')
+      cancelContainer:        @cancelContainer
+      inputField:             @$('.article-attachment input')
 
-        file.on(
+      onFileStartCallback: =>
+        @callbackFileUploadStart?()
 
-          onStart: =>
-            @attachmentPlaceholder.addClass('hide')
-            @attachmentUpload.removeClass('hide')
-            @cancelContainer.removeClass('hide')
+      onFileCompletedCallback: (response) =>
+        @attachments.push response.data
+        @renderAttachment(response.data)
+        @$('.article-attachment input').val('')
 
-            if @callbackFileUploadStart
-              @callbackFileUploadStart()
+        @callbackFileUploadStop?()
 
-          onAborted: =>
-            @attachmentPlaceholder.removeClass('hide')
-            @attachmentUpload.addClass('hide')
-            @$('.article-attachment input').val('')
+      onFileAbortedCallback: =>
+        @callbackFileUploadStop?()
 
-            if @callbackFileUploadStop
-              @callbackFileUploadStop()
-
-          # Called after received response from the server
-          onCompleted: (response) =>
-
-            response = JSON.parse(response)
-            @attachments.push response.data
-
-            @attachmentPlaceholder.removeClass('hide')
-            @attachmentUpload.addClass('hide')
-
-            # reset progress bar
-            @progressBar.width(parseInt(0) + '%')
-            @progressText.text('')
-
-            @renderAttachment(response.data)
-            @$('.article-attachment input').val('')
-
-            if @callbackFileUploadStop
-              @callbackFileUploadStop()
-
-          # Called during upload progress, first parameter
-          # is decimal value from 0 to 100.
-          onProgress: (progress, fileSize, uploadedBytes) =>
-            @progressBar.width(parseInt(progress) + '%')
-            @progressText.text(parseInt(progress))
-            # hide cancel on 90%
-            if parseInt(progress) >= 90
-              @cancelContainer.addClass('hide')
-
-          # Called when upload failed
-          onError: (message) =>
-            @attachmentPlaceholder.removeClass('hide')
-            @attachmentUpload.addClass('hide')
-            @$('.article-attachment input').val('')
-
-            if @callbackFileUploadStop
-              @callbackFileUploadStop()
-
-            new App.ControllerModal(
-              head: 'Upload Failed'
-              buttonCancel: 'Cancel'
-              buttonCancelClass: 'btn--danger'
-              buttonSubmit: false
-              message: message
-              shown: true
-              small: true
-              container: @el.closest('.content')
-            )
-        )
-    )
+      attachmentPlaceholder: @attachmentPlaceholder
+      attachmentUpload:      @attachmentUpload
+      progressBar:           @progressBar
+      progressText:          @progressText
+    ).render()
 
     @bindAttachmentDelete()
 
diff --git a/app/assets/javascripts/app/lib/app_post/html5_upload.coffee b/app/assets/javascripts/app/lib/app_post/html5_upload.coffee
new file mode 100644
index 000000000..4daca6510
--- /dev/null
+++ b/app/assets/javascripts/app/lib/app_post/html5_upload.coffee
@@ -0,0 +1,98 @@
+class App.Html5Upload extends App.Controller
+  uploadUrl:              null
+  maxSimultaneousUploads: 1
+  key:                    'File'
+  data:                   null
+
+  onFileStartCallback:     null
+  onFileCompletedCallback: null
+  onFileAbortedCallback:   null
+
+  dropContainer:         null
+  cancelContainer:       null
+  inputField:            null
+  attachmentPlaceholder: null
+  attachmentUpload:      null
+  progressBar:           null
+  progressText:          null
+
+  render: =>
+    html5Upload.initialize(
+      uploadUrl:              @uploadUrl
+      dropContainer:          @dropContainer.get(0)
+      cancelContainer:        @cancelContainer
+      inputField:             @inputField.get(0)
+      maxSimultaneousUploads: @maxSimultaneousUploads
+      key:                    @key
+      data:                   @data
+      onFileAdded:            @onFileAdded
+    )
+
+  onFileAdded: (file) =>
+    file.on(
+      onStart:     @onFileStart
+      onAborted:   @onFileAborted
+      onCompleted: @onFileCompleted
+      onProgress:  @onFileProgress
+      onError:     @onFileError
+    )
+
+  onFileStart: =>
+    @attachmentPlaceholder.addClass('hide')
+    @attachmentUpload.removeClass('hide')
+    @cancelContainer.removeClass('hide')
+
+    App.Log.debug 'Html5Upload', 'upload start'
+    @onFileStartCallback?()
+
+  onFileProgress: (progress, fileSize, uploadedBytes) =>
+    progress = parseInt(progress)
+
+    @progressBar.width(progress + '%')
+    @progressText.text(progress)
+    # hide cancel on 90%
+    if progress >= 90
+      @cancelContainer.addClass('hide')
+
+    App.Log.debug 'Html5Upload', 'uploadProgress ', progress
+
+
+  onFileCompleted: (response) =>
+    response = JSON.parse(response)
+
+    @hideFileUploading()
+    @onFileCompletedCallback?(response)
+
+    App.Log.debug 'Html5Upload', 'upload complete', response.data
+
+  onFileAborted: =>
+    @hideFileUploading()
+    @onFileAbortedCallback?()
+
+    App.Log.debug 'Html5Upload', 'upload aborted'
+
+  onFileError: (message) =>
+    @hideFileUploading()
+    @inputField.val('')
+
+    @callbackFileUploadStop?()
+
+    new App.ControllerModal(
+      head: 'Upload Failed'
+      buttonCancel: 'Cancel'
+      buttonCancelClass: 'btn--danger'
+      buttonSubmit: false
+      message: message || 'Cannot upload file'
+      shown: true
+      small: true
+      container: @inputField.closest('.content')
+    )
+
+    App.Log.debug 'Html5Upload', 'upload error'
+
+  hideFileUploading: =>
+    @attachmentPlaceholder.removeClass('hide')
+    @attachmentUpload.addClass('hide')
+
+    @progressBar.width('0%')
+    @progressText.text('0')
diff --git a/app/assets/javascripts/app/lib/base/html5Upload.js b/app/assets/javascripts/app/lib/base/html5Upload.js
index 40287b23f..72a2e455e 100644
--- a/app/assets/javascripts/app/lib/base/html5Upload.js
+++ b/app/assets/javascripts/app/lib/base/html5Upload.js
@@ -255,7 +255,7 @@
                     manager.ajaxUpload(manager.uploadsQueue.shift());
                 }
             };
-            xhr.abort = function (event) {
+            xhr.onabort = function (event) {
                 console.log('Upload abort');
 
                 // Reduce number of active uploads:
@@ -269,6 +269,7 @@
             // Triggered when upload fails:
             xhr.onerror = function () {
                 console.log('Upload failed: ', upload.fileName);
+                upload.events.onError('Upload failed: ' + upload.fileName);
             };
 
             // Append additional data if provided:
diff --git a/app/assets/javascripts/app/views/generic/attachment.jst.eco b/app/assets/javascripts/app/views/generic/attachment.jst.eco
index 2ab26dae8..d2a5e2cc6 100644
--- a/app/assets/javascripts/app/views/generic/attachment.jst.eco
+++ b/app/assets/javascripts/app/views/generic/attachment.jst.eco
@@ -17,7 +17,7 @@
         <%- @T('Uploading') %> (<span class="js-percentage">0</span>%) ...
       </div>
       <div class="attachmentUpload-cancel js-cancel">
-        <%- @Icon('diagonal-cross') %></div><%- @T('Cancel Upload') %>
+        <%- @Icon('diagonal-cross') %><%- @T('Cancel Upload') %>
       </div>
     </div>
     <div class="attachmentUpload-progressBar" style="width: 0%"></div>
diff --git a/app/assets/stylesheets/zammad.scss b/app/assets/stylesheets/zammad.scss
index c82d33bef..025d2a488 100644
--- a/app/assets/stylesheets/zammad.scss
+++ b/app/assets/stylesheets/zammad.scss
@@ -7063,6 +7063,11 @@ footer {
     .ticket-create .attachments:not(:empty) {
       margin-left: 0;
       margin-right: 0;
+      margin-bottom: 56px;
+    }
+
+    .ticket-create .attachment--row {
+      line-height: 1.45;
     }
 
     .attachment.attachment--row {
diff --git a/spec/system/ticket/create_spec.rb b/spec/system/ticket/create_spec.rb
index debac63c2..2988643d3 100644
--- a/spec/system/ticket/create_spec.rb
+++ b/spec/system/ticket/create_spec.rb
@@ -469,6 +469,36 @@ RSpec.describe 'Ticket Create', type: :system do
 
       expect(page).to have_no_selector(:task_with, task_key)
     end
+
+    it 'asks for confirmation if attachment was added' do
+      visit 'ticket/create'
+
+      within :active_content do
+        page.find('input#fileUpload_1', visible: :all).set(Rails.root.join('test/data/mail/mail001.box'))
+        await_empty_ajax_queue
+
+        find('.js-cancel').click
+      end
+
+      in_modal disappears: false do
+        expect(page).to have_text 'Tab has changed'
+      end
+    end
+  end
+
+  context 'when uploading attachment' do
+    it 'shows an error if server throws an error' do
+      allow(Store).to receive(:add) { raise 'Error' }
+      visit 'ticket/create'
+
+      within :active_content do
+        page.find('input#fileUpload_1', visible: :all).set(Rails.root.join('test/data/mail/mail001.box'))
+      end
+
+      in_modal disappears: false do
+        expect(page).to have_text 'Error'
+      end
+    end
   end
 
   context 'when closing taskbar tab for new ticket creation' do

From 4c72d5b9d9d9546f06f0440346b16aab70f5c53e Mon Sep 17 00:00:00 2001
From: Mantas <mantas@idev.lt>
Date: Fri, 1 Oct 2021 22:23:20 +0300
Subject: [PATCH 26/65] Fixes #3769 - Usage of inactive object attributes in
 SLAs will crash admin SLA interface

---
 app/models/object_manager/attribute.rb       | 32 ++++++++++++++------
 app/models/report/profile.rb                 |  1 +
 spec/models/object_manager/attribute_spec.rb |  8 +++++
 3 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/app/models/object_manager/attribute.rb b/app/models/object_manager/attribute.rb
index 404b5b3d1..806b77055 100644
--- a/app/models/object_manager/attribute.rb
+++ b/app/models/object_manager/attribute.rb
@@ -678,7 +678,7 @@ to send no browser reload event, pass false
 
 =begin
 
-where attributes are used by triggers, overviews or schedulers
+where attributes are used in conditions
 
   result = ObjectManager::Attribute.attribute_to_references_hash
 
@@ -696,22 +696,36 @@ where attributes are used by triggers, overviews or schedulers
 =end
 
   def self.attribute_to_references_hash
-    objects = Trigger.select(:name, :condition) + Overview.select(:name, :condition) + Job.select(:name, :condition)
     attribute_list = {}
-    objects.each do |item|
-      item.condition.each do |condition_key, _condition_attributes|
-        attribute_list[condition_key] ||= {}
-        attribute_list[condition_key][item.class.name] ||= []
-        next if attribute_list[condition_key][item.class.name].include?(item.name)
 
-        attribute_list[condition_key][item.class.name].push item.name
+    attribute_to_references_hash_objects
+      .map { |elem| elem.select(:name, :condition) }
+      .flatten
+      .each do |item|
+        item.condition.each do |condition_key, _condition_attributes|
+          attribute_list[condition_key] ||= {}
+          attribute_list[condition_key][item.class.name] ||= []
+          next if attribute_list[condition_key][item.class.name].include?(item.name)
+
+          attribute_list[condition_key][item.class.name].push item.name
+        end
       end
-    end
+
     attribute_list
   end
 
 =begin
 
+models that may reference attributes
+
+=end
+
+  def self.attribute_to_references_hash_objects
+    Models.all.keys.select { |elem| elem.include? ChecksConditionValidation }
+  end
+
+=begin
+
 is certain attribute used by triggers, overviews or schedulers
 
   ObjectManager::Attribute.attribute_used_by_references?('Ticket', 'attribute_name')
diff --git a/app/models/report/profile.rb b/app/models/report/profile.rb
index 9f8cbc3f5..fc1e8d07a 100644
--- a/app/models/report/profile.rb
+++ b/app/models/report/profile.rb
@@ -2,6 +2,7 @@
 
 class Report::Profile < ApplicationModel
   self.table_name = 'report_profiles'
+  include ChecksConditionValidation
   validates :name, presence: true
   store     :condition
 
diff --git a/spec/models/object_manager/attribute_spec.rb b/spec/models/object_manager/attribute_spec.rb
index 4e71f5b58..03d040947 100644
--- a/spec/models/object_manager/attribute_spec.rb
+++ b/spec/models/object_manager/attribute_spec.rb
@@ -148,4 +148,12 @@ RSpec.describe ObjectManager::Attribute, type: :model do
       it { is_expected.to be_valid }
     end
   end
+
+  describe 'Class methods:' do
+    describe '.attribute_to_references_hash_objects' do
+      it 'returns classes with conditions' do
+        expect(described_class.attribute_to_references_hash_objects).to match_array [Trigger, Overview, Job, Sla, Report::Profile ]
+      end
+    end
+  end
 end

From 5ddec48643c2f29a19ea2a557934bbcb3f9f26ee Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Mon, 16 Aug 2021 10:14:23 +0200
Subject: [PATCH 27/65] Maintenance: Improved updating of user records.

---
 app/policies/user_policy.rb       |  5 ++++-
 spec/policies/user_policy_spec.rb | 28 ++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index bed708ff2..16e286d21 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -13,11 +13,14 @@ class UserPolicy < ApplicationPolicy
   end
 
   def update?
+    # full access for admins
     return true if user.permissions?('admin.user')
     # forbid non-agents to change users
     return false if !user.permissions?('ticket.agent')
 
-    # allow agents to change customers
+    # allow agents to change customers only
+    return false if record.permissions?(['admin.user', 'ticket.agent'])
+
     record.permissions?('ticket.customer')
   end
 
diff --git a/spec/policies/user_policy_spec.rb b/spec/policies/user_policy_spec.rb
index 1212bfbcb..339fb47ef 100644
--- a/spec/policies/user_policy_spec.rb
+++ b/spec/policies/user_policy_spec.rb
@@ -126,6 +126,21 @@ describe UserPolicy do
       it { is_expected.to permit_action(:show) }
       it { is_expected.to forbid_actions(%i[update destroy]) }
     end
+
+    context 'when record is both admin and customer' do
+      let(:record) { create(:customer, role_ids: Role.signup_role_ids.push(Role.find_by(name: 'Admin').id)) }
+
+      it { is_expected.to permit_action(:show) }
+      it { is_expected.to forbid_actions(%i[update destroy]) }
+    end
+
+    context 'when record is both agent and customer' do
+      let(:record) { create(:customer, role_ids: Role.signup_role_ids.push(Role.find_by(name: 'Agent').id)) }
+
+      it { is_expected.to permit_action(:show) }
+      it { is_expected.to forbid_actions(%i[update destroy]) }
+    end
+
   end
 
   context 'when user is a customer' do
@@ -169,5 +184,18 @@ describe UserPolicy do
       it { is_expected.to permit_action(:show) }
       it { is_expected.to forbid_actions(%i[update destroy]) }
     end
+
+    context 'when record is both admin and customer' do
+      let(:record) { create(:customer, role_ids: Role.signup_role_ids.push(Role.find_by(name: 'Admin').id)) }
+
+      it { is_expected.to forbid_actions(%i[show update destroy]) }
+    end
+
+    context 'when record is both agent and customer' do
+      let(:record) { create(:customer, role_ids: Role.signup_role_ids.push(Role.find_by(name: 'Agent').id)) }
+
+      it { is_expected.to forbid_actions(%i[show update destroy]) }
+    end
+
   end
 end

From 6602d19dbfe016589409db088126752194904921 Mon Sep 17 00:00:00 2001
From: Rolf Schmidt <rolf.schmidt@zammad.com>
Date: Mon, 23 Aug 2021 16:51:16 +0200
Subject: [PATCH 28/65] Maintenance: Enhanced GitHub and GitLab GraphQL
 endpoint check

---
 lib/github/http_client.rb | 6 ++++--
 lib/gitlab/http_client.rb | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/lib/github/http_client.rb b/lib/github/http_client.rb
index dd582384d..99762c770 100644
--- a/lib/github/http_client.rb
+++ b/lib/github/http_client.rb
@@ -1,12 +1,14 @@
 # Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
 
+require 'uri'
+
 class GitHub
   class HttpClient
     attr_reader :api_token, :endpoint
 
     def initialize(endpoint, api_token)
       raise 'api_token required' if api_token.blank?
-      raise 'endpoint required' if endpoint.blank?
+      raise 'endpoint required' if endpoint.blank? || endpoint.exclude?('/graphql') || endpoint.scan(URI::DEFAULT_PARSER.make_regexp).blank?
 
       @api_token = api_token
       @endpoint  = endpoint
@@ -30,7 +32,7 @@ class GitHub
 
       if !response.success?
         Rails.logger.error response.error
-        raise "Error while requesting GitHub GraphQL API: #{response.error}"
+        raise 'GitHub request failed! Please have a look at the log file for details'
       end
 
       response.data
diff --git a/lib/gitlab/http_client.rb b/lib/gitlab/http_client.rb
index f2a247537..76338e204 100644
--- a/lib/gitlab/http_client.rb
+++ b/lib/gitlab/http_client.rb
@@ -1,12 +1,14 @@
 # Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
 
+require 'uri'
+
 class GitLab
   class HttpClient
     attr_reader :api_token, :endpoint
 
     def initialize(endpoint, api_token)
       raise 'api_token required' if api_token.blank?
-      raise 'endpoint required' if endpoint.blank?
+      raise 'endpoint required' if endpoint.blank? || endpoint.exclude?('/graphql') || endpoint.scan(URI::DEFAULT_PARSER.make_regexp).blank?
 
       @api_token = api_token
       @endpoint = endpoint
@@ -30,7 +32,7 @@ class GitLab
 
       if !response.success?
         Rails.logger.error response.error
-        raise "Error while requesting GitLab GraphQL API: #{response.error}"
+        raise 'GitLab request failed! Please have a look at the log file for details'
       end
 
       response.data

From 0f5807d6feb4fe67e4746df609ce9a312b388a67 Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Wed, 8 Sep 2021 14:31:42 +0200
Subject: [PATCH 29/65] Maintenance: Improved updating of user records in the
 front end.

---
 app/assets/javascripts/app/models/user.coffee |  5 +-
 spec/system/manage/users_spec.rb              | 69 +++++++++++++++++++
 2 files changed, 73 insertions(+), 1 deletion(-)

diff --git a/app/assets/javascripts/app/models/user.coffee b/app/assets/javascripts/app/models/user.coffee
index f1ed97298..423035030 100644
--- a/app/assets/javascripts/app/models/user.coffee
+++ b/app/assets/javascripts/app/models/user.coffee
@@ -344,9 +344,12 @@ class App.User extends App.Model
     @sameOrganization?(requester)
 
   isChangeableBy: (requester) ->
+    # full access for admins
     return true if requester.permission('admin.user')
-    # allow agents to change customers
+    # forbid non-agents to change users
     return false if !requester.permission('ticket.agent')
+    # allow agents to change customers only
+    return false if @permission(['admin.user', 'ticket.agent'])
     @permission('ticket.customer')
 
   isDeleteableBy: (requester) ->
diff --git a/spec/system/manage/users_spec.rb b/spec/system/manage/users_spec.rb
index 8072ba604..fe10293a9 100644
--- a/spec/system/manage/users_spec.rb
+++ b/spec/system/manage/users_spec.rb
@@ -110,4 +110,73 @@ RSpec.describe 'Manage > Users', type: :system do
       end
     end
   end
+
+  describe 'check user edit permissions', authenticated_as: -> { user } do
+
+    shared_examples 'user permission' do |allow|
+      it(allow ? 'allows editing' : 'forbids editing') do
+        visit "#user/profile/#{record.id}"
+        find('.js-action .icon-arrow-down').click
+        selector = '.js-action [data-type="edit"]'
+        expect(page).to(allow ? have_css(selector) : have_no_css(selector))
+      end
+    end
+
+    context 'when admin tries to change admin' do
+      let(:user) { create(:admin) }
+      let(:record) { create(:admin) }
+
+      include_examples 'user permission', true
+    end
+
+    context 'when admin tries to change agent' do
+      let(:user) { create(:admin) }
+      let(:record) { create(:agent) }
+
+      include_examples 'user permission', true
+    end
+
+    context 'when admin tries to change customer' do
+      let(:user) { create(:admin) }
+      let(:record) { create(:customer) }
+
+      include_examples 'user permission', true
+    end
+
+    context 'when agent tries to change admin' do
+      let(:user) { create(:agent) }
+      let(:record) { create(:admin) }
+
+      include_examples 'user permission', false
+    end
+
+    context 'when agent tries to change agent' do
+      let(:user) { create(:agent) }
+      let(:record) { create(:agent) }
+
+      include_examples 'user permission', false
+    end
+
+    context 'when agent tries to change customer' do
+      let(:user) { create(:agent) }
+      let(:record) { create(:customer) }
+
+      include_examples 'user permission', true
+    end
+
+    context 'when agent tries to change customer who is also admin' do
+      let(:user) { create(:agent) }
+      let(:record) { create(:customer, role_ids: Role.signup_role_ids.push(Role.find_by(name: 'Admin').id)) }
+
+      include_examples 'user permission', false
+    end
+
+    context 'when agent tries to change customer who is also agent' do
+      let(:user) { create(:agent) }
+      let(:record) { create(:customer, role_ids: Role.signup_role_ids.push(Role.find_by(name: 'Agent').id)) }
+
+      include_examples 'user permission', false
+    end
+
+  end
 end

From ecbda834bca4b49f2df325e4162137929531dca2 Mon Sep 17 00:00:00 2001
From: Thorsten Eckel <te@zammad.com>
Date: Fri, 3 Sep 2021 10:43:45 +0200
Subject: [PATCH 30/65] Maintenance: Improve clipboard handling of website chat

---
 public/assets/chat/Dockerfile            |  16 +
 public/assets/chat/README.md             |   5 +
 public/assets/chat/build.sh              |   8 +
 public/assets/chat/chat-no-jquery.coffee |   6 +-
 public/assets/chat/chat-no-jquery.js     | 352 +++++++++++-----------
 public/assets/chat/chat-no-jquery.min.js |   2 +-
 public/assets/chat/chat.coffee           |   4 +-
 public/assets/chat/chat.css              |   3 +
 public/assets/chat/chat.js               | 354 ++++++++++++-----------
 public/assets/chat/chat.min.js           |   2 +-
 public/assets/chat/docker-entrypoint.sh  |   5 +
 public/assets/chat/gulpfile.js           |   6 +
 public/assets/chat/purify.min.js         |   3 +
 13 files changed, 415 insertions(+), 351 deletions(-)
 create mode 100644 public/assets/chat/Dockerfile
 create mode 100644 public/assets/chat/README.md
 create mode 100755 public/assets/chat/build.sh
 create mode 100755 public/assets/chat/docker-entrypoint.sh
 create mode 100644 public/assets/chat/purify.min.js

diff --git a/public/assets/chat/Dockerfile b/public/assets/chat/Dockerfile
new file mode 100644
index 000000000..74310e6e9
--- /dev/null
+++ b/public/assets/chat/Dockerfile
@@ -0,0 +1,16 @@
+FROM node:8-alpine
+
+ENV GULP_DIR "/tmp/gulp"
+
+RUN apk update && apk add bash
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+CMD bash # If you want to override CMD
+RUN npm install -g gulp
+
+COPY docker-entrypoint.sh /
+
+# enable volume to generate build files into the hosts FS
+VOLUME ["$GULP_DIR"]
+
+# start
+ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/public/assets/chat/README.md b/public/assets/chat/README.md
new file mode 100644
index 000000000..02a5afbb1
--- /dev/null
+++ b/public/assets/chat/README.md
@@ -0,0 +1,5 @@
+# Zammad Chat build
+
+This folder contains a `docker` image and the required files to build the Zammad Chat from coffeescript and eco files. This workaround is required for now because of the outdated NodeJS 8 dependency.
+
+The build process can easily be started by executing the `build.sh` file. There is nothing more to it except of having `docker` installed and running.
diff --git a/public/assets/chat/build.sh b/public/assets/chat/build.sh
new file mode 100755
index 000000000..70057025e
--- /dev/null
+++ b/public/assets/chat/build.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -o errexit
+set -o pipefail
+
+docker build --no-cache -t zammad/chat-build:latest .
+
+docker run --rm -v "$(pwd)/:/tmp/gulp" zammad/chat-build:latest
diff --git a/public/assets/chat/chat-no-jquery.coffee b/public/assets/chat/chat-no-jquery.coffee
index 2627e6100..616a442bd 100644
--- a/public/assets/chat/chat-no-jquery.coffee
+++ b/public/assets/chat/chat-no-jquery.coffee
@@ -762,7 +762,11 @@ do(window) ->
       console.log('p', docType, text)
       if docType is 'html'
         html = document.createElement('div')
-        html.innerHTML = text
+        # can't log because might contain malicious content
+        # @log.debug 'HTML clipboard', text
+        sanitized = DOMPurify.sanitize(text)
+        @log.debug 'sanitized HTML clipboard', sanitized
+        html.innerHTML = sanitized
         match = false
         htmlTmp = text
         regex = new RegExp('<(/w|w)\:[A-Za-z]')
diff --git a/public/assets/chat/chat-no-jquery.js b/public/assets/chat/chat-no-jquery.js
index eed63bd55..58c6e9764 100644
--- a/public/assets/chat/chat-no-jquery.js
+++ b/public/assets/chat/chat-no-jquery.js
@@ -1,7 +1,7 @@
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["agent"] = function(__obj) {
+window.zammadChatTemplates["agent"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
@@ -59,169 +59,9 @@ window.zammadChatTemplates["agent"] = function(__obj) {
   return __out.join('');
 };
 
-if (!window.zammadChatTemplates) {
-  window.zammadChatTemplates = {};
-}
-window.zammadChatTemplates["chat"] = function(__obj) {
-  if (!__obj) __obj = {};
-  var __out = [], __capture = function(callback) {
-    var out = __out, result;
-    __out = [];
-    callback.call(this);
-    result = __out.join('');
-    __out = out;
-    return __safe(result);
-  }, __sanitize = function(value) {
-    if (value && value.ecoSafe) {
-      return value;
-    } else if (typeof value !== 'undefined' && value != null) {
-      return __escape(value);
-    } else {
-      return '';
-    }
-  }, __safe, __objSafe = __obj.safe, __escape = __obj.escape;
-  __safe = __obj.safe = function(value) {
-    if (value && value.ecoSafe) {
-      return value;
-    } else {
-      if (!(typeof value !== 'undefined' && value != null)) value = '';
-      var result = new String(value);
-      result.ecoSafe = true;
-      return result;
-    }
-  };
-  if (!__escape) {
-    __escape = __obj.escape = function(value) {
-      return ('' + value)
-        .replace(/&/g, '&amp;')
-        .replace(/</g, '&lt;')
-        .replace(/>/g, '&gt;')
-        .replace(/"/g, '&quot;');
-    };
-  }
-  (function() {
-    (function() {
-      __out.push('<div class="zammad-chat');
-    
-      if (this.flat) {
-        __out.push(__sanitize(' zammad-chat--flat'));
-      }
-    
-      __out.push('"');
-    
-      if (this.fontSize) {
-        __out.push(__sanitize(" style='font-size: " + this.fontSize + "'"));
-      }
-    
-      __out.push('>\n  <div class="zammad-chat-header js-chat-open"');
-    
-      if (this.background) {
-        __out.push(__sanitize(" style='background: " + this.background + "'"));
-      }
-    
-      __out.push('>\n    <div class="zammad-chat-header-controls js-chat-toggle">\n      <span class="zammad-chat-agent-status zammad-chat-is-hidden js-chat-status" data-status="online"></span>\n      <span class="zammad-chat-header-icon">\n        <svg class="zammad-chat-header-icon-open" width="13" height="7" viewBox="0 0 13 7"><path d="M10.807 7l1.4-1.428-5-4.9L6.5-.02l-.7.7-4.9 4.9 1.414 1.413L6.5 2.886 10.807 7z" fill-rule="evenodd"/></svg>\n        <svg class="zammad-chat-header-icon-close" width="13" height="13" viewBox="0 0 13 13"><path d="m2.241.12l-2.121 2.121 4.243 4.243-4.243 4.243 2.121 2.121 4.243-4.243 4.243 4.243 2.121-2.121-4.243-4.243 4.243-4.243-2.121-2.121-4.243 4.243-4.243-4.243" fill-rule="evenodd"/></svg>\n      </span>\n    </div>\n    <div class="zammad-chat-agent zammad-chat-is-hidden">\n    </div>\n    <div class="zammad-chat-welcome">\n      <svg class="zammad-chat-icon" viewBox="0 0 24 24" width="24" height="24"><path d="M2 5C2 4 3 3 4 3h16c1 0 2 1 2 2v10C22 16 21 17 20 17H4C3 17 2 16 2 15V5zM12 17l6 4v-4h-6z"/></svg>\n      <span class="zammad-chat-welcome-text">');
-    
-      __out.push(this.T(this.title));
-    
-      __out.push('</span>\n    </div>\n  </div>\n  <div class="zammad-chat-modal"></div>\n  <div class="zammad-scroll-hint is-hidden">\n    <svg class="zammad-scroll-hint-icon" width="20" height="18" viewBox="0 0 20 18"><path d="M0,2.00585866 C0,0.898053512 0.898212381,0 1.99079514,0 L18.0092049,0 C19.1086907,0 20,0.897060126 20,2.00585866 L20,11.9941413 C20,13.1019465 19.1017876,14 18.0092049,14 L1.99079514,14 C0.891309342,14 0,13.1029399 0,11.9941413 L0,2.00585866 Z M10,14 L16,18 L16,14 L10,14 Z" fill-rule="evenodd"/></svg>\n    ');
-    
-      __out.push(this.T(this.scrollHint));
-    
-      __out.push('\n  </div>\n  <div class="zammad-chat-body"></div>\n  <form class="zammad-chat-controls">\n    <div class="zammad-chat-input" rows="1" placeholder="');
-    
-      __out.push(this.T('Compose your message...'));
-    
-      __out.push('" contenteditable="true"></div>\n    <button type="submit" class="zammad-chat-button zammad-chat-send"');
-    
-      if (this.background) {
-        __out.push(__sanitize(" style='background: " + this.background + "'"));
-      }
-    
-      __out.push('>');
-    
-      __out.push(this.T('Send'));
-    
-      __out.push('</button>\n  </form>\n</div>');
-    
-    }).call(this);
-    
-  }).call(__obj);
-  __obj.safe = __objSafe, __obj.escape = __escape;
-  return __out.join('');
-};
-
-if (!window.zammadChatTemplates) {
-  window.zammadChatTemplates = {};
-}
-window.zammadChatTemplates["customer_timeout"] = function(__obj) {
-  if (!__obj) __obj = {};
-  var __out = [], __capture = function(callback) {
-    var out = __out, result;
-    __out = [];
-    callback.call(this);
-    result = __out.join('');
-    __out = out;
-    return __safe(result);
-  }, __sanitize = function(value) {
-    if (value && value.ecoSafe) {
-      return value;
-    } else if (typeof value !== 'undefined' && value != null) {
-      return __escape(value);
-    } else {
-      return '';
-    }
-  }, __safe, __objSafe = __obj.safe, __escape = __obj.escape;
-  __safe = __obj.safe = function(value) {
-    if (value && value.ecoSafe) {
-      return value;
-    } else {
-      if (!(typeof value !== 'undefined' && value != null)) value = '';
-      var result = new String(value);
-      result.ecoSafe = true;
-      return result;
-    }
-  };
-  if (!__escape) {
-    __escape = __obj.escape = function(value) {
-      return ('' + value)
-        .replace(/&/g, '&amp;')
-        .replace(/</g, '&lt;')
-        .replace(/>/g, '&gt;')
-        .replace(/"/g, '&quot;');
-    };
-  }
-  (function() {
-    (function() {
-      __out.push('<div class="zammad-chat-modal-text">\n  ');
-    
-      if (this.agent) {
-        __out.push('\n    ');
-        __out.push(this.T('Since you didn\'t respond in the last %s minutes your conversation with <strong>%s</strong> got closed.', this.delay, this.agent));
-        __out.push('\n  ');
-      } else {
-        __out.push('\n    ');
-        __out.push(this.T('Since you didn\'t respond in the last %s minutes your conversation got closed.', this.delay));
-        __out.push('\n  ');
-      }
-    
-      __out.push('\n  <br>\n  <div class="zammad-chat-button js-restart"');
-    
-      if (this.background) {
-        __out.push(__sanitize(" style='background: " + this.background + "'"));
-      }
-    
-      __out.push('>');
-    
-      __out.push(this.T('Start new conversation'));
-    
-      __out.push('</div>\n</div>');
-    
-    }).call(this);
-    
-  }).call(__obj);
-  __obj.safe = __objSafe, __obj.escape = __escape;
-  return __out.join('');
-};
+/*! @license DOMPurify 2.3.1 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.3.1/LICENSE */
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e=e||self).DOMPurify=t()}(this,(function(){"use strict";var e=Object.hasOwnProperty,t=Object.setPrototypeOf,n=Object.isFrozen,r=Object.getPrototypeOf,o=Object.getOwnPropertyDescriptor,i=Object.freeze,a=Object.seal,l=Object.create,c="undefined"!=typeof Reflect&&Reflect,s=c.apply,u=c.construct;s||(s=function(e,t,n){return e.apply(t,n)}),i||(i=function(e){return e}),a||(a=function(e){return e}),u||(u=function(e,t){return new(Function.prototype.bind.apply(e,[null].concat(function(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}(t))))});var f,m=x(Array.prototype.forEach),d=x(Array.prototype.pop),p=x(Array.prototype.push),g=x(String.prototype.toLowerCase),h=x(String.prototype.match),y=x(String.prototype.replace),v=x(String.prototype.indexOf),b=x(String.prototype.trim),T=x(RegExp.prototype.test),A=(f=TypeError,function(){for(var e=arguments.length,t=Array(e),n=0;n<e;n++)t[n]=arguments[n];return u(f,t)});function x(e){return function(t){for(var n=arguments.length,r=Array(n>1?n-1:0),o=1;o<n;o++)r[o-1]=arguments[o];return s(e,t,r)}}function S(e,r){t&&t(e,null);for(var o=r.length;o--;){var i=r[o];if("string"==typeof i){var a=g(i);a!==i&&(n(r)||(r[o]=a),i=a)}e[i]=!0}return e}function w(t){var n=l(null),r=void 0;for(r in t)s(e,t,[r])&&(n[r]=t[r]);return n}function N(e,t){for(;null!==e;){var n=o(e,t);if(n){if(n.get)return x(n.get);if("function"==typeof n.value)return x(n.value)}e=r(e)}return function(e){return console.warn("fallback value for",e),null}}var k=i(["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dialog","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","picture","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr"]),E=i(["svg","a","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","style","switch","symbol","text","textpath","title","tref","tspan","view","vkern"]),D=i(["feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feDistantLight","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","fePointLight","feSpecularLighting","feSpotLight","feTile","feTurbulence"]),O=i(["animate","color-profile","cursor","discard","fedropshadow","feimage","font-face","font-face-format","font-face-name","font-face-src","font-face-uri","foreignobject","hatch","hatchpath","mesh","meshgradient","meshpatch","meshrow","missing-glyph","script","set","solidcolor","unknown","use"]),R=i(["math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmultiscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mspace","msqrt","mstyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover"]),_=i(["maction","maligngroup","malignmark","mlongdiv","mscarries","mscarry","msgroup","mstack","msline","msrow","semantics","annotation","annotation-xml","mprescripts","none"]),M=i(["#text"]),L=i(["accept","action","align","alt","autocapitalize","autocomplete","autopictureinpicture","autoplay","background","bgcolor","border","capture","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","controls","controlslist","coords","crossorigin","datetime","decoding","default","dir","disabled","disablepictureinpicture","disableremoteplayback","download","draggable","enctype","enterkeyhint","face","for","headers","height","hidden","high","href","hreflang","id","inputmode","integrity","ismap","kind","label","lang","list","loading","loop","low","max","maxlength","media","method","min","minlength","multiple","muted","name","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","playsinline","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","sizes","span","srclang","start","src","srcset","step","style","summary","tabindex","title","translate","type","usemap","valign","value","width","xmlns","slot"]),F=i(["accent-height","accumulate","additive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","class","clip","clippathunits","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","filterunits","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","height","href","id","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lang","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","media","method","mode","min","name","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","preserveaspectratio","primitiveunits","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","startoffset","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","style","surfacescale","systemlanguage","tabindex","targetx","targety","transform","text-anchor","text-decoration","text-rendering","textlength","type","u1","u2","unicode","values","viewbox","visibility","version","vert-adv-y","vert-origin-x","vert-origin-y","width","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","xmlns","y","y1","y2","z","zoomandpan"]),I=i(["accent","accentunder","align","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","dir","display","displaystyle","encoding","fence","frame","height","href","id","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","width","xmlns"]),C=i(["xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]),z=a(/\{\{[\s\S]*|[\s\S]*\}\}/gm),H=a(/<%[\s\S]*|[\s\S]*%>/gm),U=a(/^data-[\-\w.\u00B7-\uFFFF]/),j=a(/^aria-[\-\w]+$/),B=a(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i),P=a(/^(?:\w+script|data):/i),W=a(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g),G="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e};function q(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}var K=function(){return"undefined"==typeof window?null:window},V=function(e,t){if("object"!==(void 0===e?"undefined":G(e))||"function"!=typeof e.createPolicy)return null;var n=null,r="data-tt-policy-suffix";t.currentScript&&t.currentScript.hasAttribute(r)&&(n=t.currentScript.getAttribute(r));var o="dompurify"+(n?"#"+n:"");try{return e.createPolicy(o,{createHTML:function(e){return e}})}catch(e){return console.warn("TrustedTypes policy "+o+" could not be created."),null}};return function e(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:K(),n=function(t){return e(t)};if(n.version="2.3.1",n.removed=[],!t||!t.document||9!==t.document.nodeType)return n.isSupported=!1,n;var r=t.document,o=t.document,a=t.DocumentFragment,l=t.HTMLTemplateElement,c=t.Node,s=t.Element,u=t.NodeFilter,f=t.NamedNodeMap,x=void 0===f?t.NamedNodeMap||t.MozNamedAttrMap:f,Y=t.Text,X=t.Comment,$=t.DOMParser,Z=t.trustedTypes,J=s.prototype,Q=N(J,"cloneNode"),ee=N(J,"nextSibling"),te=N(J,"childNodes"),ne=N(J,"parentNode");if("function"==typeof l){var re=o.createElement("template");re.content&&re.content.ownerDocument&&(o=re.content.ownerDocument)}var oe=V(Z,r),ie=oe&&ze?oe.createHTML(""):"",ae=o,le=ae.implementation,ce=ae.createNodeIterator,se=ae.createDocumentFragment,ue=ae.getElementsByTagName,fe=r.importNode,me={};try{me=w(o).documentMode?o.documentMode:{}}catch(e){}var de={};n.isSupported="function"==typeof ne&&le&&void 0!==le.createHTMLDocument&&9!==me;var pe=z,ge=H,he=U,ye=j,ve=P,be=W,Te=B,Ae=null,xe=S({},[].concat(q(k),q(E),q(D),q(R),q(M))),Se=null,we=S({},[].concat(q(L),q(F),q(I),q(C))),Ne=null,ke=null,Ee=!0,De=!0,Oe=!1,Re=!1,_e=!1,Me=!1,Le=!1,Fe=!1,Ie=!1,Ce=!0,ze=!1,He=!0,Ue=!0,je=!1,Be={},Pe=null,We=S({},["annotation-xml","audio","colgroup","desc","foreignobject","head","iframe","math","mi","mn","mo","ms","mtext","noembed","noframes","noscript","plaintext","script","style","svg","template","thead","title","video","xmp"]),Ge=null,qe=S({},["audio","video","img","source","image","track"]),Ke=null,Ve=S({},["alt","class","for","id","label","name","pattern","placeholder","role","summary","title","value","style","xmlns"]),Ye="http://www.w3.org/1998/Math/MathML",Xe="http://www.w3.org/2000/svg",$e="http://www.w3.org/1999/xhtml",Ze=$e,Je=!1,Qe=null,et=o.createElement("form"),tt=function(e){Qe&&Qe===e||(e&&"object"===(void 0===e?"undefined":G(e))||(e={}),e=w(e),Ae="ALLOWED_TAGS"in e?S({},e.ALLOWED_TAGS):xe,Se="ALLOWED_ATTR"in e?S({},e.ALLOWED_ATTR):we,Ke="ADD_URI_SAFE_ATTR"in e?S(w(Ve),e.ADD_URI_SAFE_ATTR):Ve,Ge="ADD_DATA_URI_TAGS"in e?S(w(qe),e.ADD_DATA_URI_TAGS):qe,Pe="FORBID_CONTENTS"in e?S({},e.FORBID_CONTENTS):We,Ne="FORBID_TAGS"in e?S({},e.FORBID_TAGS):{},ke="FORBID_ATTR"in e?S({},e.FORBID_ATTR):{},Be="USE_PROFILES"in e&&e.USE_PROFILES,Ee=!1!==e.ALLOW_ARIA_ATTR,De=!1!==e.ALLOW_DATA_ATTR,Oe=e.ALLOW_UNKNOWN_PROTOCOLS||!1,Re=e.SAFE_FOR_TEMPLATES||!1,_e=e.WHOLE_DOCUMENT||!1,Fe=e.RETURN_DOM||!1,Ie=e.RETURN_DOM_FRAGMENT||!1,Ce=!1!==e.RETURN_DOM_IMPORT,ze=e.RETURN_TRUSTED_TYPE||!1,Le=e.FORCE_BODY||!1,He=!1!==e.SANITIZE_DOM,Ue=!1!==e.KEEP_CONTENT,je=e.IN_PLACE||!1,Te=e.ALLOWED_URI_REGEXP||Te,Ze=e.NAMESPACE||$e,Re&&(De=!1),Ie&&(Fe=!0),Be&&(Ae=S({},[].concat(q(M))),Se=[],!0===Be.html&&(S(Ae,k),S(Se,L)),!0===Be.svg&&(S(Ae,E),S(Se,F),S(Se,C)),!0===Be.svgFilters&&(S(Ae,D),S(Se,F),S(Se,C)),!0===Be.mathMl&&(S(Ae,R),S(Se,I),S(Se,C))),e.ADD_TAGS&&(Ae===xe&&(Ae=w(Ae)),S(Ae,e.ADD_TAGS)),e.ADD_ATTR&&(Se===we&&(Se=w(Se)),S(Se,e.ADD_ATTR)),e.ADD_URI_SAFE_ATTR&&S(Ke,e.ADD_URI_SAFE_ATTR),e.FORBID_CONTENTS&&(Pe===We&&(Pe=w(Pe)),S(Pe,e.FORBID_CONTENTS)),Ue&&(Ae["#text"]=!0),_e&&S(Ae,["html","head","body"]),Ae.table&&(S(Ae,["tbody"]),delete Ne.tbody),i&&i(e),Qe=e)},nt=S({},["mi","mo","mn","ms","mtext"]),rt=S({},["foreignobject","desc","title","annotation-xml"]),ot=S({},E);S(ot,D),S(ot,O);var it=S({},R);S(it,_);var at=function(e){var t=ne(e);t&&t.tagName||(t={namespaceURI:$e,tagName:"template"});var n=g(e.tagName),r=g(t.tagName);if(e.namespaceURI===Xe)return t.namespaceURI===$e?"svg"===n:t.namespaceURI===Ye?"svg"===n&&("annotation-xml"===r||nt[r]):Boolean(ot[n]);if(e.namespaceURI===Ye)return t.namespaceURI===$e?"math"===n:t.namespaceURI===Xe?"math"===n&&rt[r]:Boolean(it[n]);if(e.namespaceURI===$e){if(t.namespaceURI===Xe&&!rt[r])return!1;if(t.namespaceURI===Ye&&!nt[r])return!1;var o=S({},["title","style","font","a","script"]);return!it[n]&&(o[n]||!ot[n])}return!1},lt=function(e){p(n.removed,{element:e});try{e.parentNode.removeChild(e)}catch(t){try{e.outerHTML=ie}catch(t){e.remove()}}},ct=function(e,t){try{p(n.removed,{attribute:t.getAttributeNode(e),from:t})}catch(e){p(n.removed,{attribute:null,from:t})}if(t.removeAttribute(e),"is"===e&&!Se[e])if(Fe||Ie)try{lt(t)}catch(e){}else try{t.setAttribute(e,"")}catch(e){}},st=function(e){var t=void 0,n=void 0;if(Le)e="<remove></remove>"+e;else{var r=h(e,/^[\r\n\t ]+/);n=r&&r[0]}var i=oe?oe.createHTML(e):e;if(Ze===$e)try{t=(new $).parseFromString(i,"text/html")}catch(e){}if(!t||!t.documentElement){t=le.createDocument(Ze,"template",null);try{t.documentElement.innerHTML=Je?"":i}catch(e){}}var a=t.body||t.documentElement;return e&&n&&a.insertBefore(o.createTextNode(n),a.childNodes[0]||null),Ze===$e?ue.call(t,_e?"html":"body")[0]:_e?t.documentElement:a},ut=function(e){return ce.call(e.ownerDocument||e,e,u.SHOW_ELEMENT|u.SHOW_COMMENT|u.SHOW_TEXT,null,!1)},ft=function(e){return!(e instanceof Y||e instanceof X)&&!("string"==typeof e.nodeName&&"string"==typeof e.textContent&&"function"==typeof e.removeChild&&e.attributes instanceof x&&"function"==typeof e.removeAttribute&&"function"==typeof e.setAttribute&&"string"==typeof e.namespaceURI&&"function"==typeof e.insertBefore)},mt=function(e){return"object"===(void 0===c?"undefined":G(c))?e instanceof c:e&&"object"===(void 0===e?"undefined":G(e))&&"number"==typeof e.nodeType&&"string"==typeof e.nodeName},dt=function(e,t,r){de[e]&&m(de[e],(function(e){e.call(n,t,r,Qe)}))},pt=function(e){var t=void 0;if(dt("beforeSanitizeElements",e,null),ft(e))return lt(e),!0;if(h(e.nodeName,/[\u0080-\uFFFF]/))return lt(e),!0;var r=g(e.nodeName);if(dt("uponSanitizeElement",e,{tagName:r,allowedTags:Ae}),!mt(e.firstElementChild)&&(!mt(e.content)||!mt(e.content.firstElementChild))&&T(/<[/\w]/g,e.innerHTML)&&T(/<[/\w]/g,e.textContent))return lt(e),!0;if("select"===r&&T(/<template/i,e.innerHTML))return lt(e),!0;if(!Ae[r]||Ne[r]){if(Ue&&!Pe[r]){var o=ne(e)||e.parentNode,i=te(e)||e.childNodes;if(i&&o)for(var a=i.length-1;a>=0;--a)o.insertBefore(Q(i[a],!0),ee(e))}return lt(e),!0}return e instanceof s&&!at(e)?(lt(e),!0):"noscript"!==r&&"noembed"!==r||!T(/<\/no(script|embed)/i,e.innerHTML)?(Re&&3===e.nodeType&&(t=e.textContent,t=y(t,pe," "),t=y(t,ge," "),e.textContent!==t&&(p(n.removed,{element:e.cloneNode()}),e.textContent=t)),dt("afterSanitizeElements",e,null),!1):(lt(e),!0)},gt=function(e,t,n){if(He&&("id"===t||"name"===t)&&(n in o||n in et))return!1;if(De&&!ke[t]&&T(he,t));else if(Ee&&T(ye,t));else{if(!Se[t]||ke[t])return!1;if(Ke[t]);else if(T(Te,y(n,be,"")));else if("src"!==t&&"xlink:href"!==t&&"href"!==t||"script"===e||0!==v(n,"data:")||!Ge[e]){if(Oe&&!T(ve,y(n,be,"")));else if(n)return!1}else;}return!0},ht=function(e){var t=void 0,r=void 0,o=void 0,i=void 0;dt("beforeSanitizeAttributes",e,null);var a=e.attributes;if(a){var l={attrName:"",attrValue:"",keepAttr:!0,allowedAttributes:Se};for(i=a.length;i--;){var c=t=a[i],s=c.name,u=c.namespaceURI;if(r=b(t.value),o=g(s),l.attrName=o,l.attrValue=r,l.keepAttr=!0,l.forceKeepAttr=void 0,dt("uponSanitizeAttribute",e,l),r=l.attrValue,!l.forceKeepAttr&&(ct(s,e),l.keepAttr))if(T(/\/>/i,r))ct(s,e);else{Re&&(r=y(r,pe," "),r=y(r,ge," "));var f=e.nodeName.toLowerCase();if(gt(f,o,r))try{u?e.setAttributeNS(u,s,r):e.setAttribute(s,r),d(n.removed)}catch(e){}}}dt("afterSanitizeAttributes",e,null)}},yt=function e(t){var n=void 0,r=ut(t);for(dt("beforeSanitizeShadowDOM",t,null);n=r.nextNode();)dt("uponSanitizeShadowNode",n,null),pt(n)||(n.content instanceof a&&e(n.content),ht(n));dt("afterSanitizeShadowDOM",t,null)};return n.sanitize=function(e,o){var i=void 0,l=void 0,s=void 0,u=void 0,f=void 0;if((Je=!e)&&(e="\x3c!--\x3e"),"string"!=typeof e&&!mt(e)){if("function"!=typeof e.toString)throw A("toString is not a function");if("string"!=typeof(e=e.toString()))throw A("dirty is not a string, aborting")}if(!n.isSupported){if("object"===G(t.toStaticHTML)||"function"==typeof t.toStaticHTML){if("string"==typeof e)return t.toStaticHTML(e);if(mt(e))return t.toStaticHTML(e.outerHTML)}return e}if(Me||tt(o),n.removed=[],"string"==typeof e&&(je=!1),je);else if(e instanceof c)1===(l=(i=st("\x3c!----\x3e")).ownerDocument.importNode(e,!0)).nodeType&&"BODY"===l.nodeName||"HTML"===l.nodeName?i=l:i.appendChild(l);else{if(!Fe&&!Re&&!_e&&-1===e.indexOf("<"))return oe&&ze?oe.createHTML(e):e;if(!(i=st(e)))return Fe?null:ie}i&&Le&&lt(i.firstChild);for(var m=ut(je?e:i);s=m.nextNode();)3===s.nodeType&&s===u||pt(s)||(s.content instanceof a&&yt(s.content),ht(s),u=s);if(u=null,je)return e;if(Fe){if(Ie)for(f=se.call(i.ownerDocument);i.firstChild;)f.appendChild(i.firstChild);else f=i;return Ce&&(f=fe.call(r,f,!0)),f}var d=_e?i.outerHTML:i.innerHTML;return Re&&(d=y(d,pe," "),d=y(d,ge," ")),oe&&ze?oe.createHTML(d):d},n.setConfig=function(e){tt(e),Me=!0},n.clearConfig=function(){Qe=null,Me=!1},n.isValidAttribute=function(e,t,n){Qe||tt({});var r=g(e),o=g(t);return gt(r,o,n)},n.addHook=function(e,t){"function"==typeof t&&(de[e]=de[e]||[],p(de[e],t))},n.removeHook=function(e){de[e]&&d(de[e])},n.removeHooks=function(e){de[e]&&(de[e]=[])},n.removeAllHooks=function(){de={}},n}()}));
+//# sourceMappingURL=purify.min.js.map
 
 var extend = function(child, parent) { for (var key in parent) { if (hasProp.call(parent, key)) child[key] = parent[key]; } function ctor() { this.constructor = child; } ctor.prototype = parent.prototype; child.prototype = new ctor(); child.__super__ = parent.prototype; return child; },
   hasProp = {}.hasOwnProperty,
@@ -1150,7 +990,7 @@ var extend = function(child, parent) { for (var key in parent) { if (hasProp.cal
     };
 
     ZammadChat.prototype.onPaste = function(e) {
-      var clipboardData, docType, html, htmlTmp, imageFile, imageInserted, item, j, k, l, len, len1, len2, len3, m, match, newTag, node, outer, reader, ref, ref1, ref2, ref3, regex, replacementTag, text;
+      var clipboardData, docType, html, htmlTmp, imageFile, imageInserted, item, j, k, l, len, len1, len2, len3, m, match, newTag, node, outer, reader, ref, ref1, ref2, ref3, regex, replacementTag, sanitized, text;
       e.stopPropagation();
       e.preventDefault();
       if (e.clipboardData) {
@@ -1218,7 +1058,9 @@ var extend = function(child, parent) { for (var key in parent) { if (hasProp.cal
       console.log('p', docType, text);
       if (docType === 'html') {
         html = document.createElement('div');
-        html.innerHTML = text;
+        sanitized = DOMPurify.sanitize(text);
+        this.log.debug('sanitized HTML clipboard', sanitized);
+        html.innerHTML = sanitized;
         match = false;
         htmlTmp = text;
         regex = new RegExp('<(/w|w)\:[A-Za-z]');
@@ -2288,7 +2130,171 @@ var extend = function(child, parent) { for (var key in parent) { if (hasProp.cal
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["loader"] = function(__obj) {
+window.zammadChatTemplates["chat"] = function (__obj) {
+  if (!__obj) __obj = {};
+  var __out = [], __capture = function(callback) {
+    var out = __out, result;
+    __out = [];
+    callback.call(this);
+    result = __out.join('');
+    __out = out;
+    return __safe(result);
+  }, __sanitize = function(value) {
+    if (value && value.ecoSafe) {
+      return value;
+    } else if (typeof value !== 'undefined' && value != null) {
+      return __escape(value);
+    } else {
+      return '';
+    }
+  }, __safe, __objSafe = __obj.safe, __escape = __obj.escape;
+  __safe = __obj.safe = function(value) {
+    if (value && value.ecoSafe) {
+      return value;
+    } else {
+      if (!(typeof value !== 'undefined' && value != null)) value = '';
+      var result = new String(value);
+      result.ecoSafe = true;
+      return result;
+    }
+  };
+  if (!__escape) {
+    __escape = __obj.escape = function(value) {
+      return ('' + value)
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;');
+    };
+  }
+  (function() {
+    (function() {
+      __out.push('<div class="zammad-chat');
+    
+      if (this.flat) {
+        __out.push(__sanitize(' zammad-chat--flat'));
+      }
+    
+      __out.push('"');
+    
+      if (this.fontSize) {
+        __out.push(__sanitize(" style='font-size: " + this.fontSize + "'"));
+      }
+    
+      __out.push('>\n  <div class="zammad-chat-header js-chat-open"');
+    
+      if (this.background) {
+        __out.push(__sanitize(" style='background: " + this.background + "'"));
+      }
+    
+      __out.push('>\n    <div class="zammad-chat-header-controls js-chat-toggle">\n      <span class="zammad-chat-agent-status zammad-chat-is-hidden js-chat-status" data-status="online"></span>\n      <span class="zammad-chat-header-icon">\n        <svg class="zammad-chat-header-icon-open" width="13" height="7" viewBox="0 0 13 7"><path d="M10.807 7l1.4-1.428-5-4.9L6.5-.02l-.7.7-4.9 4.9 1.414 1.413L6.5 2.886 10.807 7z" fill-rule="evenodd"/></svg>\n        <svg class="zammad-chat-header-icon-close" width="13" height="13" viewBox="0 0 13 13"><path d="m2.241.12l-2.121 2.121 4.243 4.243-4.243 4.243 2.121 2.121 4.243-4.243 4.243 4.243 2.121-2.121-4.243-4.243 4.243-4.243-2.121-2.121-4.243 4.243-4.243-4.243" fill-rule="evenodd"/></svg>\n      </span>\n    </div>\n    <div class="zammad-chat-agent zammad-chat-is-hidden">\n    </div>\n    <div class="zammad-chat-welcome">\n      <svg class="zammad-chat-icon" viewBox="0 0 24 24" width="24" height="24"><path d="M2 5C2 4 3 3 4 3h16c1 0 2 1 2 2v10C22 16 21 17 20 17H4C3 17 2 16 2 15V5zM12 17l6 4v-4h-6z"/></svg>\n      <span class="zammad-chat-welcome-text">');
+    
+      __out.push(this.T(this.title));
+    
+      __out.push('</span>\n    </div>\n  </div>\n  <div class="zammad-chat-modal"></div>\n  <div class="zammad-scroll-hint is-hidden">\n    <svg class="zammad-scroll-hint-icon" width="20" height="18" viewBox="0 0 20 18"><path d="M0,2.00585866 C0,0.898053512 0.898212381,0 1.99079514,0 L18.0092049,0 C19.1086907,0 20,0.897060126 20,2.00585866 L20,11.9941413 C20,13.1019465 19.1017876,14 18.0092049,14 L1.99079514,14 C0.891309342,14 0,13.1029399 0,11.9941413 L0,2.00585866 Z M10,14 L16,18 L16,14 L10,14 Z" fill-rule="evenodd"/></svg>\n    ');
+    
+      __out.push(this.T(this.scrollHint));
+    
+      __out.push('\n  </div>\n  <div class="zammad-chat-body"></div>\n  <form class="zammad-chat-controls">\n    <div class="zammad-chat-input" rows="1" placeholder="');
+    
+      __out.push(this.T('Compose your message...'));
+    
+      __out.push('" contenteditable="true"></div>\n    <button type="submit" class="zammad-chat-button zammad-chat-send"');
+    
+      if (this.background) {
+        __out.push(__sanitize(" style='background: " + this.background + "'"));
+      }
+    
+      __out.push('>');
+    
+      __out.push(this.T('Send'));
+    
+      __out.push('</button>\n  </form>\n</div>');
+    
+    }).call(this);
+    
+  }).call(__obj);
+  __obj.safe = __objSafe, __obj.escape = __escape;
+  return __out.join('');
+};
+
+if (!window.zammadChatTemplates) {
+  window.zammadChatTemplates = {};
+}
+window.zammadChatTemplates["customer_timeout"] = function (__obj) {
+  if (!__obj) __obj = {};
+  var __out = [], __capture = function(callback) {
+    var out = __out, result;
+    __out = [];
+    callback.call(this);
+    result = __out.join('');
+    __out = out;
+    return __safe(result);
+  }, __sanitize = function(value) {
+    if (value && value.ecoSafe) {
+      return value;
+    } else if (typeof value !== 'undefined' && value != null) {
+      return __escape(value);
+    } else {
+      return '';
+    }
+  }, __safe, __objSafe = __obj.safe, __escape = __obj.escape;
+  __safe = __obj.safe = function(value) {
+    if (value && value.ecoSafe) {
+      return value;
+    } else {
+      if (!(typeof value !== 'undefined' && value != null)) value = '';
+      var result = new String(value);
+      result.ecoSafe = true;
+      return result;
+    }
+  };
+  if (!__escape) {
+    __escape = __obj.escape = function(value) {
+      return ('' + value)
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;');
+    };
+  }
+  (function() {
+    (function() {
+      __out.push('<div class="zammad-chat-modal-text">\n  ');
+    
+      if (this.agent) {
+        __out.push('\n    ');
+        __out.push(this.T('Since you didn\'t respond in the last %s minutes your conversation with <strong>%s</strong> got closed.', this.delay, this.agent));
+        __out.push('\n  ');
+      } else {
+        __out.push('\n    ');
+        __out.push(this.T('Since you didn\'t respond in the last %s minutes your conversation got closed.', this.delay));
+        __out.push('\n  ');
+      }
+    
+      __out.push('\n  <br>\n  <div class="zammad-chat-button js-restart"');
+    
+      if (this.background) {
+        __out.push(__sanitize(" style='background: " + this.background + "'"));
+      }
+    
+      __out.push('>');
+    
+      __out.push(this.T('Start new conversation'));
+    
+      __out.push('</div>\n</div>');
+    
+    }).call(this);
+    
+  }).call(__obj);
+  __obj.safe = __objSafe, __obj.escape = __escape;
+  return __out.join('');
+};
+
+if (!window.zammadChatTemplates) {
+  window.zammadChatTemplates = {};
+}
+window.zammadChatTemplates["loader"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
@@ -2343,7 +2349,7 @@ window.zammadChatTemplates["loader"] = function(__obj) {
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["message"] = function(__obj) {
+window.zammadChatTemplates["message"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
@@ -2410,7 +2416,7 @@ window.zammadChatTemplates["message"] = function(__obj) {
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["status"] = function(__obj) {
+window.zammadChatTemplates["status"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
@@ -2465,7 +2471,7 @@ window.zammadChatTemplates["status"] = function(__obj) {
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["timestamp"] = function(__obj) {
+window.zammadChatTemplates["timestamp"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
@@ -2524,7 +2530,7 @@ window.zammadChatTemplates["timestamp"] = function(__obj) {
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["typingIndicator"] = function(__obj) {
+window.zammadChatTemplates["typingIndicator"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
@@ -2575,7 +2581,7 @@ window.zammadChatTemplates["typingIndicator"] = function(__obj) {
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["waiting"] = function(__obj) {
+window.zammadChatTemplates["waiting"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
@@ -2634,7 +2640,7 @@ window.zammadChatTemplates["waiting"] = function(__obj) {
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["waiting_list_timeout"] = function(__obj) {
+window.zammadChatTemplates["waiting_list_timeout"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
diff --git a/public/assets/chat/chat-no-jquery.min.js b/public/assets/chat/chat-no-jquery.min.js
index c1dd28958..0fff812a1 100644
--- a/public/assets/chat/chat-no-jquery.min.js
+++ b/public/assets/chat/chat-no-jquery.min.js
@@ -1 +1 @@
-window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.agent=function(e){function t(e){return e&&e.ecoSafe?e:void 0!==e&&null!=e?o(e):""}var s=[],n=(e=e||{}).safe,o=e.escape,o=(e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");e=new String(e);return e.ecoSafe=!0,e},o||(e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){this.agent.avatar&&(s.push('\n<img class="zammad-chat-agent-avatar" src="'),s.push(t(this.agent.avatar)),s.push('">\n')),s.push('\n<span class="zammad-chat-agent-sentence">\n  <span class="zammad-chat-agent-name">'),s.push(t(this.agent.name)),s.push("</span>\n</span>")}.call(this)}.call(e),e.safe=n,e.escape=o,s.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.chat=function(e){function t(e){return e&&e.ecoSafe?e:void 0!==e&&null!=e?o(e):""}var s=[],n=(e=e||{}).safe,o=e.escape,o=(e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");e=new String(e);return e.ecoSafe=!0,e},o||(e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){s.push('<div class="zammad-chat'),this.flat&&s.push(t(" zammad-chat--flat")),s.push('"'),this.fontSize&&s.push(t(" style='font-size: "+this.fontSize+"'")),s.push('>\n  <div class="zammad-chat-header js-chat-open"'),this.background&&s.push(t(" style='background: "+this.background+"'")),s.push('>\n    <div class="zammad-chat-header-controls js-chat-toggle">\n      <span class="zammad-chat-agent-status zammad-chat-is-hidden js-chat-status" data-status="online"></span>\n      <span class="zammad-chat-header-icon">\n        <svg class="zammad-chat-header-icon-open" width="13" height="7" viewBox="0 0 13 7"><path d="M10.807 7l1.4-1.428-5-4.9L6.5-.02l-.7.7-4.9 4.9 1.414 1.413L6.5 2.886 10.807 7z" fill-rule="evenodd"/></svg>\n        <svg class="zammad-chat-header-icon-close" width="13" height="13" viewBox="0 0 13 13"><path d="m2.241.12l-2.121 2.121 4.243 4.243-4.243 4.243 2.121 2.121 4.243-4.243 4.243 4.243 2.121-2.121-4.243-4.243 4.243-4.243-2.121-2.121-4.243 4.243-4.243-4.243" fill-rule="evenodd"/></svg>\n      </span>\n    </div>\n    <div class="zammad-chat-agent zammad-chat-is-hidden">\n    </div>\n    <div class="zammad-chat-welcome">\n      <svg class="zammad-chat-icon" viewBox="0 0 24 24" width="24" height="24"><path d="M2 5C2 4 3 3 4 3h16c1 0 2 1 2 2v10C22 16 21 17 20 17H4C3 17 2 16 2 15V5zM12 17l6 4v-4h-6z"/></svg>\n      <span class="zammad-chat-welcome-text">'),s.push(this.T(this.title)),s.push('</span>\n    </div>\n  </div>\n  <div class="zammad-chat-modal"></div>\n  <div class="zammad-scroll-hint is-hidden">\n    <svg class="zammad-scroll-hint-icon" width="20" height="18" viewBox="0 0 20 18"><path d="M0,2.00585866 C0,0.898053512 0.898212381,0 1.99079514,0 L18.0092049,0 C19.1086907,0 20,0.897060126 20,2.00585866 L20,11.9941413 C20,13.1019465 19.1017876,14 18.0092049,14 L1.99079514,14 C0.891309342,14 0,13.1029399 0,11.9941413 L0,2.00585866 Z M10,14 L16,18 L16,14 L10,14 Z" fill-rule="evenodd"/></svg>\n    '),s.push(this.T(this.scrollHint)),s.push('\n  </div>\n  <div class="zammad-chat-body"></div>\n  <form class="zammad-chat-controls">\n    <div class="zammad-chat-input" rows="1" placeholder="'),s.push(this.T("Compose your message...")),s.push('" contenteditable="true"></div>\n    <button type="submit" class="zammad-chat-button zammad-chat-send"'),this.background&&s.push(t(" style='background: "+this.background+"'")),s.push(">"),s.push(this.T("Send")),s.push("</button>\n  </form>\n</div>")}.call(this)}.call(e),e.safe=n,e.escape=o,s.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.customer_timeout=function(e){var t=[],s=(e=e||{}).safe,n=e.escape,n=(e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");e=new String(e);return e.ecoSafe=!0,e},n||(e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){var e;t.push('<div class="zammad-chat-modal-text">\n  '),this.agent?(t.push("\n    "),t.push(this.T("Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.",this.delay,this.agent))):(t.push("\n    "),t.push(this.T("Since you didn't respond in the last %s minutes your conversation got closed.",this.delay))),t.push("\n  "),t.push('\n  <br>\n  <div class="zammad-chat-button js-restart"'),this.background&&t.push((e=" style='background: "+this.background+"'")&&e.ecoSafe?e:void 0!==e&&null!=e?n(e):""),t.push(">"),t.push(this.T("Start new conversation")),t.push("</div>\n</div>")}.call(this)}.call(e),e.safe=s,e.escape=n,t.join("")};var extend=function(e,t){for(var s in t)hasProp.call(t,s)&&(e[s]=t[s]);function n(){this.constructor=e}return n.prototype=t.prototype,e.prototype=new n,e.__super__=t.prototype,e},hasProp={}.hasOwnProperty,bind=function(e,t){return function(){return e.apply(t,arguments)}},slice=[].slice;!function(C){var s,n,o,e,i,a,r;function l(e){var t,s,n;for(t in this.options={},s=this.defaults)n=s[t],this.options[t]=n;for(t in e)n=e[t],this.options[t]=n}function d(e){d.__super__.constructor.call(this,e),this.log=new n({debug:this.options.debug,logPrefix:this.options.logPrefix||this.logPrefix})}function c(){return this.log=bind(this.log,this),this.error=bind(this.error,this),this.notice=bind(this.notice,this),this.debug=bind(this.debug,this),c.__super__.constructor.apply(this,arguments)}function u(){return this.stop=bind(this.stop,this),this.start=bind(this.start,this),u.__super__.constructor.apply(this,arguments)}function h(){return this.ping=bind(this.ping,this),this.send=bind(this.send,this),this.reconnect=bind(this.reconnect,this),this.close=bind(this.close,this),this.connect=bind(this.connect,this),this.set=bind(this.set,this),h.__super__.constructor.apply(this,arguments)}function m(e){return this.removeAttributes=bind(this.removeAttributes,this),this.startTimeoutObservers=bind(this.startTimeoutObservers,this),this.onCssLoaded=bind(this.onCssLoaded,this),this.setAgentOnlineState=bind(this.setAgentOnlineState,this),this.onConnectionEstablished=bind(this.onConnectionEstablished,this),this.setSessionId=bind(this.setSessionId,this),this.onConnectionReestablished=bind(this.onConnectionReestablished,this),this.reconnect=bind(this.reconnect,this),this.destroy=bind(this.destroy,this),this.onScrollHintClick=bind(this.onScrollHintClick,this),this.detectScrolledtoBottom=bind(this.detectScrolledtoBottom,this),this.onLeaveTemporary=bind(this.onLeaveTemporary,this),this.onAgentTypingEnd=bind(this.onAgentTypingEnd,this),this.onAgentTypingStart=bind(this.onAgentTypingStart,this),this.onQueue=bind(this.onQueue,this),this.onQueueScreen=bind(this.onQueueScreen,this),this.onWebSocketClose=bind(this.onWebSocketClose,this),this.onCloseAnimationEnd=bind(this.onCloseAnimationEnd,this),this.close=bind(this.close,this),this.toggle=bind(this.toggle,this),this.sessionClose=bind(this.sessionClose,this),this.onOpenAnimationEnd=bind(this.onOpenAnimationEnd,this),this.open=bind(this.open,this),this.renderMessage=bind(this.renderMessage,this),this.receiveMessage=bind(this.receiveMessage,this),this.onSubmit=bind(this.onSubmit,this),this.onInput=bind(this.onInput,this),this.onReopenSession=bind(this.onReopenSession,this),this.onError=bind(this.onError,this),this.onWebSocketMessage=bind(this.onWebSocketMessage,this),this.send=bind(this.send,this),this.onKeydown=bind(this.onKeydown,this),this.onPaste=bind(this.onPaste,this),this.onDrop=bind(this.onDrop,this),this.render=bind(this.render,this),this.view=bind(this.view,this),this.T=bind(this.T,this),m.__super__.constructor.call(this,e),"undefined"!=typeof jQuery&&this.options.target instanceof jQuery&&(this.log.notice("Chat: target option is a jQuery object. jQuery is not a requirement for the chat any more."),this.options.target=this.options.target.get(0)),this.isFullscreen=C.matchMedia&&C.matchMedia("(max-width: 768px)").matches,this.scrollRoot=this.getScrollRoot(),C.WebSocket&&sessionStorage?this.options.chatId?(this.options.lang||(this.options.lang=document.documentElement.getAttribute("lang")),this.options.lang&&(this.translations[this.options.lang]||(this.log.debug("lang: No "+this.options.lang+" found, try first two letters"),this.options.lang=this.options.lang.replace(/-.+?$/,"")),this.log.debug("lang: "+this.options.lang)),this.options.host||this.detectHost(),this.loadCss(),this.io=new s(this.options),this.io.set({onOpen:this.render,onClose:this.onWebSocketClose,onMessage:this.onWebSocketMessage,onError:this.onError}),void this.io.connect()):(this.state="unsupported",void this.log.error("Chat: need chatId as option!")):(this.state="unsupported",void this.log.notice("Chat: Browser not supported!"))}e=(r=document.getElementsByTagName("script"))[r.length-1],a=C.location.protocol.replace(":",""),e&&e.src&&(i=e.src.match(".*://([^:/]*).*")[1],a=e.src.match("(.*)://[^:/]*.*")[1]),l.prototype.defaults={debug:!1},extend(d,r=l),e=d,extend(c,r),c.prototype.debug=function(){var e=1<=arguments.length?slice.call(arguments,0):[];if(this.options.debug)return this.log("debug",e)},c.prototype.notice=function(){var e=1<=arguments.length?slice.call(arguments,0):[];return this.log("notice",e)},c.prototype.error=function(){var e=1<=arguments.length?slice.call(arguments,0):[];return this.log("error",e)},c.prototype.log=function(e,t){var s,n,o,i;if(t.unshift("||"),t.unshift(e),t.unshift(this.options.logPrefix),console.log.apply(console,t),this.options.debug){for(i="",n=0,o=t.length;n<o;n++)i+=" ","object"==typeof(s=t[n])?i+=JSON.stringify(s):s&&s.toString?i+=s.toString():i+=s;return(e=document.querySelector(".js-chatLogDisplay"))?e.innerHTML="<div>"+i+"</div>"+e.innerHTML:void 0}},n=c,extend(u,e),u.prototype.timeoutStartedAt=null,u.prototype.logPrefix="timeout",u.prototype.defaults={debug:!1,timeout:4,timeoutIntervallCheck:.5},u.prototype.start=function(){var e,t,s;return this.stop(),t=new Date,e=function(){var e=new Date-new Date(t.getTime()+1e3*s.options.timeout*60);if(s.log.debug("Timeout check for "+s.options.timeout+" minutes (left "+e/1e3+" sec.)"),!(e<0))return s.stop(),s.options.callback()},(s=this).log.debug("Start timeout in "+this.options.timeout+" minutes"),this.intervallId=setInterval(e,1e3*this.options.timeoutIntervallCheck*60)},u.prototype.stop=function(){if(this.intervallId)return this.log.debug("Stop timeout of "+this.options.timeout+" minutes"),clearInterval(this.intervallId)},o=u,extend(h,e),h.prototype.logPrefix="io",h.prototype.set=function(e){var t,s,n=[];for(t in e)s=e[t],n.push(this.options[t]=s);return n},h.prototype.connect=function(){var t,o,s,n;return this.log.debug("Connecting to "+this.options.host),this.ws=new C.WebSocket(""+this.options.host),this.ws.onopen=(t=this,function(e){return t.log.debug("onOpen",e),t.options.onOpen(e),t.ping()}),this.ws.onmessage=(o=this,function(e){var t,s,n=JSON.parse(e.data);for(o.log.debug("onMessage",e.data),t=0,s=n.length;t<s;t++)"pong"===n[t].event&&o.ping();if(o.options.onMessage)return o.options.onMessage(n)}),this.ws.onclose=(s=this,function(e){if(s.log.debug("close websocket connection",e),s.pingDelayId&&clearTimeout(s.pingDelayId),s.manualClose){if(s.log.debug("manual close, onClose callback"),s.manualClose=!1,s.options.onClose)return s.options.onClose(e)}else if(s.log.debug("error close, onError callback"),s.options.onError)return s.options.onError("Connection lost...")}),this.ws.onerror=(n=this,function(e){if(n.log.debug("onError",e),n.options.onError)return n.options.onError(e)})},h.prototype.close=function(){return this.log.debug("close websocket manually"),this.manualClose=!0,this.ws.close()},h.prototype.reconnect=function(){return this.log.debug("reconnect"),this.close(),this.connect()},h.prototype.send=function(e,t){return this.log.debug("send",e,t=null==t?{}:t),t=JSON.stringify({event:e,data:t}),this.ws.send(t)},h.prototype.ping=function(){var e;return(e=this).pingDelayId=setTimeout(function(){return e.send("ping")},29e3)},s=h,extend(m,e),m.prototype.defaults={chatId:void 0,show:!0,target:document.querySelector("body"),host:"",debug:!1,flat:!1,lang:void 0,cssAutoload:!0,cssUrl:void 0,fontSize:void 0,buttonClass:"open-zammad-chat",inactiveClass:"is-inactive",title:"<strong>Chat</strong> with us!",scrollHint:"Scroll down to see new messages",idleTimeout:6,idleTimeoutIntervallCheck:.5,inactiveTimeout:8,inactiveTimeoutIntervallCheck:.5,waitingListTimeout:4,waitingListTimeoutIntervallCheck:.5,onReady:void 0,onCloseAnimationEnd:void 0,onError:void 0,onOpenAnimationEnd:void 0,onConnectionReestablished:void 0,onSessionClosed:void 0,onConnectionEstablished:void 0,onCssLoaded:void 0},m.prototype.logPrefix="chat",m.prototype._messageCount=0,m.prototype.isOpen=!1,m.prototype.blinkOnlineInterval=null,m.prototype.stopBlinOnlineStateTimeout=null,m.prototype.showTimeEveryXMinutes=2,m.prototype.lastTimestamp=null,m.prototype.lastAddedType=null,m.prototype.inputDisabled=!1,m.prototype.inputTimeout=null,m.prototype.isTyping=!1,m.prototype.state="offline",m.prototype.initialQueueDelay=1e4,m.prototype.translations={da:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> med os!","Scroll down to see new messages":"Scroll ned for at se nye beskeder",Online:"Online",Offline:"Offline",Connecting:"Forbinder","Connection re-established":"Forbindelse genoprettet",Today:"I dag",Send:"Send","Chat closed by %s":"Chat lukket af %s","Compose your message...":"Skriv en besked...","All colleagues are busy.":"Alle kollegaer er optaget.","You are on waiting list position <strong>%s</strong>.":"Du er i venteliste som nummer <strong>%s</strong>.","Start new conversation":"Start en ny samtale","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Da du ikke har svaret i de sidste %s minutter er din samtale med <strong>%s</strong> blevet lukket.","Since you didn't respond in the last %s minutes your conversation got closed.":"Da du ikke har svaret i de sidste %s minutter er din samtale blevet lukket.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi beklager, det tager længere end forventet at få en ledig plads. Prøv venligst igen senere eller send os en e-mail. På forhånd tak!"},de:{"<strong>Chat</strong> with us!":"<strong>Chatte</strong> mit uns!","Scroll down to see new messages":"Scrolle nach unten um neue Nachrichten zu sehen",Online:"Online",Offline:"Offline",Connecting:"Verbinden","Connection re-established":"Verbindung wiederhergestellt",Today:"Heute",Send:"Senden","Chat closed by %s":"Chat beendet von %s","Compose your message...":"Ihre Nachricht...","All colleagues are busy.":"Alle Kollegen sind belegt.","You are on waiting list position <strong>%s</strong>.":"Sie sind in der Warteliste an der Position <strong>%s</strong>.","Start new conversation":"Neue Konversation starten","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Da Sie in den letzten %s Minuten nichts geschrieben haben wurde Ihre Konversation mit <strong>%s</strong> geschlossen.","Since you didn't respond in the last %s minutes your conversation got closed.":"Da Sie in den letzten %s Minuten nichts geschrieben haben wurde Ihre Konversation geschlossen.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Es tut uns leid, es dauert länger als erwartet, um einen freien Platz zu erhalten. Bitte versuchen Sie es zu einem späteren Zeitpunkt noch einmal oder schicken Sie uns eine E-Mail. Vielen Dank!"},es:{"<strong>Chat</strong> with us!":"<strong>Chatee</strong> con nosotros!","Scroll down to see new messages":"Haga scroll hacia abajo para ver nuevos mensajes",Online:"En linea",Offline:"Desconectado",Connecting:"Conectando","Connection re-established":"Conexión restablecida",Today:"Hoy",Send:"Enviar","Chat closed by %s":"Chat cerrado por %s","Compose your message...":"Escriba su mensaje...","All colleagues are busy.":"Todos los agentes están ocupados.","You are on waiting list position <strong>%s</strong>.":"Usted está en la posición <strong>%s</strong> de la lista de espera.","Start new conversation":"Iniciar nueva conversación","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Puesto que usted no respondió en los últimos %s minutos su conversación con <strong>%s</strong> se ha cerrado.","Since you didn't respond in the last %s minutes your conversation got closed.":"Puesto que usted no respondió en los últimos %s minutos su conversación se ha cerrado.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Lo sentimos, se tarda más tiempo de lo esperado para ser atendido por un agente. Inténtelo de nuevo más tarde o envíenos un correo electrónico. ¡Gracias!"},fi:{"<strong>Chat</strong> with us!":"<strong>Keskustele</strong> kanssamme!","Scroll down to see new messages":"Rullaa alas nähdäksesi uudet viestit",Online:"Paikalla",Offline:"Poissa",Connecting:"Yhdistetään","Connection re-established":"Yhteys muodostettu uudelleen",Today:"Tänään",Send:"Lähetä","Chat closed by %s":"%s sulki keskustelun","Compose your message...":"Luo viestisi...","All colleagues are busy.":"Kaikki kollegat ovat varattuja.","You are on waiting list position <strong>%s</strong>.":"Olet odotuslistalla sijalla <strong>%s</strong>.","Start new conversation":"Aloita uusi keskustelu","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Koska et vastannut viimeiseen %s minuuttiin, keskustelusi <strong>%s</strong> kanssa suljettiin.","Since you didn't respond in the last %s minutes your conversation got closed.":"Koska et vastannut viimeiseen %s minuuttiin, keskustelusi suljettiin.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Olemme pahoillamme, tyhjän paikan vapautumisessa kestää odotettua pidempään. Ole hyvä ja yritä myöhemmin uudestaan tai lähetä meille sähköpostia. Kiitos!"},fr:{"<strong>Chat</strong> with us!":"<strong>Chattez</strong> avec nous!","Scroll down to see new messages":"Faites défiler pour lire les nouveaux messages",Online:"En-ligne",Offline:"Hors-ligne",Connecting:"Connexion en cours","Connection re-established":"Connexion rétablie",Today:"Aujourdhui",Send:"Envoyer","Chat closed by %s":"Chat fermé par %s","Compose your message...":"Composez votre message...","All colleagues are busy.":"Tous les collaborateurs sont occupés actuellement.","You are on waiting list position <strong>%s</strong>.":"Vous êtes actuellement en position <strong>%s</strong> dans la file d'attente.","Start new conversation":"Démarrer une nouvelle conversation","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Si vous ne répondez pas dans les <strong>%s</strong> minutes, votre conversation avec %s sera fermée.","Since you didn't respond in the last %s minutes your conversation got closed.":"Si vous ne répondez pas dans les %s minutes, votre conversation va être fermée.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Nous sommes désolés, il faut plus de temps que prévu pour obtenir un emplacement vide. Veuillez réessayer ultérieurement ou nous envoyer un courriel. Nous vous remercions!"},he:{"<strong>Chat</strong> with us!":"<strong>שוחח</strong>איתנו!","Scroll down to see new messages":"גלול מטה כדי לראות הודעות חדשות",Online:"מחובר",Offline:"מנותק",Connecting:"מתחבר","Connection re-established":"החיבור שוחזר",Today:"היום",Send:"שלח","Chat closed by %s":'הצאט נסגר ע"י %s',"Compose your message...":"כתוב את ההודעה שלך ...","All colleagues are busy.":"כל הנציגים תפוסים","You are on waiting list position <strong>%s</strong>.":"מיקומך בתור <strong>%s</strong>.","Start new conversation":"התחל שיחה חדשה","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"מכיוון שלא הגבת במהלך %s דקות השיחה שלך עם <strong>%s</strong> נסגרה.","Since you didn't respond in the last %s minutes your conversation got closed.":"מכיוון שלא הגבת במהלך %s הדקות האחרונות השיחה שלך נסגרה.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":'מצטערים, הזמן לקבלת נציג ארוך מהרגיל. נסה שוב מאוחר יותר או שלח לנו דוא"ל. תודה!'},hu:{"<strong>Chat</strong> with us!":"<strong>Chatelj</strong> velünk!","Scroll down to see new messages":"Görgess lejjebb az újabb üzenetekért",Online:"Online",Offline:"Offline",Connecting:"Csatlakozás","Connection re-established":"Újracsatlakozás",Today:"Ma",Send:"Küldés","Chat closed by %s":"A beszélgetést lezárta %s","Compose your message...":"Írj üzenetet...","All colleagues are busy.":"Jelenleg minden kollégánk elfoglalt.","You are on waiting list position <strong>%s</strong>.":"A várólistán a <strong>%s</strong>. pozícióban várakozol.","Start new conversation":"Új beszélgetés indítása","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Mivel %s perce nem érkezett újabb üzenet, ezért a <strong>%s</strong> kollégával folytatott beszéletést lezártuk.","Since you didn't respond in the last %s minutes your conversation got closed.":"Mivel %s perce nem érkezett válasz, a beszélgetés lezárult.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Sajnáljuk, de a várakozási idő hosszabb a szokásosnál. Kérlek próbáld újra, vagy írd meg kérdésed emailben. Köszönjük!"},nl:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> met ons!","Scroll down to see new messages":"Scrol naar beneden om nieuwe berichten te zien",Online:"Online",Offline:"Offline",Connecting:"Verbinden","Connection re-established":"Verbinding herstelt",Today:"Vandaag",Send:"Verzenden","Chat closed by %s":"Chat gesloten door %s","Compose your message...":"Typ uw bericht...","All colleagues are busy.":"Alle medewerkers zijn bezet.","You are on waiting list position <strong>%s</strong>.":"U bent <strong>%s</strong> in de wachtrij.","Start new conversation":"Nieuwe conversatie starten","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Omdat u in de laatste %s minuten niets geschreven heeft wordt de conversatie met <strong>%s</strong> gesloten.","Since you didn't respond in the last %s minutes your conversation got closed.":"Omdat u in de laatste %s minuten niets geschreven heeft is de conversatie gesloten.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Het spijt ons, het duurt langer dan verwacht om te antwoorden. Alstublieft probeer het later nogmaals of stuur ons een email. Hartelijk dank!"},it:{"<strong>Chat</strong> with us!":"<strong>Chatta</strong> con noi!","Scroll down to see new messages":"Scorrere verso il basso per vedere i nuovi messaggi",Online:"Online",Offline:"Offline",Connecting:"Collegamento","Connection re-established":"Collegamento ristabilito",Today:"Oggi",Send:"Invio","Chat closed by %s":"Conversazione chiusa da %s","Compose your message...":"Comporre il tuo messaggio...","All colleagues are busy.":"Tutti i colleghi sono occupati.","You are on waiting list position <strong>%s</strong>.":"Siete in posizione lista d' attesa <strong>%s</strong>.","Start new conversation":"Avviare una nuova conversazione","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Dal momento che non hai risposto negli ultimi %s minuti la tua conversazione con <strong>%s</strong> si è chiusa.","Since you didn't respond in the last %s minutes your conversation got closed.":"Dal momento che non hai risposto negli ultimi %s minuti la tua conversazione si è chiusa.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Ci dispiace, ci vuole più tempo come previsto per ottenere uno slot vuoto. Per favore riprova più tardi o inviaci un' e-mail. Grazie!"},pl:{"<strong>Chat</strong> with us!":"<strong>Czatuj</strong> z nami!","Scroll down to see new messages":"Przewiń w dół, aby wyświetlić nowe wiadomości",Online:"Online",Offline:"Offline",Connecting:"Łączenie","Connection re-established":"Ponowne nawiązanie połączenia",Today:"dzisiejszy",Send:"Wyślij","Chat closed by %s":"Czat zamknięty przez %s","Compose your message...":"Utwórz swoją wiadomość...","All colleagues are busy.":"Wszyscy konsultanci są zajęci.","You are on waiting list position <strong>%s</strong>.":"Na liście oczekujących znajduje się pozycja <strong>%s</strong>.","Start new conversation":"Rozpoczęcie nowej konwersacji","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Ponieważ w ciągu ostatnich %s minut nie odpowiedziałeś, Twoja rozmowa z <strong>%s</strong> została zamknięta.","Since you didn't respond in the last %s minutes your conversation got closed.":"Ponieważ nie odpowiedziałeś w ciągu ostatnich %s minut, Twoja rozmowa została zamknięta.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Przykro nam, ale to trwa dłużej niż się spodziewamy. Spróbuj ponownie później lub wyślij nam wiadomość e-mail. Dziękuję!"},"pt-br":{"<strong>Chat</strong> with us!":"<strong>Chat</strong> fale conosco!","Scroll down to see new messages":"Role para baixo, para ver nosvas mensagens",Online:"Online",Offline:"Desconectado",Connecting:"Conectando","Connection re-established":"Conexão restabelecida",Today:"Hoje",Send:"Enviar","Chat closed by %s":"Chat encerrado por %s","Compose your message...":"Escreva sua mensagem...","All colleagues are busy.":"Todos os agentes estão ocupados.","You are on waiting list position <strong>%s</strong>.":"Você está na posição <strong>%s</strong> na fila de espera.","Start new conversation":"Iniciar uma nova conversa","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Como você não respondeu nos últimos %s minutos sua conversa com <strong>%s</strong> foi encerrada.","Since you didn't respond in the last %s minutes your conversation got closed.":"Como você não respondeu nos últimos %s minutos sua conversa foi encerrada.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Desculpe, mas o tempo de espera por um agente foi excedido. Tente novamente mais tarde ou nós envie um email. Obrigado"},"zh-cn":{"<strong>Chat</strong> with us!":"发起<strong>即时对话</strong>!","Scroll down to see new messages":"向下滚动以查看新消息",Online:"在线",Offline:"离线",Connecting:"连接中","Connection re-established":"正在重新建立连接",Today:"今天",Send:"发送","Chat closed by %s":"Chat closed by %s","Compose your message...":"正在输入信息...","All colleagues are busy.":"所有工作人员都在忙碌中.","You are on waiting list position <strong>%s</strong>.":"您目前的等候位置是第 <strong>%s</strong> 位.","Start new conversation":"开始新的会话","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"由于您超过 %s 分钟没有回复, 您与 <strong>%s</strong> 的会话已被关闭.","Since you didn't respond in the last %s minutes your conversation got closed.":"由于您超过 %s 分钟没有任何回复, 该对话已被关闭.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"非常抱歉, 目前需要等候更长的时间才能接入对话, 请稍后重试或向我们发送电子邮件. 谢谢!"},"zh-tw":{"<strong>Chat</strong> with us!":"開始<strong>即時對话</strong>!","Scroll down to see new messages":"向下滑動以查看新訊息",Online:"線上",Offline:"离线",Connecting:"連線中","Connection re-established":"正在重新建立連線中",Today:"今天",Send:"發送","Chat closed by %s":"Chat closed by %s","Compose your message...":"正在輸入訊息...","All colleagues are busy.":"所有服務人員都在忙碌中.","You are on waiting list position <strong>%s</strong>.":"你目前的等候位置是第 <strong>%s</strong> 順位.","Start new conversation":"開始新的對話","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"由於你超過 %s 分鐘沒有回應, 你與 <strong>%s</strong> 的對話已被關閉.","Since you didn't respond in the last %s minutes your conversation got closed.":"由於你超過 %s 分鐘沒有任何回應, 該對話已被關閉.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"非常抱歉, 當前需要等候更長的時間方可排入對話程序, 請稍後重試或向我們寄送電子郵件. 謝謝!"},ru:{"<strong>Chat</strong> with us!":"Напишите нам!","Scroll down to see new messages":"Прокрутите, чтобы увидеть новые сообщения",Online:"Онлайн",Offline:"Оффлайн",Connecting:"Подключение","Connection re-established":"Подключение восстановлено",Today:"Сегодня",Send:"Отправить","Chat closed by %s":"%s закрыл чат","Compose your message...":"Напишите сообщение...","All colleagues are busy.":"Все сотрудники заняты","You are on waiting list position %s.":"Вы в списке ожидания под номером %s","Start new conversation":"Начать новую переписку.","Since you didn't respond in the last %s minutes your conversation with %s got closed.":"Поскольку вы не отвечали в течение последних %s минут, ваш разговор с %s был закрыт.","Since you didn't respond in the last %s minutes your conversation got closed.":"Поскольку вы не отвечали в течение последних %s минут, ваш разговор был закрыт.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"К сожалению, ожидание свободного места требует больше времени. Повторите попытку позже или отправьте нам электронное письмо. Спасибо!"},sv:{"<strong>Chat</strong> with us!":"<strong>Chatta</strong> med oss!","Scroll down to see new messages":"Rulla ner för att se nya meddelanden",Online:"Online",Offline:"Offline",Connecting:"Ansluter","Connection re-established":"Anslutningen återupprättas",Today:"I dag",Send:"Skicka","Chat closed by %s":"Chatt stängd av %s","Compose your message...":"Skriv ditt meddelande...","All colleagues are busy.":"Alla kollegor är upptagna.","You are on waiting list position <strong>%s</strong>.":"Du är på väntelistan som position <strong>%s</strong>.","Start new conversation":"Starta ny konversation","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Eftersom du inte svarat inom %s minuterna i din konversation med <strong>%s</strong> så stängdes chatten.","Since you didn't respond in the last %s minutes your conversation got closed.":"Då du inte svarat inom de senaste %s minuterna så avslutades din chatt.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi är ledsna, det tar längre tid som förväntat att få en ledig plats. Försök igen senare eller skicka ett e-postmeddelande till oss. Tack!"},no:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> med oss!","Scroll down to see new messages":"Bla ned for å se nye meldinger",Online:"Pålogget",Offline:"Avlogget",Connecting:"Koble til","Connection re-established":"Tilkoblingen er gjenopprettet",Today:"I dag",Send:"Send","Chat closed by %s":"Chat avsluttes om %s","Compose your message...":"Skriv din melding...","All colleagues are busy.":"Alle våre kolleger er for øyeblikket opptatt.","You are on waiting list position <strong>%s</strong>.":"Du står nå i kø og er nr. <strong>%s</strong> på ventelisten.","Start new conversation":"Start en ny samtale","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene av samtalen, vil samtalen med  <strong>%s</strong> nå avsluttes.","Since you didn't respond in the last %s minutes your conversation got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene, har samtalen nå blitt avsluttet.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi beklager, men det tar lengre tid enn vanlig å få en ledig plass i vår chat. Vennligst prøv igjen på et senere tidspunkt eller send oss en e-post. Tusen takk!"},nb:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> med oss!","Scroll down to see new messages":"Bla ned for å se nye meldinger",Online:"Pålogget",Offline:"Avlogget",Connecting:"Koble til","Connection re-established":"Tilkoblingen er gjenopprettet",Today:"I dag",Send:"Send","Chat closed by %s":"Chat avsluttes om %s","Compose your message...":"Skriv din melding...","All colleagues are busy.":"Alle våre kolleger er for øyeblikket opptatt.","You are on waiting list position <strong>%s</strong>.":"Du står nå i kø og er nr. <strong>%s</strong> på ventelisten.","Start new conversation":"Start en ny samtale","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene av samtalen, vil samtalen med  <strong>%s</strong> nå avsluttes.","Since you didn't respond in the last %s minutes your conversation got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene, har samtalen nå blitt avsluttet.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi beklager, men det tar lengre tid enn vanlig å få en ledig plass i vår chat. Vennligst prøv igjen på et senere tidspunkt eller send oss en e-post. Tusen takk!"},el:{"<strong>Chat</strong> with us!":"<strong>Επικοινωνήστε</strong> μαζί μας!","Scroll down to see new messages":"Μεταβείτε κάτω για να δείτε τα νέα μηνύματα",Online:"Σε σύνδεση",Offline:"Αποσυνδεμένος",Connecting:"Σύνδεση","Connection re-established":"Η σύνδεση αποκαταστάθηκε",Today:"Σήμερα",Send:"Αποστολή","Chat closed by %s":"Η συνομιλία έκλεισε από τον/την %s","Compose your message...":"Γράψτε το μήνυμα σας...","All colleagues are busy.":"Όλοι οι συνάδελφοι μας είναι απασχολημένοι.","You are on waiting list position <strong>%s</strong>.":"Βρίσκεστε σε λίστα αναμονής στη θέση <strong>%s</strong>.","Start new conversation":"Έναρξη νέας συνομιλίας","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Από τη στιγμή που δεν απαντήσατε τα τελευταία %s λεπτά η συνομιλία σας με τον/την <strong>%s</strong> έκλεισε.","Since you didn't respond in the last %s minutes your conversation got closed.":"Από τη στιγμή που δεν απαντήσατε τα τελευταία %s λεπτά η συνομιλία σας έκλεισε.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Λυπούμαστε που χρειάζεται περισσότερος χρόνος από τον αναμενόμενο για να βρεθεί μία κενή θέση. Παρακαλούμε δοκιμάστε ξανά αργότερα ή στείλτε μας ένα email. Ευχαριστούμε!"}},m.prototype.sessionId=void 0,m.prototype.scrolledToBottom=!0,m.prototype.scrollSnapTolerance=10,m.prototype.richTextFormatKey={66:!0,73:!0,85:!0,83:!0},m.prototype.T=function(){var e,t,s,n,o=arguments[0],i=2<=arguments.length?slice.call(arguments,1):[];if(this.options.lang&&"en"!==this.options.lang&&(this.translations[this.options.lang]?((n=this.translations[this.options.lang])[o]||this.log.notice("Translation needed for '"+o+"'"),o=n[o]||o):this.log.notice("Translation '"+this.options.lang+"' needed!")),i)for(t=0,s=i.length;t<s;t++)e=i[t],o=o.replace(/%s/,e);return o},m.prototype.view=function(t){return s=this,function(e){return(e=e||{}).T=s.T,e.background=s.options.background,e.flat=s.options.flat,e.fontSize=s.options.fontSize,C.zammadChatTemplates[t](e)};var s},m.prototype.getScrollRoot=function(){var e,t,s;return"scrollingElement"in document?document.scrollingElement:(t=document.documentElement,s=parseInt(t.pageYOffset,10),t.pageYOffset=s+1,e=parseInt(t.pageYOffset,10),(t.pageYOffset=s)<e?t:document.body)},m.prototype.render=function(){var e;return this.el&&document.querySelector(".zammad-chat")||this.renderBase(),(e=document.querySelector("."+this.options.buttonClass))&&e.classList.add(this.options.inactiveClass),this.setAgentOnlineState("online"),this.log.debug("widget rendered"),this.startTimeoutObservers(),this.idleTimeout.start(),this.sessionId=sessionStorage.getItem("sessionId"),this.send("chat_status_customer",{session_id:this.sessionId,url:C.location.href})},m.prototype.renderBase=function(){return this.el&&this.el.remove(),this.options.target.insertAdjacentHTML("beforeend",this.view("chat")({title:this.options.title,scrollHint:this.options.scrollHint})),this.el=this.options.target.querySelector(".zammad-chat"),this.input=this.el.querySelector(".zammad-chat-input"),this.body=this.el.querySelector(".zammad-chat-body"),this.el.querySelector(".js-chat-open").addEventListener("click",this.open),this.el.querySelector(".js-chat-toggle").addEventListener("click",this.toggle),this.el.querySelector(".js-chat-status").addEventListener("click",this.stopPropagation),this.el.querySelector(".zammad-chat-controls").addEventListener("submit",this.onSubmit),this.body.addEventListener("scroll",this.detectScrolledtoBottom),this.el.querySelector(".zammad-scroll-hint").addEventListener("click",this.onScrollHintClick),this.input.addEventListener("keydown",this.onKeydown),this.input.addEventListener("input",this.onInput),this.input.addEventListener("paste",this.onPaste),this.input.addEventListener("drop",this.onDrop),C.addEventListener("beforeunload",this.onLeaveTemporary),C.addEventListener("hashchange",(e=this,function(){if(!e.isOpen)return e.idleTimeout.start();e.sessionId&&e.send("chat_session_notice",{session_id:e.sessionId,message:C.location.href})}));var e},m.prototype.stopPropagation=function(e){return e.stopPropagation()},m.prototype.onDrop=function(e){var t,o,i,a;if(e.stopPropagation(),e.preventDefault(),C.dataTransfer)t=C.dataTransfer;else{if(!e.dataTransfer)throw"No clipboardData support";t=e.dataTransfer}if(o=e.clientX,i=e.clientY,(e=t.files[0]).type.match("image.*"))return(t=new FileReader).onload=(a=this,function(e){var t=function(e,t){var s,n;return a.isRetina()&&(t/=2),n=e,(e=new Image).style.width="100%",e.style.maxWidth=t+"px",e.src=n,document.caretPositionFromPoint?(n=document.caretPositionFromPoint(o,i),(s=document.createRange()).setStart(n.offsetNode,n.offset),s.collapse(),s.insertNode(e)):document.caretRangeFromPoint?(s=document.caretRangeFromPoint(o,i)).insertNode(e):console.log("could not find carat")};return a.resizeImage(e.target.result,460,"auto",2,"image/jpeg","auto",t)}),t.readAsDataURL(e)},m.prototype.onPaste=function(t){var s,n,e,o,i,a,r,l,d,c,u,h,m,p,g,y,f,v,b,w,S;if(t.stopPropagation(),t.preventDefault(),t.clipboardData)s=t.clipboardData;else if(C.clipboardData)s=C.clipboardData;else{if(!t.clipboardData)throw"No clipboardData support";s=t.clipboardData}if(h=!1,s&&s.items&&s.items[0]&&("file"!==(e=s.items[0]).kind||"image/png"!==e.type&&"image/jpeg"!==e.type||(n=e.getAsFile(),(w=new FileReader).onload=(S=this,function(e){var t=function(e,t){var s;return S.isRetina()&&(t/=2),(s=new Image).style.width="100%",s.style.maxWidth=t+"px",s.src=e,document.execCommand("insertHTML",!1,s)};return S.resizeImage(e.target.result,460,"auto",2,"image/jpeg","auto",t)}),w.readAsDataURL(n),h=!0)),!h){n=w=void 0;try{w=s.getData("text/html"),n="html",w&&0!==w.length||(n="text",w=s.getData("text/plain")),w&&0!==w.length||(n="text2",w=s.getData("text"))}catch(e){t=e,console.log("Sorry, can't insert markup because browser is not supporting it."),n="text3",w=s.getData("text")}if("text"!==n&&"text2"!==n&&"text3"!==n||(w=(w="<div>"+w.replace(/\n/g,"</div><div>")+"</div>").replace(/<div><\/div>/g,"<div><br></div>")),console.log("p",n,w),"html"===n){for(h=!1,s=(t=document.createElement("div")).innerHTML=w,b=new RegExp("<(/w|w):[A-Za-z]"),s.match(b)&&(h=!0,s=s.replace(b,"")),b=new RegExp("<(/o|o):[A-Za-z]"),s.match(b)&&(h=!0,s=s.replace(b,"")),o=0,r=(g=(t=h?this.wordFilter(t):t).childNodes).length;o<r;o++)8===(m=g[o]).nodeType&&m.remove();for(i=0,l=(y=t.querySelectorAll("a, font, small, time, form, label")).length;i<l;i++)(m=y[i]).outerHTML=m.innerHTML;for(a=0,d=(f=t.querySelectorAll("textarea")).length;a<d;a++)p=(m=f[a]).outerHTML,b=new RegExp("<"+m.tagName,"i"),p=p.replace(b,"<div"),b=new RegExp("</"+m.tagName,"i"),p=p.replace(b,"</div"),m.outerHTML=p;for(u=0,c=(v=t.querySelectorAll("font, img, svg, input, select, button, style, applet, embed, noframes, canvas, script, frame, iframe, meta, link, title, head, fieldset")).length;u<c;u++)(m=v[u]).remove();this.removeAttributes(t),w=t.innerHTML}return"text3"===n?this.pasteHtmlAtCaret(w):document.execCommand("insertHTML",!1,w),!0}},m.prototype.onKeydown=function(e){var t;if(this.inputDisabled||e.shiftKey||13!==e.keyCode||(e.preventDefault(),this.sendMessage()),t=!1,(t=!e.altKey&&!e.ctrlKey&&e.metaKey||!e.altKey&&e.ctrlKey&&!e.metaKey?!0:t)&&this.richTextFormatKey[e.keyCode])return e.preventDefault(),66===e.keyCode?(document.execCommand("bold"),!0):73===e.keyCode?(document.execCommand("italic"),!0):85===e.keyCode?(document.execCommand("underline"),!0):83===e.keyCode?(document.execCommand("strikeThrough"),!0):void 0},m.prototype.send=function(e,t){return(t=null==t?{}:t).chat_id=this.options.chatId,this.io.send(e,t)},m.prototype.onWebSocketMessage=function(e){for(var t,s=0,n=e.length;s<n;s++)switch(t=e[s],this.log.debug("ws:onmessage",t),t.event){case"chat_error":this.log.notice(t.data),t.data&&"chat_disabled"===t.data.state&&this.destroy({remove:!0});break;case"chat_session_message":if(t.data.self_written)return;this.receiveMessage(t.data);break;case"chat_session_typing":if(t.data.self_written)return;this.onAgentTypingStart();break;case"chat_session_start":this.onConnectionEstablished(t.data);break;case"chat_session_queue":this.onQueueScreen(t.data);break;case"chat_session_closed":case"chat_session_left":this.onSessionClosed(t.data);break;case"chat_status_customer":switch(t.data.state){case"online":this.sessionId=void 0,!this.options.cssAutoload||this.cssLoaded?this.onReady():this.socketReady=!0;break;case"offline":this.onError("Zammad Chat: No agent online");break;case"chat_disabled":this.onError("Zammad Chat: Chat is disabled");break;case"no_seats_available":this.onError("Zammad Chat: Too many clients in queue. Clients in queue: "+t.data.queue);break;case"reconnect":this.onReopenSession(t.data)}}},m.prototype.onReady=function(){var e;if(this.log.debug("widget ready for use"),(e=document.querySelector("."+this.options.buttonClass))&&(e.addEventListener("click",this.open),e.classList.remove(this.options.inactiveClass)),"function"==typeof(e=this.options).onReady&&e.onReady(),this.options.show)return this.show()},m.prototype.onError=function(e){var t;return this.log.debug(e),this.addStatus(e),(t=document.querySelector("."+this.options.buttonClass))&&t.classList.add("zammad-chat-is-hidden"),this.isOpen?(this.disableInput(),this.destroy({remove:!1})):this.destroy({remove:!0}),"function"==typeof(t=this.options).onError?t.onError(e):void 0},m.prototype.onReopenSession=function(e){var t,s,n,o,i;if(this.log.debug("old messages",e.session),this.inactiveTimeout.start(),i=sessionStorage.getItem("unfinished_message"),e.agent){for(this.onConnectionEstablished(e),t=0,s=(o=e.session).length;t<s;t++)n=o[t],this.renderMessage({message:n.content,id:n.id,from:n.created_by_id?"agent":"customer"});i&&(this.input.innerHTML=i)}if(e.position&&this.onQueue(e),this.show(),this.open(),this.scrollToBottom(),i)return this.input.focus()},m.prototype.onInput=function(){for(var e=this.el.querySelectorAll(".zammad-chat-message--unread"),t=0,s=e.length;t<s;t++)e[t].classList.remove("zammad-chat-message--unread");return sessionStorage.setItem("unfinished_message",this.input.innerHTML),this.onTyping()},m.prototype.onTyping=function(){if(!(this.isTyping&&this.isTyping>new Date((new Date).getTime()-1500)))return this.isTyping=new Date,this.send("chat_session_typing",{session_id:this.sessionId}),this.inactiveTimeout.start()},m.prototype.onSubmit=function(e){return e.preventDefault(),this.sendMessage()},m.prototype.sendMessage=function(){var e,t=this.input.innerHTML;if(t)return this.inactiveTimeout.start(),sessionStorage.removeItem("unfinished_message"),e=this.view("message")({message:t,from:"customer",id:this._messageCount++,unreadClass:""}),this.maybeAddTimestamp(),this.el.querySelector(".zammad-chat-message--typing")?(this.lastAddedType="typing-placeholder",this.el.querySelector(".zammad-chat-message--typing").insertAdjacentHTML("beforebegin",e)):(this.lastAddedType="message--customer",this.body.insertAdjacentHTML("beforeend",e)),this.input.innerHTML="",this.scrollToBottom(),this.send("chat_session_message",{content:t,id:this._messageCount,session_id:this.sessionId})},m.prototype.receiveMessage=function(e){return this.inactiveTimeout.start(),this.onAgentTypingEnd(),this.maybeAddTimestamp(),this.renderMessage({message:e.message.content,id:e.id,from:"agent"}),this.scrollToBottom({showHint:!0})},m.prototype.renderMessage=function(e){return this.lastAddedType="message--"+e.from,e.unreadClass=document.hidden?" zammad-chat-message--unread":"",this.body.insertAdjacentHTML("beforeend",this.view("message")(e))},m.prototype.open=function(){var e;if(!this.isOpen)return this.isOpen=!0,this.log.debug("open widget"),this.show(),this.sessionId||this.showLoader(),this.el.classList.add("zammad-chat-is-open"),e=this.el.clientHeight-this.el.querySelector(".zammad-chat-header").offsetHeight,this.el.style.transform="translateY("+e+"px)",this.el.clientHeight,this.sessionId?(this.el.style.transform="",this.onOpenAnimationEnd()):(this.el.addEventListener("transitionend",this.onOpenAnimationEnd),this.el.classList.add("zammad-chat--animate"),this.el.clientHeight,this.el.style.transform="",this.send("chat_session_init",{url:C.location.href}));this.log.debug("widget already open, block")},m.prototype.onOpenAnimationEnd=function(){var e;return this.el.removeEventListener("transitionend",this.onOpenAnimationEnd),this.el.classList.remove("zammad-chat--animate"),this.idleTimeout.stop(),this.isFullscreen&&this.disableScrollOnRoot(),"function"==typeof(e=this.options).onOpenAnimationEnd?e.onOpenAnimationEnd():void 0},m.prototype.sessionClose=function(){return this.send("chat_session_close",{session_id:this.sessionId}),this.inactiveTimeout.stop(),this.waitingListTimeout.stop(),sessionStorage.removeItem("unfinished_message"),this.onInitialQueueDelayId&&clearTimeout(this.onInitialQueueDelayId),this.setSessionId(void 0)},m.prototype.toggle=function(e){return this.isOpen?this.close(e):this.open(e)},m.prototype.close=function(e){if(this.isOpen){if(this.initDelayId&&clearTimeout(this.initDelayId),this.sessionId)return this.log.debug("close widget"),e&&e.stopPropagation(),this.sessionClose(),this.isFullscreen&&this.enableScrollOnRoot(),e=this.el.clientHeight-this.el.querySelector(".zammad-chat-header").offsetHeight,this.el.addEventListener("transitionend",this.onCloseAnimationEnd),this.el.classList.add("zammad-chat--animate"),document.offsetHeight,this.el.style.transform="translateY("+e+"px)";this.log.debug("can't close widget without sessionId")}else this.log.debug("can't close widget, it's not open")},m.prototype.onCloseAnimationEnd=function(){var e;return this.el.removeEventListener("transitionend",this.onCloseAnimationEnd),this.el.classList.remove("zammad-chat-is-open","zammad-chat--animate"),this.el.style.transform="",this.showLoader(),this.el.querySelector(".zammad-chat-welcome").classList.remove("zammad-chat-is-hidden"),this.el.querySelector(".zammad-chat-agent").classList.add("zammad-chat-is-hidden"),this.el.querySelector(".zammad-chat-agent-status").classList.add("zammad-chat-is-hidden"),this.isOpen=!1,"function"==typeof(e=this.options).onCloseAnimationEnd&&e.onCloseAnimationEnd(),this.io.reconnect()},m.prototype.onWebSocketClose=function(){if(!this.isOpen)return this.el?(this.el.classList.remove("zammad-chat-is-shown"),this.el.classList.remove("zammad-chat-is-loaded")):void 0},m.prototype.show=function(){if("offline"!==this.state)return this.el.classList.add("zammad-chat-is-loaded"),this.el.classList.add("zammad-chat-is-shown")},m.prototype.disableInput=function(){return this.inputDisabled=!0,this.input.setAttribute("contenteditable",!1),this.el.querySelector(".zammad-chat-send").disabled=!0,this.io.close()},m.prototype.enableInput=function(){return this.inputDisabled=!1,this.input.setAttribute("contenteditable",!0),this.el.querySelector(".zammad-chat-send").disabled=!1},m.prototype.hideModal=function(){return this.el.querySelector(".zammad-chat-modal").innerHTML=""},m.prototype.onQueueScreen=function(e){var t,s;if(this.setSessionId(e.session_id),t=function(){return s.onQueue(e),s.waitingListTimeout.start()},!(s=this).initialQueueDelay||this.onInitialQueueDelayId)return this.onInitialQueueDelayId&&clearTimeout(this.onInitialQueueDelayId),t();this.onInitialQueueDelayId=setTimeout(t,this.initialQueueDelay)},m.prototype.onQueue=function(e){return this.log.notice("onQueue",e.position),this.inQueue=!0,this.el.querySelector(".zammad-chat-modal").innerHTML=this.view("waiting")({position:e.position})},m.prototype.onAgentTypingStart=function(){if(this.stopTypingId&&clearTimeout(this.stopTypingId),this.stopTypingId=setTimeout(this.onAgentTypingEnd,3e3),!this.el.querySelector(".zammad-chat-message--typing")&&(this.maybeAddTimestamp(),this.body.insertAdjacentHTML("beforeend",this.view("typingIndicator")()),this.isVisible(this.el.querySelector(".zammad-chat-message--typing"),!0)))return this.scrollToBottom()},m.prototype.onAgentTypingEnd=function(){if(this.el.querySelector(".zammad-chat-message--typing"))return this.el.querySelector(".zammad-chat-message--typing").remove()},m.prototype.onLeaveTemporary=function(){if(this.sessionId)return this.send("chat_session_leave_temporary",{session_id:this.sessionId})},m.prototype.maybeAddTimestamp=function(){var e,t,s=Date.now();if(!this.lastTimestamp||s-this.lastTimestamp>6e4*this.showTimeEveryXMinutes)return e=this.T("Today"),t=(new Date).toTimeString().substr(0,5),"timestamp"===this.lastAddedType?(this.updateLastTimestamp(e,t),this.lastTimestamp=s):(this.body.insertAdjacentHTML("beforeend",this.view("timestamp")({label:e,time:t})),this.lastTimestamp=s,this.lastAddedType="timestamp",this.scrollToBottom())},m.prototype.updateLastTimestamp=function(e,t){var s;if(this.el&&(s=this.el.querySelectorAll(".zammad-chat-body .zammad-chat-timestamp")))return s[s.length-1].outerHTML=this.view("timestamp")({label:e,time:t})},m.prototype.addStatus=function(e){if(this.el)return this.maybeAddTimestamp(),this.body.insertAdjacentHTML("beforeend",this.view("status")({status:e})),this.scrollToBottom()},m.prototype.detectScrolledtoBottom=function(){var e=this.body.scrollTop+this.body.offsetHeight;if(this.scrolledToBottom=Math.abs(e-this.body.scrollHeight)<=this.scrollSnapTolerance,this.scrolledToBottom)return this.el.querySelector(".zammad-scroll-hint").classList.add("is-hidden")},m.prototype.showScrollHint=function(){return this.el.querySelector(".zammad-scroll-hint").classList.remove("is-hidden"),this.body.scrollTop=this.body.scrollTop+this.el.querySelector(".zammad-scroll-hint").offsetHeight},m.prototype.onScrollHintClick=function(){return this.body.scrollTo({top:this.body.scrollHeight,behavior:"smooth"})},m.prototype.scrollToBottom=function(e){e=(null!=e?e:{showHint:!1}).showHint;return this.scrolledToBottom?this.body.scrollTop=this.body.scrollHeight:e?this.showScrollHint():void 0},m.prototype.destroy=function(e){return this.log.debug("destroy widget",e=null==e?{}:e),this.setAgentOnlineState("offline"),e.remove&&this.el&&(this.el.remove(),(e=document.querySelector("."+this.options.buttonClass))&&(e.classList.add(this.options.inactiveClass),e.style.display="none")),this.waitingListTimeout&&this.waitingListTimeout.stop(),this.inactiveTimeout&&this.inactiveTimeout.stop(),this.idleTimeout&&this.idleTimeout.stop(),this.io.close()},m.prototype.reconnect=function(){return this.log.notice("reconnecting"),this.disableInput(),this.lastAddedType="status",this.setAgentOnlineState("connecting"),this.addStatus(this.T("Connection lost"))},m.prototype.onConnectionReestablished=function(){var e;return this.lastAddedType="status",this.setAgentOnlineState("online"),this.addStatus(this.T("Connection re-established")),"function"==typeof(e=this.options).onConnectionReestablished?e.onConnectionReestablished():void 0},m.prototype.onSessionClosed=function(e){var t;return this.addStatus(this.T("Chat closed by %s",e.realname)),this.disableInput(),this.setAgentOnlineState("offline"),this.inactiveTimeout.stop(),"function"==typeof(t=this.options).onSessionClosed?t.onSessionClosed(e):void 0},m.prototype.setSessionId=function(e){return void 0===(this.sessionId=e)?sessionStorage.removeItem("sessionId"):sessionStorage.setItem("sessionId",e)},m.prototype.onConnectionEstablished=function(e){var t;return this.onInitialQueueDelayId&&clearTimeout(this.onInitialQueueDelayId),this.inQueue=!1,e.agent&&(this.agent=e.agent),e.session_id&&this.setSessionId(e.session_id),this.body.innerHTML="",this.el.querySelector(".zammad-chat-agent").innerHTML=this.view("agent")({agent:this.agent}),this.enableInput(),this.hideModal(),this.el.querySelector(".zammad-chat-welcome").classList.add("zammad-chat-is-hidden"),this.el.querySelector(".zammad-chat-agent").classList.remove("zammad-chat-is-hidden"),this.el.querySelector(".zammad-chat-agent-status").classList.remove("zammad-chat-is-hidden"),this.isFullscreen||this.input.focus(),this.setAgentOnlineState("online"),this.waitingListTimeout.stop(),this.idleTimeout.stop(),this.inactiveTimeout.start(),"function"==typeof(t=this.options).onConnectionEstablished?t.onConnectionEstablished(e):void 0},m.prototype.showCustomerTimeout=function(){return this.el.querySelector(".zammad-chat-modal").innerHTML=this.view("customer_timeout")({agent:this.agent.name,delay:this.options.inactiveTimeout}),this.el.querySelector(".js-restart").addEventListener("click",function(){return location.reload()}),this.sessionClose()},m.prototype.showWaitingListTimeout=function(){return this.el.querySelector(".zammad-chat-modal").innerHTML=this.view("waiting_list_timeout")({delay:this.options.watingListTimeout}),this.el.querySelector(".js-restart").addEventListener("click",function(){return location.reload()}),this.sessionClose()},m.prototype.showLoader=function(){return this.el.querySelector(".zammad-chat-modal").innerHTML=this.view("loader")()},m.prototype.setAgentOnlineState=function(e){var t;if(this.state=e,this.el)return t=e.charAt(0).toUpperCase()+e.slice(1),this.el.querySelector(".zammad-chat-agent-status").dataset.status=e,this.el.querySelector(".zammad-chat-agent-status").textContent=this.T(t)},m.prototype.detectHost=function(){var e="https"===a?"wss://":"ws://";return this.options.host=""+e+i+"/ws"},m.prototype.loadCss=function(){var e,t;if(this.options.cssAutoload)return(t=this.options.cssUrl)||(t=this.options.host.replace(/^wss/i,"https").replace(/^ws/i,"http").replace(/\/ws$/i,""),t+="/assets/chat/chat.css"),this.log.debug("load css from '"+t+"'"),e="@import url('"+t+"');",(t=document.createElement("link")).onload=this.onCssLoaded,t.rel="stylesheet",t.href="data:text/css,"+escape(e),document.getElementsByTagName("head")[0].appendChild(t)},m.prototype.onCssLoaded=function(){var e;return this.cssLoaded=!0,this.socketReady&&this.onReady(),"function"==typeof(e=this.options).onCssLoaded?e.onCssLoaded():void 0},m.prototype.startTimeoutObservers=function(){var e,t,s;return this.idleTimeout=new o({logPrefix:"idleTimeout",debug:this.options.debug,timeout:this.options.idleTimeout,timeoutIntervallCheck:this.options.idleTimeoutIntervallCheck,callback:(e=this,function(){return e.log.debug("Idle timeout reached, hide widget",new Date),e.destroy({remove:!0})})}),this.inactiveTimeout=new o({logPrefix:"inactiveTimeout",debug:this.options.debug,timeout:this.options.inactiveTimeout,timeoutIntervallCheck:this.options.inactiveTimeoutIntervallCheck,callback:(t=this,function(){return t.log.debug("Inactive timeout reached, show timeout screen.",new Date),t.showCustomerTimeout(),t.destroy({remove:!1})})}),this.waitingListTimeout=new o({logPrefix:"waitingListTimeout",debug:this.options.debug,timeout:this.options.waitingListTimeout,timeoutIntervallCheck:this.options.waitingListTimeoutIntervallCheck,callback:(s=this,function(){return s.log.debug("Waiting list timeout reached, show timeout screen.",new Date),s.showWaitingListTimeout(),s.destroy({remove:!1})})})},m.prototype.disableScrollOnRoot=function(){return this.rootScrollOffset=this.scrollRoot.scrollTop,this.scrollRoot.style.overflow="hidden",this.scrollRoot.style.position="fixed"},m.prototype.enableScrollOnRoot=function(){return this.scrollRoot.scrollTop=this.rootScrollOffset,this.scrollRoot.style.overflow="",this.scrollRoot.style.position=""},m.prototype.isVisible=function(e,s,n,o){var i,a,r,l;if(!(e.length<1))return l=C.innerWidth,r=C.innerHeight,o=o||"both",i=!0!==n||t.offsetWidth*t.offsetHeight,n=0<=(a=e.getBoundingClientRect()).top&&a.top<r,e=0<a.bottom&&a.bottom<=r,r=0<=a.left&&a.left<l,l=0<a.right&&a.right<=l,e=s?n||e:n&&e,l=s?r||l:r&&l,"both"===o?i&&e&&l:"vertical"===o?i&&e:"horizontal"===o?i&&l:void 0},m.prototype.isRetina=function(){var e;return!!C.matchMedia&&((e=C.matchMedia("only screen and (min--moz-device-pixel-ratio: 1.3), only screen and (-o-min-device-pixel-ratio: 2.6/2), only screen and (-webkit-min-device-pixel-ratio: 1.3), only screen  and (min-device-pixel-ratio: 1.3), only screen and (min-resolution: 1.3dppx)"))&&e.matches||1<C.devicePixelRatio)},m.prototype.resizeImage=function(e,n,o,i,a,r,l,t){var d;return null==n&&(n="auto"),null==o&&(o="auto"),null==i&&(i=1),null==t&&(t=!0),(d=new Image).onload=function(){var e,t=d.width,s=d.height;return console.log("ImageService","current size",t,s),"auto"===o&&"auto"===n&&(n=t,o=s),"auto"===o&&(o=s/(t/n)),e=!1,(n="auto"===n?s/(t/o):n)<t||o<s?(e=!0,n*=i,o*=i):(n=t,o=s),(s=document.createElement("canvas")).width=n,s.height=o,s.getContext("2d").drawImage(d,0,0,n,o),"auto"===r&&(r=n<200&&o<200?1:n<400&&o<400?.9:n<600&&o<600?.8:n<900&&o<900?.7:.6),s=s.toDataURL(a,r),e?(console.log("ImageService","resize",n/i,o/i,r,.75*s.length/1024/1024,"in mb"),void l(s,n/i,o/i,!0)):(console.log("ImageService","no resize",n,o,r,.75*s.length/1024/1024,"in mb"),l(s,n,o,!1))},d.src=e},m.prototype.pasteHtmlAtCaret=function(e){var t,s,n,o,i=void 0,a=void 0;if(C.getSelection){if((i=C.getSelection()).getRangeAt&&i.rangeCount){for((a=i.getRangeAt(0)).deleteContents(),(t=document.createElement("div")).innerHTML=e,s=document.createDocumentFragment(o,n);o=t.firstChild;)n=s.appendChild(o);if(a.insertNode(s),n)return(a=a.cloneRange()).setStartAfter(n),a.collapse(!0),i.removeAllRanges(),i.addRange(a)}}else if(document.selection&&"Control"!==document.selection.type)return document.selection.createRange().pasteHTML(e)},m.prototype.wordFilter=function(e){var t,s,n,o,i,a,r,l,d,c,u,h,m,p,g,y,f,v,b,w,S,C,T,z,k,A,L,I,O,x,E,j,_,M,q,H,D,P,R=e.html();for(R=(R=(R=(R=R.replace(/<!--[\s\S]+?-->/gi,"")).replace(/<(!|script[^>]*>.*?<\/script(?=[>\s])|\/?(\?xml(:\w+)?|img|meta|link|style|\w:\w+)(?=[\s\/>]))[^>]*>/gi,"")).replace(/<(\/?)s>/gi,"<$1strike>")).replace(/&nbsp;/gi," "),e.innerHTML=R,o=0,l=(k=e.querySelectorAll("p")).length;o<l;o++)D=(S=k[o]).getAttribute("style"),(v=/mso-list:\w+ \w+([0-9]+)/.exec(D))&&(S.dataset._listLevel=parseInt(v[1],10));for(C=null,i=r=0,d=(A=e.querySelectorAll("p")).length;i<d;i++)if(void 0!==(t=(S=A[i]).dataset._listLevel)){if(P=S.textContent,y="<ul></ul>",/^\s*\w+\./.test(P)&&(y=(v=/([0-9])\./.exec(P))?null!=(P=1<(H=parseInt(v[1],10)))?P:'<ol start="'+H+{'"></ol>':"<ol></ol>"}:"<ol></ol>"),r<t&&(0===r&&(S.insertAdjacentHTML("beforebegin",y),C=S.previousElementSibling),C.insertAdjacentHTML("beforeend",y)),t<r)for(n=a=I=n,O=r-t;I<=O?a<=O:O<=a;n=I<=O?++a:--a)C=C.parentNode;S.querySelector("span:first")&&S.querySelector("span:first").remove(),C.insertAdjacentHTML("beforeend","<li>"+S.innerHTML+"</li>"),S.remove(),r=t}else r=0;for(f=0,c=(x=e.querySelectorAll("[style]")).length;f<c;f++)(s=x[f]).removeAttribute("style");for(b=0,u=(E=e.querySelectorAll("[align]")).length;b<u;b++)(s=E[b]).removeAttribute("align");for(w=0,h=(j=e.querySelectorAll("span")).length;w<h;w++)(s=j[w]).outerHTML=s.innerHTML;for(T=0,m=(_=e.querySelectorAll("span:empty")).length;T<m;T++)(s=_[T]).remove();for(z=0,p=(M=e.querySelectorAll("[class^='Mso']")).length;z<p;z++)(s=M[z]).removeAttribute("class");for(q=0,g=(L=e.querySelectorAll("p:empty")).length;q<g;q++)(s=L[q]).remove();return e},m.prototype.removeAttribute=function(e){var t,s,n,o,i;if(e){for(i=[],s=0,n=(o=e.attributes).length;s<n;s++)t=o[s],i.push(e.removeAttribute(t.name));return i}},m.prototype.removeAttributes=function(e){for(var t,s=e.querySelectorAll("*"),n=0,o=s.length;n<o;n++)t=s[n],this.removeAttribute(t);return e},C.ZammadChat=m}(window),window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.loader=function(e){var t=[],s=(e=e||{}).safe,n=e.escape,n=(e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");e=new String(e);return e.ecoSafe=!0,e},n||(e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){t.push('<span class="zammad-chat-loading-animation">\n  <span class="zammad-chat-loading-circle"></span>\n  <span class="zammad-chat-loading-circle"></span>\n  <span class="zammad-chat-loading-circle"></span>\n</span>\n<span class="zammad-chat-modal-text">'),t.push(this.T("Connecting")),t.push("</span>")}.call(this)}.call(e),e.safe=s,e.escape=n,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.message=function(e){function t(e){return e&&e.ecoSafe?e:void 0!==e&&null!=e?o(e):""}var s=[],n=(e=e||{}).safe,o=e.escape,o=(e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");e=new String(e);return e.ecoSafe=!0,e},o||(e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){s.push('<div class="zammad-chat-message zammad-chat-message--'),s.push(t(this.from)),s.push(t(this.unreadClass)),s.push('">\n  <span class="zammad-chat-message-body"'),this.background&&"customer"===this.from&&s.push(t(" style='background: "+this.background+"'")),s.push(">"),s.push(this.message),s.push("</span>\n</div>")}.call(this)}.call(e),e.safe=n,e.escape=o,s.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.status=function(e){var t=[],s=(e=e||{}).safe,n=e.escape,n=(e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");e=new String(e);return e.ecoSafe=!0,e},n||(e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){t.push('<div class="zammad-chat-status">\n  <div class="zammad-chat-status-inner">\n    '),t.push(this.status),t.push("\n  </div>\n</div>")}.call(this)}.call(e),e.safe=s,e.escape=n,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.timestamp=function(e){function t(e){return e&&e.ecoSafe?e:void 0!==e&&null!=e?o(e):""}var s=[],n=(e=e||{}).safe,o=e.escape,o=(e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");e=new String(e);return e.ecoSafe=!0,e},o||(e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){s.push('<div class="zammad-chat-timestamp"><strong>'),s.push(t(this.label)),s.push("</strong> "),s.push(t(this.time)),s.push("</div>")}.call(this)}.call(e),e.safe=n,e.escape=o,s.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.typingIndicator=function(e){var t=[],s=(e=e||{}).safe,n=e.escape,n=(e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");e=new String(e);return e.ecoSafe=!0,e},n||(e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){t.push('<div class="zammad-chat-message zammad-chat-message--typing zammad-chat-message--agent">\n  <span class="zammad-chat-message-body">\n    <span class="zammad-chat-loading-animation">\n      <span class="zammad-chat-loading-circle"></span>\n      <span class="zammad-chat-loading-circle"></span>\n      <span class="zammad-chat-loading-circle"></span>\n    </span>\n  </span>\n</div>')}.call(this)}.call(e),e.safe=s,e.escape=n,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.waiting=function(e){var t=[],s=(e=e||{}).safe,n=e.escape,n=(e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");e=new String(e);return e.ecoSafe=!0,e},n||(e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){t.push('<div class="zammad-chat-modal-text">\n  <span class="zammad-chat-loading-animation">\n    <span class="zammad-chat-loading-circle"></span>\n    <span class="zammad-chat-loading-circle"></span>\n    <span class="zammad-chat-loading-circle"></span>\n  </span>\n  '),t.push(this.T("All colleagues are busy.")),t.push("<br>\n  "),t.push(this.T("You are on waiting list position <strong>%s</strong>.",this.position)),t.push("\n</div>")}.call(this)}.call(e),e.safe=s,e.escape=n,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.waiting_list_timeout=function(e){var t=[],s=(e=e||{}).safe,n=e.escape,n=(e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");e=new String(e);return e.ecoSafe=!0,e},n||(e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){var e;t.push('<div class="zammad-chat-modal-text">\n  '),t.push(this.T("We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!")),t.push('\n  <br>\n  <div class="zammad-chat-button js-restart"'),this.background&&t.push((e=" style='background: "+this.background+"'")&&e.ecoSafe?e:void 0!==e&&null!=e?n(e):""),t.push(">"),t.push(this.T("Start new conversation")),t.push("</div>\n</div>")}.call(this)}.call(e),e.safe=s,e.escape=n,t.join("")};
\ No newline at end of file
+window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.agent=function(e){e||(e={});var t=[],n=function(e){return e&&e.ecoSafe?e:void 0!==e&&null!=e?o(e):""},s=e.safe,o=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},o||(o=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){this.agent.avatar&&(t.push('\n<img class="zammad-chat-agent-avatar" src="'),t.push(n(this.agent.avatar)),t.push('">\n')),t.push('\n<span class="zammad-chat-agent-sentence">\n  <span class="zammad-chat-agent-name">'),t.push(n(this.agent.name)),t.push("</span>\n</span>")}).call(this)}.call(e),e.safe=s,e.escape=o,t.join("")},function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e=e||self).DOMPurify=t()}(this,function(){"use strict";var s=Object.hasOwnProperty,i=Object.setPrototypeOf,a=Object.isFrozen,o=Object.getPrototypeOf,r=Object.getOwnPropertyDescriptor,Me=Object.freeze,e=Object.seal,l=Object.create,t="undefined"!=typeof Reflect&&Reflect,c=t.apply,d=t.construct;c||(c=function(e,t,n){return e.apply(t,n)}),Me||(Me=function(e){return e}),e||(e=function(e){return e}),d||(d=function(e,t){return new(Function.prototype.bind.apply(e,[null].concat(function(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}(t))))});var u,Re=h(Array.prototype.forEach),je=h(Array.prototype.pop),He=h(Array.prototype.push),Ne=h(String.prototype.toLowerCase),qe=h(String.prototype.match),Pe=h(String.prototype.replace),Fe=h(String.prototype.indexOf),We=h(String.prototype.trim),Be=h(RegExp.prototype.test),Ue=(u=TypeError,function(){for(var e=arguments.length,t=Array(e),n=0;n<e;n++)t[n]=arguments[n];return d(u,t)});function h(o){return function(e){for(var t=arguments.length,n=Array(1<t?t-1:0),s=1;s<t;s++)n[s-1]=arguments[s];return c(o,e,n)}}function Ke(e,t){i&&i(e,null);for(var n=t.length;n--;){var s=t[n];if("string"==typeof s){var o=Ne(s);o!==s&&(a(t)||(t[n]=o),s=o)}e[s]=!0}return e}function Ye(e){var t=l(null),n=void 0;for(n in e)c(s,e,[n])&&(t[n]=e[n]);return t}function Qe(e,t){for(;null!==e;){var n=r(e,t);if(n){if(n.get)return h(n.get);if("function"==typeof n.value)return h(n.value)}e=o(e)}return function(e){return console.warn("fallback value for",e),null}}var Ve=Me(["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dialog","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","picture","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr"]),Ge=Me(["svg","a","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","style","switch","symbol","text","textpath","title","tref","tspan","view","vkern"]),Ze=Me(["feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feDistantLight","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","fePointLight","feSpecularLighting","feSpotLight","feTile","feTurbulence"]),Xe=Me(["animate","color-profile","cursor","discard","fedropshadow","feimage","font-face","font-face-format","font-face-name","font-face-src","font-face-uri","foreignobject","hatch","hatchpath","mesh","meshgradient","meshpatch","meshrow","missing-glyph","script","set","solidcolor","unknown","use"]),$e=Me(["math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmultiscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mspace","msqrt","mstyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover"]),Je=Me(["maction","maligngroup","malignmark","mlongdiv","mscarries","mscarry","msgroup","mstack","msline","msrow","semantics","annotation","annotation-xml","mprescripts","none"]),et=Me(["#text"]),tt=Me(["accept","action","align","alt","autocapitalize","autocomplete","autopictureinpicture","autoplay","background","bgcolor","border","capture","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","controls","controlslist","coords","crossorigin","datetime","decoding","default","dir","disabled","disablepictureinpicture","disableremoteplayback","download","draggable","enctype","enterkeyhint","face","for","headers","height","hidden","high","href","hreflang","id","inputmode","integrity","ismap","kind","label","lang","list","loading","loop","low","max","maxlength","media","method","min","minlength","multiple","muted","name","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","playsinline","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","sizes","span","srclang","start","src","srcset","step","style","summary","tabindex","title","translate","type","usemap","valign","value","width","xmlns","slot"]),nt=Me(["accent-height","accumulate","additive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","class","clip","clippathunits","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","filterunits","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","height","href","id","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lang","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","media","method","mode","min","name","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","preserveaspectratio","primitiveunits","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","startoffset","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","style","surfacescale","systemlanguage","tabindex","targetx","targety","transform","text-anchor","text-decoration","text-rendering","textlength","type","u1","u2","unicode","values","viewbox","visibility","version","vert-adv-y","vert-origin-x","vert-origin-y","width","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","xmlns","y","y1","y2","z","zoomandpan"]),st=Me(["accent","accentunder","align","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","dir","display","displaystyle","encoding","fence","frame","height","href","id","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","width","xmlns"]),ot=Me(["xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]),it=e(/\{\{[\s\S]*|[\s\S]*\}\}/gm),at=e(/<%[\s\S]*|[\s\S]*%>/gm),rt=e(/^data-[\-\w.\u00B7-\uFFFF]/),lt=e(/^aria-[\-\w]+$/),ct=e(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i),dt=e(/^(?:\w+script|data):/i),ut=e(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g),ht="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e};function mt(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}return function t(){var c=0<arguments.length&&void 0!==arguments[0]?arguments[0]:"undefined"==typeof window?null:window,u=function(e){return t(e)};if(u.version="2.3.1",u.removed=[],!c||!c.document||9!==c.document.nodeType)return u.isSupported=!1,u;var d=c.document,a=c.document,h=c.DocumentFragment,e=c.HTMLTemplateElement,m=c.Node,r=c.Element,n=c.NodeFilter,s=c.NamedNodeMap,l=void 0===s?c.NamedNodeMap||c.MozNamedAttrMap:s,p=c.Text,g=c.Comment,f=c.DOMParser,o=c.trustedTypes,i=r.prototype,y=Qe(i,"cloneNode"),v=Qe(i,"nextSibling"),b=Qe(i,"childNodes"),w=Qe(i,"parentNode");if("function"==typeof e){var S=a.createElement("template");S.content&&S.content.ownerDocument&&(a=S.content.ownerDocument)}var T=function(e,t){if("object"!==(void 0===e?"undefined":ht(e))||"function"!=typeof e.createPolicy)return null;var n=null,s="data-tt-policy-suffix";t.currentScript&&t.currentScript.hasAttribute(s)&&(n=t.currentScript.getAttribute(s));var o="dompurify"+(n?"#"+n:"");try{return e.createPolicy(o,{createHTML:function(e){return e}})}catch(e){return console.warn("TrustedTypes policy "+o+" could not be created."),null}}(o,d),C=T&&te?T.createHTML(""):"",k=a,z=k.implementation,A=k.createNodeIterator,L=k.createDocumentFragment,x=k.getElementsByTagName,O=d.importNode,E={};try{E=Ye(a).documentMode?a.documentMode:{}}catch(t){}var I={};u.isSupported="function"==typeof w&&z&&void 0!==z.createHTMLDocument&&9!==E;var _=it,D=at,M=rt,R=lt,j=dt,H=ut,N=ct,q=null,P=Ke({},[].concat(mt(Ve),mt(Ge),mt(Ze),mt($e),mt(et))),F=null,W=Ke({},[].concat(mt(tt),mt(nt),mt(st),mt(ot))),B=null,U=null,K=!0,Y=!0,Q=!1,V=!1,G=!1,Z=!1,X=!1,$=!1,J=!1,ee=!0,te=!1,ne=!0,se=!0,oe=!1,ie={},ae=null,re=Ke({},["annotation-xml","audio","colgroup","desc","foreignobject","head","iframe","math","mi","mn","mo","ms","mtext","noembed","noframes","noscript","plaintext","script","style","svg","template","thead","title","video","xmp"]),le=null,ce=Ke({},["audio","video","img","source","image","track"]),de=null,ue=Ke({},["alt","class","for","id","label","name","pattern","placeholder","role","summary","title","value","style","xmlns"]),he="http://www.w3.org/1998/Math/MathML",me="http://www.w3.org/2000/svg",pe="http://www.w3.org/1999/xhtml",ge=pe,fe=!1,ye=null,ve=a.createElement("form"),be=function(e){ye&&ye===e||(e&&"object"===(void 0===e?"undefined":ht(e))||(e={}),e=Ye(e),q="ALLOWED_TAGS"in e?Ke({},e.ALLOWED_TAGS):P,F="ALLOWED_ATTR"in e?Ke({},e.ALLOWED_ATTR):W,de="ADD_URI_SAFE_ATTR"in e?Ke(Ye(ue),e.ADD_URI_SAFE_ATTR):ue,le="ADD_DATA_URI_TAGS"in e?Ke(Ye(ce),e.ADD_DATA_URI_TAGS):ce,ae="FORBID_CONTENTS"in e?Ke({},e.FORBID_CONTENTS):re,B="FORBID_TAGS"in e?Ke({},e.FORBID_TAGS):{},U="FORBID_ATTR"in e?Ke({},e.FORBID_ATTR):{},ie="USE_PROFILES"in e&&e.USE_PROFILES,K=!1!==e.ALLOW_ARIA_ATTR,Y=!1!==e.ALLOW_DATA_ATTR,Q=e.ALLOW_UNKNOWN_PROTOCOLS||!1,V=e.SAFE_FOR_TEMPLATES||!1,G=e.WHOLE_DOCUMENT||!1,$=e.RETURN_DOM||!1,J=e.RETURN_DOM_FRAGMENT||!1,ee=!1!==e.RETURN_DOM_IMPORT,te=e.RETURN_TRUSTED_TYPE||!1,X=e.FORCE_BODY||!1,ne=!1!==e.SANITIZE_DOM,se=!1!==e.KEEP_CONTENT,oe=e.IN_PLACE||!1,N=e.ALLOWED_URI_REGEXP||N,ge=e.NAMESPACE||pe,V&&(Y=!1),J&&($=!0),ie&&(q=Ke({},[].concat(mt(et))),F=[],!0===ie.html&&(Ke(q,Ve),Ke(F,tt)),!0===ie.svg&&(Ke(q,Ge),Ke(F,nt),Ke(F,ot)),!0===ie.svgFilters&&(Ke(q,Ze),Ke(F,nt),Ke(F,ot)),!0===ie.mathMl&&(Ke(q,$e),Ke(F,st),Ke(F,ot))),e.ADD_TAGS&&(q===P&&(q=Ye(q)),Ke(q,e.ADD_TAGS)),e.ADD_ATTR&&(F===W&&(F=Ye(F)),Ke(F,e.ADD_ATTR)),e.ADD_URI_SAFE_ATTR&&Ke(de,e.ADD_URI_SAFE_ATTR),e.FORBID_CONTENTS&&(ae===re&&(ae=Ye(ae)),Ke(ae,e.FORBID_CONTENTS)),se&&(q["#text"]=!0),G&&Ke(q,["html","head","body"]),q.table&&(Ke(q,["tbody"]),delete B.tbody),Me&&Me(e),ye=e)},we=Ke({},["mi","mo","mn","ms","mtext"]),Se=Ke({},["foreignobject","desc","title","annotation-xml"]),Te=Ke({},Ge);Ke(Te,Ze),Ke(Te,Xe);var Ce=Ke({},$e);Ke(Ce,Je);var ke=function(t){He(u.removed,{element:t});try{t.parentNode.removeChild(t)}catch(e){try{t.outerHTML=C}catch(e){t.remove()}}},ze=function(e,t){try{He(u.removed,{attribute:t.getAttributeNode(e),from:t})}catch(e){He(u.removed,{attribute:null,from:t})}if(t.removeAttribute(e),"is"===e&&!F[e])if($||J)try{ke(t)}catch(e){}else try{t.setAttribute(e,"")}catch(e){}},Ae=function(e){var t=void 0,n=void 0;if(X)e="<remove></remove>"+e;else{var s=qe(e,/^[\r\n\t ]+/);n=s&&s[0]}var o=T?T.createHTML(e):e;if(ge===pe)try{t=(new f).parseFromString(o,"text/html")}catch(e){}if(!t||!t.documentElement){t=z.createDocument(ge,"template",null);try{t.documentElement.innerHTML=fe?"":o}catch(e){}}var i=t.body||t.documentElement;return e&&n&&i.insertBefore(a.createTextNode(n),i.childNodes[0]||null),ge===pe?x.call(t,G?"html":"body")[0]:G?t.documentElement:i},Le=function(e){return A.call(e.ownerDocument||e,e,n.SHOW_ELEMENT|n.SHOW_COMMENT|n.SHOW_TEXT,null,!1)},xe=function(e){return"object"===(void 0===m?"undefined":ht(m))?e instanceof m:e&&"object"===(void 0===e?"undefined":ht(e))&&"number"==typeof e.nodeType&&"string"==typeof e.nodeName},Oe=function(e,t,n){I[e]&&Re(I[e],function(e){e.call(u,t,n,ye)})},Ee=function(e){var t,n=void 0;if(Oe("beforeSanitizeElements",e,null),!((t=e)instanceof p||t instanceof g||"string"==typeof t.nodeName&&"string"==typeof t.textContent&&"function"==typeof t.removeChild&&t.attributes instanceof l&&"function"==typeof t.removeAttribute&&"function"==typeof t.setAttribute&&"string"==typeof t.namespaceURI&&"function"==typeof t.insertBefore))return ke(e),!0;if(qe(e.nodeName,/[\u0080-\uFFFF]/))return ke(e),!0;var s=Ne(e.nodeName);if(Oe("uponSanitizeElement",e,{tagName:s,allowedTags:q}),!xe(e.firstElementChild)&&(!xe(e.content)||!xe(e.content.firstElementChild))&&Be(/<[/\w]/g,e.innerHTML)&&Be(/<[/\w]/g,e.textContent))return ke(e),!0;if("select"===s&&Be(/<template/i,e.innerHTML))return ke(e),!0;if(!q[s]||B[s]){if(se&&!ae[s]){var o=w(e)||e.parentNode,i=b(e)||e.childNodes;if(i&&o)for(var a=i.length-1;0<=a;--a)o.insertBefore(y(i[a],!0),v(e))}return ke(e),!0}return e instanceof r&&!function(e){var t=w(e);t&&t.tagName||(t={namespaceURI:pe,tagName:"template"});var n=Ne(e.tagName),s=Ne(t.tagName);if(e.namespaceURI===me)return t.namespaceURI===pe?"svg"===n:t.namespaceURI===he?"svg"===n&&("annotation-xml"===s||we[s]):Boolean(Te[n]);if(e.namespaceURI===he)return t.namespaceURI===pe?"math"===n:t.namespaceURI===me?"math"===n&&Se[s]:Boolean(Ce[n]);if(e.namespaceURI===pe){if(t.namespaceURI===me&&!Se[s])return!1;if(t.namespaceURI===he&&!we[s])return!1;var o=Ke({},["title","style","font","a","script"]);return!Ce[n]&&(o[n]||!Te[n])}return!1}(e)?(ke(e),!0):"noscript"!==s&&"noembed"!==s||!Be(/<\/no(script|embed)/i,e.innerHTML)?(V&&3===e.nodeType&&(n=e.textContent,n=Pe(n,_," "),n=Pe(n,D," "),e.textContent!==n&&(He(u.removed,{element:e.cloneNode()}),e.textContent=n)),Oe("afterSanitizeElements",e,null),!1):(ke(e),!0)},Ie=function(e,t,n){if(ne&&("id"===t||"name"===t)&&(n in a||n in ve))return!1;if(Y&&!U[t]&&Be(M,t));else if(K&&Be(R,t));else{if(!F[t]||U[t])return!1;if(de[t]);else if(Be(N,Pe(n,H,"")));else if("src"!==t&&"xlink:href"!==t&&"href"!==t||"script"===e||0!==Fe(n,"data:")||!le[e])if(Q&&!Be(j,Pe(n,H,"")));else if(n)return!1}return!0},_e=function(e){var t=void 0,n=void 0,s=void 0,o=void 0;Oe("beforeSanitizeAttributes",e,null);var i=e.attributes;if(i){var a={attrName:"",attrValue:"",keepAttr:!0,allowedAttributes:F};for(o=i.length;o--;){var r=t=i[o],l=r.name,c=r.namespaceURI;if(n=We(t.value),s=Ne(l),a.attrName=s,a.attrValue=n,a.keepAttr=!0,a.forceKeepAttr=void 0,Oe("uponSanitizeAttribute",e,a),n=a.attrValue,!a.forceKeepAttr&&(ze(l,e),a.keepAttr))if(Be(/\/>/i,n))ze(l,e);else{V&&(n=Pe(n,_," "),n=Pe(n,D," "));var d=e.nodeName.toLowerCase();if(Ie(d,s,n))try{c?e.setAttributeNS(c,l,n):e.setAttribute(l,n),je(u.removed)}catch(e){}}}Oe("afterSanitizeAttributes",e,null)}},De=function e(t){var n=void 0,s=Le(t);for(Oe("beforeSanitizeShadowDOM",t,null);n=s.nextNode();)Oe("uponSanitizeShadowNode",n,null),Ee(n)||(n.content instanceof h&&e(n.content),_e(n));Oe("afterSanitizeShadowDOM",t,null)};return u.sanitize=function(e,t){var n=void 0,s=void 0,o=void 0,i=void 0,a=void 0;if((fe=!e)&&(e="\x3c!--\x3e"),"string"!=typeof e&&!xe(e)){if("function"!=typeof e.toString)throw Ue("toString is not a function");if("string"!=typeof(e=e.toString()))throw Ue("dirty is not a string, aborting")}if(!u.isSupported){if("object"===ht(c.toStaticHTML)||"function"==typeof c.toStaticHTML){if("string"==typeof e)return c.toStaticHTML(e);if(xe(e))return c.toStaticHTML(e.outerHTML)}return e}if(Z||be(t),u.removed=[],"string"==typeof e&&(oe=!1),oe);else if(e instanceof m)1===(s=(n=Ae("\x3c!----\x3e")).ownerDocument.importNode(e,!0)).nodeType&&"BODY"===s.nodeName||"HTML"===s.nodeName?n=s:n.appendChild(s);else{if(!$&&!V&&!G&&-1===e.indexOf("<"))return T&&te?T.createHTML(e):e;if(!(n=Ae(e)))return $?null:C}n&&X&&ke(n.firstChild);for(var r=Le(oe?e:n);o=r.nextNode();)3===o.nodeType&&o===i||Ee(o)||(o.content instanceof h&&De(o.content),_e(o),i=o);if(i=null,oe)return e;if($){if(J)for(a=L.call(n.ownerDocument);n.firstChild;)a.appendChild(n.firstChild);else a=n;return ee&&(a=O.call(d,a,!0)),a}var l=G?n.outerHTML:n.innerHTML;return V&&(l=Pe(l,_," "),l=Pe(l,D," ")),T&&te?T.createHTML(l):l},u.setConfig=function(e){be(e),Z=!0},u.clearConfig=function(){ye=null,Z=!1},u.isValidAttribute=function(e,t,n){ye||be({});var s=Ne(e),o=Ne(t);return Ie(s,o,n)},u.addHook=function(e,t){"function"==typeof t&&(I[e]=I[e]||[],He(I[e],t))},u.removeHook=function(e){I[e]&&je(I[e])},u.removeHooks=function(e){I[e]&&(I[e]=[])},u.removeAllHooks=function(){I={}},u}()});var extend=function(e,t){for(var n in t)hasProp.call(t,n)&&(e[n]=t[n]);function s(){this.constructor=e}return s.prototype=t.prototype,e.prototype=new s,e.__super__=t.prototype,e},hasProp={}.hasOwnProperty,bind=function(e,t){return function(){return e.apply(t,arguments)}},slice=[].slice;!function(O){var s,n,o,i,a,e,r,l,c,d;r=(d=document.getElementsByTagName("script"))[d.length-1],c=O.location.protocol.replace(":",""),r&&r.src&&(l=r.src.match(".*://([^:/]*).*")[1],c=r.src.match("(.*)://[^:/]*.*")[1]),n=function(){function e(e){var t,n,s;for(t in this.options={},n=this.defaults)s=n[t],this.options[t]=s;for(t in e)s=e[t],this.options[t]=s}return e.prototype.defaults={debug:!1},e}(),s=function(e){function t(e){t.__super__.constructor.call(this,e),this.log=new i({debug:this.options.debug,logPrefix:this.options.logPrefix||this.logPrefix})}return extend(t,n),t}(),i=function(e){function t(){return this.log=bind(this.log,this),this.error=bind(this.error,this),this.notice=bind(this.notice,this),this.debug=bind(this.debug,this),t.__super__.constructor.apply(this,arguments)}return extend(t,n),t.prototype.debug=function(){var e;if(e=1<=arguments.length?slice.call(arguments,0):[],this.options.debug)return this.log("debug",e)},t.prototype.notice=function(){var e;return e=1<=arguments.length?slice.call(arguments,0):[],this.log("notice",e)},t.prototype.error=function(){var e;return e=1<=arguments.length?slice.call(arguments,0):[],this.log("error",e)},t.prototype.log=function(e,t){var n,s,o,i,a;if(t.unshift("||"),t.unshift(e),t.unshift(this.options.logPrefix),console.log.apply(console,t),this.options.debug){for(a="",o=0,i=t.length;o<i;o++)a+=" ","object"==typeof(s=t[o])?a+=JSON.stringify(s):s&&s.toString?a+=s.toString():a+=s;return(n=document.querySelector(".js-chatLogDisplay"))?n.innerHTML="<div>"+a+"</div>"+n.innerHTML:void 0}},t}(),a=function(e){function t(){return this.stop=bind(this.stop,this),this.start=bind(this.start,this),t.__super__.constructor.apply(this,arguments)}return extend(t,s),t.prototype.timeoutStartedAt=null,t.prototype.logPrefix="timeout",t.prototype.defaults={debug:!1,timeout:4,timeoutIntervallCheck:.5},t.prototype.start=function(){var e,t,n;return this.stop(),t=new Date,e=function(){var e;if(e=new Date-new Date(t.getTime()+1e3*n.options.timeout*60),n.log.debug("Timeout check for "+n.options.timeout+" minutes (left "+e/1e3+" sec.)"),!(e<0))return n.stop(),n.options.callback()},(n=this).log.debug("Start timeout in "+this.options.timeout+" minutes"),this.intervallId=setInterval(e,1e3*this.options.timeoutIntervallCheck*60)},t.prototype.stop=function(){if(this.intervallId)return this.log.debug("Stop timeout of "+this.options.timeout+" minutes"),clearInterval(this.intervallId)},t}(),o=function(e){function t(){return this.ping=bind(this.ping,this),this.send=bind(this.send,this),this.reconnect=bind(this.reconnect,this),this.close=bind(this.close,this),this.connect=bind(this.connect,this),this.set=bind(this.set,this),t.__super__.constructor.apply(this,arguments)}return extend(t,s),t.prototype.logPrefix="io",t.prototype.set=function(e){var t,n,s;for(t in n=[],e)s=e[t],n.push(this.options[t]=s);return n},t.prototype.connect=function(){var t,o,n,s;return this.log.debug("Connecting to "+this.options.host),this.ws=new O.WebSocket(""+this.options.host),this.ws.onopen=(t=this,function(e){return t.log.debug("onOpen",e),t.options.onOpen(e),t.ping()}),this.ws.onmessage=(o=this,function(e){var t,n,s;for(s=JSON.parse(e.data),o.log.debug("onMessage",e.data),t=0,n=s.length;t<n;t++)"pong"===s[t].event&&o.ping();if(o.options.onMessage)return o.options.onMessage(s)}),this.ws.onclose=(n=this,function(e){if(n.log.debug("close websocket connection",e),n.pingDelayId&&clearTimeout(n.pingDelayId),n.manualClose){if(n.log.debug("manual close, onClose callback"),n.manualClose=!1,n.options.onClose)return n.options.onClose(e)}else if(n.log.debug("error close, onError callback"),n.options.onError)return n.options.onError("Connection lost...")}),this.ws.onerror=(s=this,function(e){if(s.log.debug("onError",e),s.options.onError)return s.options.onError(e)})},t.prototype.close=function(){return this.log.debug("close websocket manually"),this.manualClose=!0,this.ws.close()},t.prototype.reconnect=function(){return this.log.debug("reconnect"),this.close(),this.connect()},t.prototype.send=function(e,t){var n;return null==t&&(t={}),this.log.debug("send",e,t),n=JSON.stringify({event:e,data:t}),this.ws.send(n)},t.prototype.ping=function(){var e,t;return e=function(){return t.send("ping")},(t=this).pingDelayId=setTimeout(e,29e3)},t}(),e=function(e){function n(e){return this.removeAttributes=bind(this.removeAttributes,this),this.startTimeoutObservers=bind(this.startTimeoutObservers,this),this.onCssLoaded=bind(this.onCssLoaded,this),this.setAgentOnlineState=bind(this.setAgentOnlineState,this),this.onConnectionEstablished=bind(this.onConnectionEstablished,this),this.setSessionId=bind(this.setSessionId,this),this.onConnectionReestablished=bind(this.onConnectionReestablished,this),this.reconnect=bind(this.reconnect,this),this.destroy=bind(this.destroy,this),this.onScrollHintClick=bind(this.onScrollHintClick,this),this.detectScrolledtoBottom=bind(this.detectScrolledtoBottom,this),this.onLeaveTemporary=bind(this.onLeaveTemporary,this),this.onAgentTypingEnd=bind(this.onAgentTypingEnd,this),this.onAgentTypingStart=bind(this.onAgentTypingStart,this),this.onQueue=bind(this.onQueue,this),this.onQueueScreen=bind(this.onQueueScreen,this),this.onWebSocketClose=bind(this.onWebSocketClose,this),this.onCloseAnimationEnd=bind(this.onCloseAnimationEnd,this),this.close=bind(this.close,this),this.toggle=bind(this.toggle,this),this.sessionClose=bind(this.sessionClose,this),this.onOpenAnimationEnd=bind(this.onOpenAnimationEnd,this),this.open=bind(this.open,this),this.renderMessage=bind(this.renderMessage,this),this.receiveMessage=bind(this.receiveMessage,this),this.onSubmit=bind(this.onSubmit,this),this.onInput=bind(this.onInput,this),this.onReopenSession=bind(this.onReopenSession,this),this.onError=bind(this.onError,this),this.onWebSocketMessage=bind(this.onWebSocketMessage,this),this.send=bind(this.send,this),this.onKeydown=bind(this.onKeydown,this),this.onPaste=bind(this.onPaste,this),this.onDrop=bind(this.onDrop,this),this.render=bind(this.render,this),this.view=bind(this.view,this),this.T=bind(this.T,this),n.__super__.constructor.call(this,e),"undefined"!=typeof jQuery&&this.options.target instanceof jQuery&&(this.log.notice("Chat: target option is a jQuery object. jQuery is not a requirement for the chat any more."),this.options.target=this.options.target.get(0)),this.isFullscreen=O.matchMedia&&O.matchMedia("(max-width: 768px)").matches,this.scrollRoot=this.getScrollRoot(),O.WebSocket&&sessionStorage?this.options.chatId?(this.options.lang||(this.options.lang=document.documentElement.getAttribute("lang")),this.options.lang&&(this.translations[this.options.lang]||(this.log.debug("lang: No "+this.options.lang+" found, try first two letters"),this.options.lang=this.options.lang.replace(/-.+?$/,"")),this.log.debug("lang: "+this.options.lang)),this.options.host||this.detectHost(),this.loadCss(),this.io=new o(this.options),this.io.set({onOpen:this.render,onClose:this.onWebSocketClose,onMessage:this.onWebSocketMessage,onError:this.onError}),void this.io.connect()):(this.state="unsupported",void this.log.error("Chat: need chatId as option!")):(this.state="unsupported",void this.log.notice("Chat: Browser not supported!"))}return extend(n,s),n.prototype.defaults={chatId:void 0,show:!0,target:document.querySelector("body"),host:"",debug:!1,flat:!1,lang:void 0,cssAutoload:!0,cssUrl:void 0,fontSize:void 0,buttonClass:"open-zammad-chat",inactiveClass:"is-inactive",title:"<strong>Chat</strong> with us!",scrollHint:"Scroll down to see new messages",idleTimeout:6,idleTimeoutIntervallCheck:.5,inactiveTimeout:8,inactiveTimeoutIntervallCheck:.5,waitingListTimeout:4,waitingListTimeoutIntervallCheck:.5,onReady:void 0,onCloseAnimationEnd:void 0,onError:void 0,onOpenAnimationEnd:void 0,onConnectionReestablished:void 0,onSessionClosed:void 0,onConnectionEstablished:void 0,onCssLoaded:void 0},n.prototype.logPrefix="chat",n.prototype._messageCount=0,n.prototype.isOpen=!1,n.prototype.blinkOnlineInterval=null,n.prototype.stopBlinOnlineStateTimeout=null,n.prototype.showTimeEveryXMinutes=2,n.prototype.lastTimestamp=null,n.prototype.lastAddedType=null,n.prototype.inputDisabled=!1,n.prototype.inputTimeout=null,n.prototype.isTyping=!1,n.prototype.state="offline",n.prototype.initialQueueDelay=1e4,n.prototype.translations={da:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> med os!","Scroll down to see new messages":"Scroll ned for at se nye beskeder",Online:"Online",Offline:"Offline",Connecting:"Forbinder","Connection re-established":"Forbindelse genoprettet",Today:"I dag",Send:"Send","Chat closed by %s":"Chat lukket af %s","Compose your message...":"Skriv en besked...","All colleagues are busy.":"Alle kollegaer er optaget.","You are on waiting list position <strong>%s</strong>.":"Du er i venteliste som nummer <strong>%s</strong>.","Start new conversation":"Start en ny samtale","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Da du ikke har svaret i de sidste %s minutter er din samtale med <strong>%s</strong> blevet lukket.","Since you didn't respond in the last %s minutes your conversation got closed.":"Da du ikke har svaret i de sidste %s minutter er din samtale blevet lukket.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi beklager, det tager længere end forventet at få en ledig plads. Prøv venligst igen senere eller send os en e-mail. På forhånd tak!"},de:{"<strong>Chat</strong> with us!":"<strong>Chatte</strong> mit uns!","Scroll down to see new messages":"Scrolle nach unten um neue Nachrichten zu sehen",Online:"Online",Offline:"Offline",Connecting:"Verbinden","Connection re-established":"Verbindung wiederhergestellt",Today:"Heute",Send:"Senden","Chat closed by %s":"Chat beendet von %s","Compose your message...":"Ihre Nachricht...","All colleagues are busy.":"Alle Kollegen sind belegt.","You are on waiting list position <strong>%s</strong>.":"Sie sind in der Warteliste an der Position <strong>%s</strong>.","Start new conversation":"Neue Konversation starten","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Da Sie in den letzten %s Minuten nichts geschrieben haben wurde Ihre Konversation mit <strong>%s</strong> geschlossen.","Since you didn't respond in the last %s minutes your conversation got closed.":"Da Sie in den letzten %s Minuten nichts geschrieben haben wurde Ihre Konversation geschlossen.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Es tut uns leid, es dauert länger als erwartet, um einen freien Platz zu erhalten. Bitte versuchen Sie es zu einem späteren Zeitpunkt noch einmal oder schicken Sie uns eine E-Mail. Vielen Dank!"},es:{"<strong>Chat</strong> with us!":"<strong>Chatee</strong> con nosotros!","Scroll down to see new messages":"Haga scroll hacia abajo para ver nuevos mensajes",Online:"En linea",Offline:"Desconectado",Connecting:"Conectando","Connection re-established":"Conexión restablecida",Today:"Hoy",Send:"Enviar","Chat closed by %s":"Chat cerrado por %s","Compose your message...":"Escriba su mensaje...","All colleagues are busy.":"Todos los agentes están ocupados.","You are on waiting list position <strong>%s</strong>.":"Usted está en la posición <strong>%s</strong> de la lista de espera.","Start new conversation":"Iniciar nueva conversación","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Puesto que usted no respondió en los últimos %s minutos su conversación con <strong>%s</strong> se ha cerrado.","Since you didn't respond in the last %s minutes your conversation got closed.":"Puesto que usted no respondió en los últimos %s minutos su conversación se ha cerrado.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Lo sentimos, se tarda más tiempo de lo esperado para ser atendido por un agente. Inténtelo de nuevo más tarde o envíenos un correo electrónico. ¡Gracias!"},fi:{"<strong>Chat</strong> with us!":"<strong>Keskustele</strong> kanssamme!","Scroll down to see new messages":"Rullaa alas nähdäksesi uudet viestit",Online:"Paikalla",Offline:"Poissa",Connecting:"Yhdistetään","Connection re-established":"Yhteys muodostettu uudelleen",Today:"Tänään",Send:"Lähetä","Chat closed by %s":"%s sulki keskustelun","Compose your message...":"Luo viestisi...","All colleagues are busy.":"Kaikki kollegat ovat varattuja.","You are on waiting list position <strong>%s</strong>.":"Olet odotuslistalla sijalla <strong>%s</strong>.","Start new conversation":"Aloita uusi keskustelu","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Koska et vastannut viimeiseen %s minuuttiin, keskustelusi <strong>%s</strong> kanssa suljettiin.","Since you didn't respond in the last %s minutes your conversation got closed.":"Koska et vastannut viimeiseen %s minuuttiin, keskustelusi suljettiin.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Olemme pahoillamme, tyhjän paikan vapautumisessa kestää odotettua pidempään. Ole hyvä ja yritä myöhemmin uudestaan tai lähetä meille sähköpostia. Kiitos!"},fr:{"<strong>Chat</strong> with us!":"<strong>Chattez</strong> avec nous!","Scroll down to see new messages":"Faites défiler pour lire les nouveaux messages",Online:"En-ligne",Offline:"Hors-ligne",Connecting:"Connexion en cours","Connection re-established":"Connexion rétablie",Today:"Aujourdhui",Send:"Envoyer","Chat closed by %s":"Chat fermé par %s","Compose your message...":"Composez votre message...","All colleagues are busy.":"Tous les collaborateurs sont occupés actuellement.","You are on waiting list position <strong>%s</strong>.":"Vous êtes actuellement en position <strong>%s</strong> dans la file d'attente.","Start new conversation":"Démarrer une nouvelle conversation","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Si vous ne répondez pas dans les <strong>%s</strong> minutes, votre conversation avec %s sera fermée.","Since you didn't respond in the last %s minutes your conversation got closed.":"Si vous ne répondez pas dans les %s minutes, votre conversation va être fermée.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Nous sommes désolés, il faut plus de temps que prévu pour obtenir un emplacement vide. Veuillez réessayer ultérieurement ou nous envoyer un courriel. Nous vous remercions!"},he:{"<strong>Chat</strong> with us!":"<strong>שוחח</strong>איתנו!","Scroll down to see new messages":"גלול מטה כדי לראות הודעות חדשות",Online:"מחובר",Offline:"מנותק",Connecting:"מתחבר","Connection re-established":"החיבור שוחזר",Today:"היום",Send:"שלח","Chat closed by %s":'הצאט נסגר ע"י %s',"Compose your message...":"כתוב את ההודעה שלך ...","All colleagues are busy.":"כל הנציגים תפוסים","You are on waiting list position <strong>%s</strong>.":"מיקומך בתור <strong>%s</strong>.","Start new conversation":"התחל שיחה חדשה","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"מכיוון שלא הגבת במהלך %s דקות השיחה שלך עם <strong>%s</strong> נסגרה.","Since you didn't respond in the last %s minutes your conversation got closed.":"מכיוון שלא הגבת במהלך %s הדקות האחרונות השיחה שלך נסגרה.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":'מצטערים, הזמן לקבלת נציג ארוך מהרגיל. נסה שוב מאוחר יותר או שלח לנו דוא"ל. תודה!'},hu:{"<strong>Chat</strong> with us!":"<strong>Chatelj</strong> velünk!","Scroll down to see new messages":"Görgess lejjebb az újabb üzenetekért",Online:"Online",Offline:"Offline",Connecting:"Csatlakozás","Connection re-established":"Újracsatlakozás",Today:"Ma",Send:"Küldés","Chat closed by %s":"A beszélgetést lezárta %s","Compose your message...":"Írj üzenetet...","All colleagues are busy.":"Jelenleg minden kollégánk elfoglalt.","You are on waiting list position <strong>%s</strong>.":"A várólistán a <strong>%s</strong>. pozícióban várakozol.","Start new conversation":"Új beszélgetés indítása","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Mivel %s perce nem érkezett újabb üzenet, ezért a <strong>%s</strong> kollégával folytatott beszéletést lezártuk.","Since you didn't respond in the last %s minutes your conversation got closed.":"Mivel %s perce nem érkezett válasz, a beszélgetés lezárult.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Sajnáljuk, de a várakozási idő hosszabb a szokásosnál. Kérlek próbáld újra, vagy írd meg kérdésed emailben. Köszönjük!"},nl:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> met ons!","Scroll down to see new messages":"Scrol naar beneden om nieuwe berichten te zien",Online:"Online",Offline:"Offline",Connecting:"Verbinden","Connection re-established":"Verbinding herstelt",Today:"Vandaag",Send:"Verzenden","Chat closed by %s":"Chat gesloten door %s","Compose your message...":"Typ uw bericht...","All colleagues are busy.":"Alle medewerkers zijn bezet.","You are on waiting list position <strong>%s</strong>.":"U bent <strong>%s</strong> in de wachtrij.","Start new conversation":"Nieuwe conversatie starten","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Omdat u in de laatste %s minuten niets geschreven heeft wordt de conversatie met <strong>%s</strong> gesloten.","Since you didn't respond in the last %s minutes your conversation got closed.":"Omdat u in de laatste %s minuten niets geschreven heeft is de conversatie gesloten.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Het spijt ons, het duurt langer dan verwacht om te antwoorden. Alstublieft probeer het later nogmaals of stuur ons een email. Hartelijk dank!"},it:{"<strong>Chat</strong> with us!":"<strong>Chatta</strong> con noi!","Scroll down to see new messages":"Scorrere verso il basso per vedere i nuovi messaggi",Online:"Online",Offline:"Offline",Connecting:"Collegamento","Connection re-established":"Collegamento ristabilito",Today:"Oggi",Send:"Invio","Chat closed by %s":"Conversazione chiusa da %s","Compose your message...":"Comporre il tuo messaggio...","All colleagues are busy.":"Tutti i colleghi sono occupati.","You are on waiting list position <strong>%s</strong>.":"Siete in posizione lista d' attesa <strong>%s</strong>.","Start new conversation":"Avviare una nuova conversazione","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Dal momento che non hai risposto negli ultimi %s minuti la tua conversazione con <strong>%s</strong> si è chiusa.","Since you didn't respond in the last %s minutes your conversation got closed.":"Dal momento che non hai risposto negli ultimi %s minuti la tua conversazione si è chiusa.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Ci dispiace, ci vuole più tempo come previsto per ottenere uno slot vuoto. Per favore riprova più tardi o inviaci un' e-mail. Grazie!"},pl:{"<strong>Chat</strong> with us!":"<strong>Czatuj</strong> z nami!","Scroll down to see new messages":"Przewiń w dół, aby wyświetlić nowe wiadomości",Online:"Online",Offline:"Offline",Connecting:"Łączenie","Connection re-established":"Ponowne nawiązanie połączenia",Today:"dzisiejszy",Send:"Wyślij","Chat closed by %s":"Czat zamknięty przez %s","Compose your message...":"Utwórz swoją wiadomość...","All colleagues are busy.":"Wszyscy konsultanci są zajęci.","You are on waiting list position <strong>%s</strong>.":"Na liście oczekujących znajduje się pozycja <strong>%s</strong>.","Start new conversation":"Rozpoczęcie nowej konwersacji","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Ponieważ w ciągu ostatnich %s minut nie odpowiedziałeś, Twoja rozmowa z <strong>%s</strong> została zamknięta.","Since you didn't respond in the last %s minutes your conversation got closed.":"Ponieważ nie odpowiedziałeś w ciągu ostatnich %s minut, Twoja rozmowa została zamknięta.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Przykro nam, ale to trwa dłużej niż się spodziewamy. Spróbuj ponownie później lub wyślij nam wiadomość e-mail. Dziękuję!"},"pt-br":{"<strong>Chat</strong> with us!":"<strong>Chat</strong> fale conosco!","Scroll down to see new messages":"Role para baixo, para ver nosvas mensagens",Online:"Online",Offline:"Desconectado",Connecting:"Conectando","Connection re-established":"Conexão restabelecida",Today:"Hoje",Send:"Enviar","Chat closed by %s":"Chat encerrado por %s","Compose your message...":"Escreva sua mensagem...","All colleagues are busy.":"Todos os agentes estão ocupados.","You are on waiting list position <strong>%s</strong>.":"Você está na posição <strong>%s</strong> na fila de espera.","Start new conversation":"Iniciar uma nova conversa","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Como você não respondeu nos últimos %s minutos sua conversa com <strong>%s</strong> foi encerrada.","Since you didn't respond in the last %s minutes your conversation got closed.":"Como você não respondeu nos últimos %s minutos sua conversa foi encerrada.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Desculpe, mas o tempo de espera por um agente foi excedido. Tente novamente mais tarde ou nós envie um email. Obrigado"},"zh-cn":{"<strong>Chat</strong> with us!":"发起<strong>即时对话</strong>!","Scroll down to see new messages":"向下滚动以查看新消息",Online:"在线",Offline:"离线",Connecting:"连接中","Connection re-established":"正在重新建立连接",Today:"今天",Send:"发送","Chat closed by %s":"Chat closed by %s","Compose your message...":"正在输入信息...","All colleagues are busy.":"所有工作人员都在忙碌中.","You are on waiting list position <strong>%s</strong>.":"您目前的等候位置是第 <strong>%s</strong> 位.","Start new conversation":"开始新的会话","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"由于您超过 %s 分钟没有回复, 您与 <strong>%s</strong> 的会话已被关闭.","Since you didn't respond in the last %s minutes your conversation got closed.":"由于您超过 %s 分钟没有任何回复, 该对话已被关闭.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"非常抱歉, 目前需要等候更长的时间才能接入对话, 请稍后重试或向我们发送电子邮件. 谢谢!"},"zh-tw":{"<strong>Chat</strong> with us!":"開始<strong>即時對话</strong>!","Scroll down to see new messages":"向下滑動以查看新訊息",Online:"線上",Offline:"离线",Connecting:"連線中","Connection re-established":"正在重新建立連線中",Today:"今天",Send:"發送","Chat closed by %s":"Chat closed by %s","Compose your message...":"正在輸入訊息...","All colleagues are busy.":"所有服務人員都在忙碌中.","You are on waiting list position <strong>%s</strong>.":"你目前的等候位置是第 <strong>%s</strong> 順位.","Start new conversation":"開始新的對話","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"由於你超過 %s 分鐘沒有回應, 你與 <strong>%s</strong> 的對話已被關閉.","Since you didn't respond in the last %s minutes your conversation got closed.":"由於你超過 %s 分鐘沒有任何回應, 該對話已被關閉.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"非常抱歉, 當前需要等候更長的時間方可排入對話程序, 請稍後重試或向我們寄送電子郵件. 謝謝!"},ru:{"<strong>Chat</strong> with us!":"Напишите нам!","Scroll down to see new messages":"Прокрутите, чтобы увидеть новые сообщения",Online:"Онлайн",Offline:"Оффлайн",Connecting:"Подключение","Connection re-established":"Подключение восстановлено",Today:"Сегодня",Send:"Отправить","Chat closed by %s":"%s закрыл чат","Compose your message...":"Напишите сообщение...","All colleagues are busy.":"Все сотрудники заняты","You are on waiting list position %s.":"Вы в списке ожидания под номером %s","Start new conversation":"Начать новую переписку.","Since you didn't respond in the last %s minutes your conversation with %s got closed.":"Поскольку вы не отвечали в течение последних %s минут, ваш разговор с %s был закрыт.","Since you didn't respond in the last %s minutes your conversation got closed.":"Поскольку вы не отвечали в течение последних %s минут, ваш разговор был закрыт.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"К сожалению, ожидание свободного места требует больше времени. Повторите попытку позже или отправьте нам электронное письмо. Спасибо!"},sv:{"<strong>Chat</strong> with us!":"<strong>Chatta</strong> med oss!","Scroll down to see new messages":"Rulla ner för att se nya meddelanden",Online:"Online",Offline:"Offline",Connecting:"Ansluter","Connection re-established":"Anslutningen återupprättas",Today:"I dag",Send:"Skicka","Chat closed by %s":"Chatt stängd av %s","Compose your message...":"Skriv ditt meddelande...","All colleagues are busy.":"Alla kollegor är upptagna.","You are on waiting list position <strong>%s</strong>.":"Du är på väntelistan som position <strong>%s</strong>.","Start new conversation":"Starta ny konversation","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Eftersom du inte svarat inom %s minuterna i din konversation med <strong>%s</strong> så stängdes chatten.","Since you didn't respond in the last %s minutes your conversation got closed.":"Då du inte svarat inom de senaste %s minuterna så avslutades din chatt.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi är ledsna, det tar längre tid som förväntat att få en ledig plats. Försök igen senare eller skicka ett e-postmeddelande till oss. Tack!"},no:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> med oss!","Scroll down to see new messages":"Bla ned for å se nye meldinger",Online:"Pålogget",Offline:"Avlogget",Connecting:"Koble til","Connection re-established":"Tilkoblingen er gjenopprettet",Today:"I dag",Send:"Send","Chat closed by %s":"Chat avsluttes om %s","Compose your message...":"Skriv din melding...","All colleagues are busy.":"Alle våre kolleger er for øyeblikket opptatt.","You are on waiting list position <strong>%s</strong>.":"Du står nå i kø og er nr. <strong>%s</strong> på ventelisten.","Start new conversation":"Start en ny samtale","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene av samtalen, vil samtalen med  <strong>%s</strong> nå avsluttes.","Since you didn't respond in the last %s minutes your conversation got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene, har samtalen nå blitt avsluttet.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi beklager, men det tar lengre tid enn vanlig å få en ledig plass i vår chat. Vennligst prøv igjen på et senere tidspunkt eller send oss en e-post. Tusen takk!"},nb:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> med oss!","Scroll down to see new messages":"Bla ned for å se nye meldinger",Online:"Pålogget",Offline:"Avlogget",Connecting:"Koble til","Connection re-established":"Tilkoblingen er gjenopprettet",Today:"I dag",Send:"Send","Chat closed by %s":"Chat avsluttes om %s","Compose your message...":"Skriv din melding...","All colleagues are busy.":"Alle våre kolleger er for øyeblikket opptatt.","You are on waiting list position <strong>%s</strong>.":"Du står nå i kø og er nr. <strong>%s</strong> på ventelisten.","Start new conversation":"Start en ny samtale","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene av samtalen, vil samtalen med  <strong>%s</strong> nå avsluttes.","Since you didn't respond in the last %s minutes your conversation got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene, har samtalen nå blitt avsluttet.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi beklager, men det tar lengre tid enn vanlig å få en ledig plass i vår chat. Vennligst prøv igjen på et senere tidspunkt eller send oss en e-post. Tusen takk!"},el:{"<strong>Chat</strong> with us!":"<strong>Επικοινωνήστε</strong> μαζί μας!","Scroll down to see new messages":"Μεταβείτε κάτω για να δείτε τα νέα μηνύματα",Online:"Σε σύνδεση",Offline:"Αποσυνδεμένος",Connecting:"Σύνδεση","Connection re-established":"Η σύνδεση αποκαταστάθηκε",Today:"Σήμερα",Send:"Αποστολή","Chat closed by %s":"Η συνομιλία έκλεισε από τον/την %s","Compose your message...":"Γράψτε το μήνυμα σας...","All colleagues are busy.":"Όλοι οι συνάδελφοι μας είναι απασχολημένοι.","You are on waiting list position <strong>%s</strong>.":"Βρίσκεστε σε λίστα αναμονής στη θέση <strong>%s</strong>.","Start new conversation":"Έναρξη νέας συνομιλίας","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Από τη στιγμή που δεν απαντήσατε τα τελευταία %s λεπτά η συνομιλία σας με τον/την <strong>%s</strong> έκλεισε.","Since you didn't respond in the last %s minutes your conversation got closed.":"Από τη στιγμή που δεν απαντήσατε τα τελευταία %s λεπτά η συνομιλία σας έκλεισε.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Λυπούμαστε που χρειάζεται περισσότερος χρόνος από τον αναμενόμενο για να βρεθεί μία κενή θέση. Παρακαλούμε δοκιμάστε ξανά αργότερα ή στείλτε μας ένα email. Ευχαριστούμε!"}},n.prototype.sessionId=void 0,n.prototype.scrolledToBottom=!0,n.prototype.scrollSnapTolerance=10,n.prototype.richTextFormatKey={66:!0,73:!0,85:!0,83:!0},n.prototype.T=function(){var e,t,n,s,o,i;if(o=arguments[0],t=2<=arguments.length?slice.call(arguments,1):[],this.options.lang&&"en"!==this.options.lang&&(this.translations[this.options.lang]?((i=this.translations[this.options.lang])[o]||this.log.notice("Translation needed for '"+o+"'"),o=i[o]||o):this.log.notice("Translation '"+this.options.lang+"' needed!")),t)for(n=0,s=t.length;n<s;n++)e=t[n],o=o.replace(/%s/,e);return o},n.prototype.view=function(t){return n=this,function(e){return e||(e={}),e.T=n.T,e.background=n.options.background,e.flat=n.options.flat,e.fontSize=n.options.fontSize,O.zammadChatTemplates[t](e)};var n},n.prototype.getScrollRoot=function(){var e,t,n;return"scrollingElement"in document?document.scrollingElement:(t=document.documentElement,n=parseInt(t.pageYOffset,10),t.pageYOffset=n+1,e=parseInt(t.pageYOffset,10),(t.pageYOffset=n)<e?t:document.body)},n.prototype.render=function(){var e;return this.el&&document.querySelector(".zammad-chat")||this.renderBase(),(e=document.querySelector("."+this.options.buttonClass))&&e.classList.add(this.options.inactiveClass),this.setAgentOnlineState("online"),this.log.debug("widget rendered"),this.startTimeoutObservers(),this.idleTimeout.start(),this.sessionId=sessionStorage.getItem("sessionId"),this.send("chat_status_customer",{session_id:this.sessionId,url:O.location.href})},n.prototype.renderBase=function(){return this.el&&this.el.remove(),this.options.target.insertAdjacentHTML("beforeend",this.view("chat")({title:this.options.title,scrollHint:this.options.scrollHint})),this.el=this.options.target.querySelector(".zammad-chat"),this.input=this.el.querySelector(".zammad-chat-input"),this.body=this.el.querySelector(".zammad-chat-body"),this.el.querySelector(".js-chat-open").addEventListener("click",this.open),this.el.querySelector(".js-chat-toggle").addEventListener("click",this.toggle),this.el.querySelector(".js-chat-status").addEventListener("click",this.stopPropagation),this.el.querySelector(".zammad-chat-controls").addEventListener("submit",this.onSubmit),this.body.addEventListener("scroll",this.detectScrolledtoBottom),this.el.querySelector(".zammad-scroll-hint").addEventListener("click",this.onScrollHintClick),this.input.addEventListener("keydown",this.onKeydown),this.input.addEventListener("input",this.onInput),this.input.addEventListener("paste",this.onPaste),this.input.addEventListener("drop",this.onDrop),O.addEventListener("beforeunload",this.onLeaveTemporary),O.addEventListener("hashchange",(e=this,function(){if(!e.isOpen)return e.idleTimeout.start();e.sessionId&&e.send("chat_session_notice",{session_id:e.sessionId,message:O.location.href})}));var e},n.prototype.stopPropagation=function(e){return e.stopPropagation()},n.prototype.onDrop=function(e){var t,n,s,a,r,l;if(e.stopPropagation(),e.preventDefault(),O.dataTransfer)t=O.dataTransfer;else{if(!e.dataTransfer)throw"No clipboardData support";t=e.dataTransfer}if(a=e.clientX,r=e.clientY,(n=t.files[0]).type.match("image.*"))return(s=new FileReader).onload=(l=this,function(e){var t;return t=function(e,t){var n,s,o,i;return l.isRetina()&&(t/=2),i=e,(n=new Image).style.width="100%",n.style.maxWidth=t+"px",n.src=i,document.caretPositionFromPoint?(s=document.caretPositionFromPoint(a,r),(o=document.createRange()).setStart(s.offsetNode,s.offset),o.collapse(),o.insertNode(n)):document.caretRangeFromPoint?(o=document.caretRangeFromPoint(a,r)).insertNode(n):console.log("could not find carat")},l.resizeImage(e.target.result,460,"auto",2,"image/jpeg","auto",t)}),s.readAsDataURL(n)},n.prototype.onPaste=function(t){var n,s,e,o,i,a,r,l,c,d,u,h,m,p,g,f,y,v,b,w,S,T,C,k,z,A,L,x;if(t.stopPropagation(),t.preventDefault(),t.clipboardData)n=t.clipboardData;else if(O.clipboardData)n=O.clipboardData;else{if(!t.clipboardData)throw"No clipboardData support";n=t.clipboardData}if(a=!1,n&&n.items&&n.items[0]&&("file"!==(r=n.items[0]).kind||"image/png"!==r.type&&"image/jpeg"!==r.type||(i=r.getAsFile(),(w=new FileReader).onload=(x=this,function(e){var t;return t=function(e,t){var n;return x.isRetina()&&(t/=2),(n=new Image).style.width="100%",n.style.maxWidth=t+"px",n.src=e,document.execCommand("insertHTML",!1,n)},x.resizeImage(e.target.result,460,"auto",2,"image/jpeg","auto",t)}),w.readAsDataURL(i),a=!0)),!a){s=L=void 0;try{L=n.getData("text/html"),s="html",L&&0!==L.length||(s="text",L=n.getData("text/plain")),L&&0!==L.length||(s="text2",L=n.getData("text"))}catch(e){t=e,console.log("Sorry, can't insert markup because browser is not supporting it."),s="text3",L=n.getData("text")}if("text"!==s&&"text2"!==s&&"text3"!==s||(L=(L="<div>"+L.replace(/\n/g,"</div><div>")+"</div>").replace(/<div><\/div>/g,"<div><br></div>")),console.log("p",s,L),"html"===s){for(e=document.createElement("div"),A=DOMPurify.sanitize(L),this.log.debug("sanitized HTML clipboard",A),e.innerHTML=A,f=!1,o=L,z=new RegExp("<(/w|w):[A-Za-z]"),o.match(z)&&(f=!0,o=o.replace(z,"")),z=new RegExp("<(/o|o):[A-Za-z]"),o.match(z)&&(f=!0,o=o.replace(z,"")),f&&(e=this.wordFilter(e)),l=0,u=(S=e.childNodes).length;l<u;l++)8===(v=S[l]).nodeType&&v.remove();for(c=0,h=(T=e.querySelectorAll("a, font, small, time, form, label")).length;c<h;c++)(v=T[c]).outerHTML=v.innerHTML;for("div",d=0,m=(C=e.querySelectorAll("textarea")).length;d<m;d++)b=(v=C[d]).outerHTML,z=new RegExp("<"+v.tagName,"i"),y=b.replace(z,"<div"),z=new RegExp("</"+v.tagName,"i"),y=y.replace(z,"</div"),v.outerHTML=y;for(g=0,p=(k=e.querySelectorAll("font, img, svg, input, select, button, style, applet, embed, noframes, canvas, script, frame, iframe, meta, link, title, head, fieldset")).length;g<p;g++)(v=k[g]).remove();this.removeAttributes(e),L=e.innerHTML}return"text3"===s?this.pasteHtmlAtCaret(L):document.execCommand("insertHTML",!1,L),!0}},n.prototype.onKeydown=function(e){var t;if(this.inputDisabled||e.shiftKey||13!==e.keyCode||(e.preventDefault(),this.sendMessage()),t=!1,(e.altKey||e.ctrlKey||!e.metaKey)&&(e.altKey||!e.ctrlKey||e.metaKey)||(t=!0),t&&this.richTextFormatKey[e.keyCode]){if(e.preventDefault(),66===e.keyCode)return document.execCommand("bold"),!0;if(73===e.keyCode)return document.execCommand("italic"),!0;if(85===e.keyCode)return document.execCommand("underline"),!0;if(83===e.keyCode)return document.execCommand("strikeThrough"),!0}},n.prototype.send=function(e,t){return null==t&&(t={}),t.chat_id=this.options.chatId,this.io.send(e,t)},n.prototype.onWebSocketMessage=function(e){var t,n,s;for(t=0,n=e.length;t<n;t++)switch(s=e[t],this.log.debug("ws:onmessage",s),s.event){case"chat_error":this.log.notice(s.data),s.data&&"chat_disabled"===s.data.state&&this.destroy({remove:!0});break;case"chat_session_message":if(s.data.self_written)return;this.receiveMessage(s.data);break;case"chat_session_typing":if(s.data.self_written)return;this.onAgentTypingStart();break;case"chat_session_start":this.onConnectionEstablished(s.data);break;case"chat_session_queue":this.onQueueScreen(s.data);break;case"chat_session_closed":case"chat_session_left":this.onSessionClosed(s.data);break;case"chat_status_customer":switch(s.data.state){case"online":this.sessionId=void 0,!this.options.cssAutoload||this.cssLoaded?this.onReady():this.socketReady=!0;break;case"offline":this.onError("Zammad Chat: No agent online");break;case"chat_disabled":this.onError("Zammad Chat: Chat is disabled");break;case"no_seats_available":this.onError("Zammad Chat: Too many clients in queue. Clients in queue: "+s.data.queue);break;case"reconnect":this.onReopenSession(s.data)}}},n.prototype.onReady=function(){var e,t;if(this.log.debug("widget ready for use"),(t=document.querySelector("."+this.options.buttonClass))&&(t.addEventListener("click",this.open),t.classList.remove(this.options.inactiveClass)),"function"==typeof(e=this.options).onReady&&e.onReady(),this.options.show)return this.show()},n.prototype.onError=function(e){var t,n;return this.log.debug(e),this.addStatus(e),(n=document.querySelector("."+this.options.buttonClass))&&n.classList.add("zammad-chat-is-hidden"),this.isOpen?(this.disableInput(),this.destroy({remove:!1})):this.destroy({remove:!0}),"function"==typeof(t=this.options).onError?t.onError(e):void 0},n.prototype.onReopenSession=function(e){var t,n,s,o,i;if(this.log.debug("old messages",e.session),this.inactiveTimeout.start(),i=sessionStorage.getItem("unfinished_message"),e.agent){for(this.onConnectionEstablished(e),t=0,n=(o=e.session).length;t<n;t++)s=o[t],this.renderMessage({message:s.content,id:s.id,from:s.created_by_id?"agent":"customer"});i&&(this.input.innerHTML=i)}if(e.position&&this.onQueue(e),this.show(),this.open(),this.scrollToBottom(),i)return this.input.focus()},n.prototype.onInput=function(){var e,t,n;for(e=0,t=(n=this.el.querySelectorAll(".zammad-chat-message--unread")).length;e<t;e++)n[e].classList.remove("zammad-chat-message--unread");return sessionStorage.setItem("unfinished_message",this.input.innerHTML),this.onTyping()},n.prototype.onTyping=function(){if(!(this.isTyping&&this.isTyping>new Date((new Date).getTime()-1500)))return this.isTyping=new Date,this.send("chat_session_typing",{session_id:this.sessionId}),this.inactiveTimeout.start()},n.prototype.onSubmit=function(e){return e.preventDefault(),this.sendMessage()},n.prototype.sendMessage=function(){var e,t;if(e=this.input.innerHTML)return this.inactiveTimeout.start(),sessionStorage.removeItem("unfinished_message"),t=this.view("message")({message:e,from:"customer",id:this._messageCount++,unreadClass:""}),this.maybeAddTimestamp(),this.el.querySelector(".zammad-chat-message--typing")?(this.lastAddedType="typing-placeholder",this.el.querySelector(".zammad-chat-message--typing").insertAdjacentHTML("beforebegin",t)):(this.lastAddedType="message--customer",this.body.insertAdjacentHTML("beforeend",t)),this.input.innerHTML="",this.scrollToBottom(),this.send("chat_session_message",{content:e,id:this._messageCount,session_id:this.sessionId})},n.prototype.receiveMessage=function(e){return this.inactiveTimeout.start(),this.onAgentTypingEnd(),this.maybeAddTimestamp(),this.renderMessage({message:e.message.content,id:e.id,from:"agent"}),this.scrollToBottom({showHint:!0})},n.prototype.renderMessage=function(e){return this.lastAddedType="message--"+e.from,e.unreadClass=document.hidden?" zammad-chat-message--unread":"",this.body.insertAdjacentHTML("beforeend",this.view("message")(e))},n.prototype.open=function(){var e;if(!this.isOpen)return this.isOpen=!0,this.log.debug("open widget"),this.show(),this.sessionId||this.showLoader(),this.el.classList.add("zammad-chat-is-open"),e=this.el.clientHeight-this.el.querySelector(".zammad-chat-header").offsetHeight,this.el.style.transform="translateY("+e+"px)",this.el.clientHeight,this.sessionId?(this.el.style.transform="",this.onOpenAnimationEnd()):(this.el.addEventListener("transitionend",this.onOpenAnimationEnd),this.el.classList.add("zammad-chat--animate"),this.el.clientHeight,this.el.style.transform="",this.send("chat_session_init",{url:O.location.href}));this.log.debug("widget already open, block")},n.prototype.onOpenAnimationEnd=function(){var e;return this.el.removeEventListener("transitionend",this.onOpenAnimationEnd),this.el.classList.remove("zammad-chat--animate"),this.idleTimeout.stop(),this.isFullscreen&&this.disableScrollOnRoot(),"function"==typeof(e=this.options).onOpenAnimationEnd?e.onOpenAnimationEnd():void 0},n.prototype.sessionClose=function(){return this.send("chat_session_close",{session_id:this.sessionId}),this.inactiveTimeout.stop(),this.waitingListTimeout.stop(),sessionStorage.removeItem("unfinished_message"),this.onInitialQueueDelayId&&clearTimeout(this.onInitialQueueDelayId),this.setSessionId(void 0)},n.prototype.toggle=function(e){return this.isOpen?this.close(e):this.open(e)},n.prototype.close=function(e){var t;if(this.isOpen){if(this.initDelayId&&clearTimeout(this.initDelayId),this.sessionId)return this.log.debug("close widget"),e&&e.stopPropagation(),this.sessionClose(),this.isFullscreen&&this.enableScrollOnRoot(),t=this.el.clientHeight-this.el.querySelector(".zammad-chat-header").offsetHeight,this.el.addEventListener("transitionend",this.onCloseAnimationEnd),this.el.classList.add("zammad-chat--animate"),document.offsetHeight,this.el.style.transform="translateY("+t+"px)";this.log.debug("can't close widget without sessionId")}else this.log.debug("can't close widget, it's not open")},n.prototype.onCloseAnimationEnd=function(){var e;return this.el.removeEventListener("transitionend",this.onCloseAnimationEnd),this.el.classList.remove("zammad-chat-is-open","zammad-chat--animate"),this.el.style.transform="",this.showLoader(),this.el.querySelector(".zammad-chat-welcome").classList.remove("zammad-chat-is-hidden"),this.el.querySelector(".zammad-chat-agent").classList.add("zammad-chat-is-hidden"),this.el.querySelector(".zammad-chat-agent-status").classList.add("zammad-chat-is-hidden"),this.isOpen=!1,"function"==typeof(e=this.options).onCloseAnimationEnd&&e.onCloseAnimationEnd(),this.io.reconnect()},n.prototype.onWebSocketClose=function(){if(!this.isOpen)return this.el?(this.el.classList.remove("zammad-chat-is-shown"),this.el.classList.remove("zammad-chat-is-loaded")):void 0},n.prototype.show=function(){if("offline"!==this.state)return this.el.classList.add("zammad-chat-is-loaded"),this.el.classList.add("zammad-chat-is-shown")},n.prototype.disableInput=function(){return this.inputDisabled=!0,this.input.setAttribute("contenteditable",!1),this.el.querySelector(".zammad-chat-send").disabled=!0,this.io.close()},n.prototype.enableInput=function(){return this.inputDisabled=!1,this.input.setAttribute("contenteditable",!0),this.el.querySelector(".zammad-chat-send").disabled=!1},n.prototype.hideModal=function(){return this.el.querySelector(".zammad-chat-modal").innerHTML=""},n.prototype.onQueueScreen=function(e){var t,n;if(this.setSessionId(e.session_id),t=function(){return n.onQueue(e),n.waitingListTimeout.start()},!(n=this).initialQueueDelay||this.onInitialQueueDelayId)return this.onInitialQueueDelayId&&clearTimeout(this.onInitialQueueDelayId),t();this.onInitialQueueDelayId=setTimeout(t,this.initialQueueDelay)},n.prototype.onQueue=function(e){return this.log.notice("onQueue",e.position),this.inQueue=!0,this.el.querySelector(".zammad-chat-modal").innerHTML=this.view("waiting")({position:e.position})},n.prototype.onAgentTypingStart=function(){if(this.stopTypingId&&clearTimeout(this.stopTypingId),this.stopTypingId=setTimeout(this.onAgentTypingEnd,3e3),!this.el.querySelector(".zammad-chat-message--typing")&&(this.maybeAddTimestamp(),this.body.insertAdjacentHTML("beforeend",this.view("typingIndicator")()),this.isVisible(this.el.querySelector(".zammad-chat-message--typing"),!0)))return this.scrollToBottom()},n.prototype.onAgentTypingEnd=function(){if(this.el.querySelector(".zammad-chat-message--typing"))return this.el.querySelector(".zammad-chat-message--typing").remove()},n.prototype.onLeaveTemporary=function(){if(this.sessionId)return this.send("chat_session_leave_temporary",{session_id:this.sessionId})},n.prototype.maybeAddTimestamp=function(){var e,t,n;if(n=Date.now(),!this.lastTimestamp||n-this.lastTimestamp>6e4*this.showTimeEveryXMinutes)return e=this.T("Today"),t=(new Date).toTimeString().substr(0,5),"timestamp"===this.lastAddedType?(this.updateLastTimestamp(e,t),this.lastTimestamp=n):(this.body.insertAdjacentHTML("beforeend",this.view("timestamp")({label:e,time:t})),this.lastTimestamp=n,this.lastAddedType="timestamp",this.scrollToBottom())},n.prototype.updateLastTimestamp=function(e,t){var n;if(this.el&&(n=this.el.querySelectorAll(".zammad-chat-body .zammad-chat-timestamp")))return n[n.length-1].outerHTML=this.view("timestamp")({label:e,time:t})},n.prototype.addStatus=function(e){if(this.el)return this.maybeAddTimestamp(),this.body.insertAdjacentHTML("beforeend",this.view("status")({status:e})),this.scrollToBottom()},n.prototype.detectScrolledtoBottom=function(){var e;if(e=this.body.scrollTop+this.body.offsetHeight,this.scrolledToBottom=Math.abs(e-this.body.scrollHeight)<=this.scrollSnapTolerance,this.scrolledToBottom)return this.el.querySelector(".zammad-scroll-hint").classList.add("is-hidden")},n.prototype.showScrollHint=function(){return this.el.querySelector(".zammad-scroll-hint").classList.remove("is-hidden"),this.body.scrollTop=this.body.scrollTop+this.el.querySelector(".zammad-scroll-hint").offsetHeight},n.prototype.onScrollHintClick=function(){return this.body.scrollTo({top:this.body.scrollHeight,behavior:"smooth"})},n.prototype.scrollToBottom=function(e){var t;return t=(null!=e?e:{showHint:!1}).showHint,this.scrolledToBottom?this.body.scrollTop=this.body.scrollHeight:t?this.showScrollHint():void 0},n.prototype.destroy=function(e){var t;return null==e&&(e={}),this.log.debug("destroy widget",e),this.setAgentOnlineState("offline"),e.remove&&this.el&&(this.el.remove(),(t=document.querySelector("."+this.options.buttonClass))&&(t.classList.add(this.options.inactiveClass),t.style.display="none")),this.waitingListTimeout&&this.waitingListTimeout.stop(),this.inactiveTimeout&&this.inactiveTimeout.stop(),this.idleTimeout&&this.idleTimeout.stop(),this.io.close()},n.prototype.reconnect=function(){return this.log.notice("reconnecting"),this.disableInput(),this.lastAddedType="status",this.setAgentOnlineState("connecting"),this.addStatus(this.T("Connection lost"))},n.prototype.onConnectionReestablished=function(){var e;return this.lastAddedType="status",this.setAgentOnlineState("online"),this.addStatus(this.T("Connection re-established")),"function"==typeof(e=this.options).onConnectionReestablished?e.onConnectionReestablished():void 0},n.prototype.onSessionClosed=function(e){var t;return this.addStatus(this.T("Chat closed by %s",e.realname)),this.disableInput(),this.setAgentOnlineState("offline"),this.inactiveTimeout.stop(),"function"==typeof(t=this.options).onSessionClosed?t.onSessionClosed(e):void 0},n.prototype.setSessionId=function(e){return void 0===(this.sessionId=e)?sessionStorage.removeItem("sessionId"):sessionStorage.setItem("sessionId",e)},n.prototype.onConnectionEstablished=function(e){var t;return this.onInitialQueueDelayId&&clearTimeout(this.onInitialQueueDelayId),this.inQueue=!1,e.agent&&(this.agent=e.agent),e.session_id&&this.setSessionId(e.session_id),this.body.innerHTML="",this.el.querySelector(".zammad-chat-agent").innerHTML=this.view("agent")({agent:this.agent}),this.enableInput(),this.hideModal(),this.el.querySelector(".zammad-chat-welcome").classList.add("zammad-chat-is-hidden"),this.el.querySelector(".zammad-chat-agent").classList.remove("zammad-chat-is-hidden"),this.el.querySelector(".zammad-chat-agent-status").classList.remove("zammad-chat-is-hidden"),this.isFullscreen||this.input.focus(),this.setAgentOnlineState("online"),this.waitingListTimeout.stop(),this.idleTimeout.stop(),this.inactiveTimeout.start(),"function"==typeof(t=this.options).onConnectionEstablished?t.onConnectionEstablished(e):void 0},n.prototype.showCustomerTimeout=function(){return this.el.querySelector(".zammad-chat-modal").innerHTML=this.view("customer_timeout")({agent:this.agent.name,delay:this.options.inactiveTimeout}),this.el.querySelector(".js-restart").addEventListener("click",function(){return location.reload()}),this.sessionClose()},n.prototype.showWaitingListTimeout=function(){return this.el.querySelector(".zammad-chat-modal").innerHTML=this.view("waiting_list_timeout")({delay:this.options.watingListTimeout}),this.el.querySelector(".js-restart").addEventListener("click",function(){return location.reload()}),this.sessionClose()},n.prototype.showLoader=function(){return this.el.querySelector(".zammad-chat-modal").innerHTML=this.view("loader")()},n.prototype.setAgentOnlineState=function(e){var t;if(this.state=e,this.el)return t=e.charAt(0).toUpperCase()+e.slice(1),this.el.querySelector(".zammad-chat-agent-status").dataset.status=e,this.el.querySelector(".zammad-chat-agent-status").textContent=this.T(t)},n.prototype.detectHost=function(){var e;return e="ws://","https"===c&&(e="wss://"),this.options.host=""+e+l+"/ws"},n.prototype.loadCss=function(){var e,t,n;if(this.options.cssAutoload)return(n=this.options.cssUrl)||(n=this.options.host.replace(/^wss/i,"https").replace(/^ws/i,"http").replace(/\/ws$/i,""),n+="/assets/chat/chat.css"),this.log.debug("load css from '"+n+"'"),t="@import url('"+n+"');",(e=document.createElement("link")).onload=this.onCssLoaded,e.rel="stylesheet",e.href="data:text/css,"+escape(t),document.getElementsByTagName("head")[0].appendChild(e)},n.prototype.onCssLoaded=function(){var e;return this.cssLoaded=!0,this.socketReady&&this.onReady(),"function"==typeof(e=this.options).onCssLoaded?e.onCssLoaded():void 0},n.prototype.startTimeoutObservers=function(){var e,t,n;return this.idleTimeout=new a({logPrefix:"idleTimeout",debug:this.options.debug,timeout:this.options.idleTimeout,timeoutIntervallCheck:this.options.idleTimeoutIntervallCheck,callback:(e=this,function(){return e.log.debug("Idle timeout reached, hide widget",new Date),e.destroy({remove:!0})})}),this.inactiveTimeout=new a({logPrefix:"inactiveTimeout",debug:this.options.debug,timeout:this.options.inactiveTimeout,timeoutIntervallCheck:this.options.inactiveTimeoutIntervallCheck,callback:(t=this,function(){return t.log.debug("Inactive timeout reached, show timeout screen.",new Date),t.showCustomerTimeout(),t.destroy({remove:!1})})}),this.waitingListTimeout=new a({logPrefix:"waitingListTimeout",debug:this.options.debug,timeout:this.options.waitingListTimeout,timeoutIntervallCheck:this.options.waitingListTimeoutIntervallCheck,callback:(n=this,function(){return n.log.debug("Waiting list timeout reached, show timeout screen.",new Date),n.showWaitingListTimeout(),n.destroy({remove:!1})})})},n.prototype.disableScrollOnRoot=function(){return this.rootScrollOffset=this.scrollRoot.scrollTop,this.scrollRoot.style.overflow="hidden",this.scrollRoot.style.position="fixed"},n.prototype.enableScrollOnRoot=function(){return this.scrollRoot.scrollTop=this.rootScrollOffset,this.scrollRoot.style.overflow="",this.scrollRoot.style.position=""},n.prototype.isVisible=function(e,n,s,o){var i,a,r,l,c,d,u,h,m,p;if(!(e.length<1))return p=O.innerWidth,m=O.innerHeight,o=o||"both",a=!0!==s||t.offsetWidth*t.offsetHeight,u=0<=(d=e.getBoundingClientRect()).top&&d.top<m,i=0<d.bottom&&d.bottom<=m,l=0<=d.left&&d.left<p,c=0<d.right&&d.right<=p,h=n?u||i:u&&i,r=n?l||c:l&&c,"both"===o?a&&h&&r:"vertical"===o?a&&h:"horizontal"===o?a&&r:void 0},n.prototype.isRetina=function(){var e;return!!O.matchMedia&&((e=O.matchMedia("only screen and (min--moz-device-pixel-ratio: 1.3), only screen and (-o-min-device-pixel-ratio: 2.6/2), only screen and (-webkit-min-device-pixel-ratio: 1.3), only screen  and (min-device-pixel-ratio: 1.3), only screen and (min-resolution: 1.3dppx)"))&&e.matches||1<O.devicePixelRatio)},n.prototype.resizeImage=function(e,i,a,r,l,c,d,t){var u;return null==i&&(i="auto"),null==a&&(a="auto"),null==r&&(r=1),null==t&&(t=!0),(u=new Image).onload=function(){var e,t,n,s,o;return n=u.width,t=u.height,console.log("ImageService","current size",n,t),"auto"===a&&"auto"===i&&(i=n,a=t),"auto"===a&&(a=t/(n/i)),"auto"===i&&(i=t/(n/a)),o=!1,i<n||a<t?(o=!0,i*=r,a*=r):(i=n,a=t),(e=document.createElement("canvas")).width=i,e.height=a,e.getContext("2d").drawImage(u,0,0,i,a),"auto"===c&&(c=i<200&&a<200?1:i<400&&a<400?.9:i<600&&a<600?.8:i<900&&a<900?.7:.6),s=e.toDataURL(l,c),o?(console.log("ImageService","resize",i/r,a/r,c,.75*s.length/1024/1024,"in mb"),void d(s,i/r,a/r,!0)):(console.log("ImageService","no resize",i,a,c,.75*s.length/1024/1024,"in mb"),d(s,i,a,!1))},u.src=e},n.prototype.pasteHtmlAtCaret=function(e){var t,n,s,o,i,a;if(i=a=void 0,O.getSelection){if((a=O.getSelection()).getRangeAt&&a.rangeCount){for((i=a.getRangeAt(0)).deleteContents(),(t=document.createElement("div")).innerHTML=e,n=document.createDocumentFragment(o,s);o=t.firstChild;)s=n.appendChild(o);if(i.insertNode(n),s)return(i=i.cloneRange()).setStartAfter(s),i.collapse(!0),a.removeAllRanges(),a.addRange(i)}}else if(document.selection&&"Control"!==document.selection.type)return document.selection.createRange().pasteHTML(e)},n.prototype.wordFilter=function(e){var t,n,s,o,i,a,r,l,c,d,u,h,m,p,g,f,y,v,b,w,S,T,C,k,z,A,L,x,O,E,I,_,D,M,R,j,H,N,q,P;for(t=(t=(t=(t=(t=e.html()).replace(/<!--[\s\S]+?-->/gi,"")).replace(/<(!|script[^>]*>.*?<\/script(?=[>\s])|\/?(\?xml(:\w+)?|img|meta|link|style|\w:\w+)(?=[\s\/>]))[^>]*>/gi,"")).replace(/<(\/?)s>/gi,"<$1strike>")).replace(/&nbsp;/gi," "),e.innerHTML=t,i=0,c=(A=e.querySelectorAll("p")).length;i<c;i++)q=(T=A[i]).getAttribute("style"),(b=/mso-list:\w+ \w+([0-9]+)/.exec(q))&&(T.dataset._listLevel=parseInt(b[1],10));for(C=null,a=l=0,d=(L=e.querySelectorAll("p")).length;a<d;a++)if(void 0!==(n=(T=L[a]).dataset._listLevel)){if(P=T.textContent,y="<ul></ul>",/^\s*\w+\./.test(P)&&(y=(b=/([0-9])\./.exec(P))?null!=(O=1<(N=parseInt(b[1],10)))?O:'<ol start="'+N+{'"></ol>':"<ol></ol>"}:"<ol></ol>"),l<n&&(0===l&&(T.insertAdjacentHTML("beforebegin",y),C=T.previousElementSibling),C.insertAdjacentHTML("beforeend",y)),n<l)for(o=r=E=o,I=l-n;E<=I?r<=I:I<=r;o=E<=I?++r:--r)C=C.parentNode;T.querySelector("span:first")&&T.querySelector("span:first").remove(),C.insertAdjacentHTML("beforeend","<li>"+T.innerHTML+"</li>"),T.remove(),l=n}else l=0;for(v=0,u=(_=e.querySelectorAll("[style]")).length;v<u;v++)(s=_[v]).removeAttribute("style");for(w=0,h=(D=e.querySelectorAll("[align]")).length;w<h;w++)(s=D[w]).removeAttribute("align");for(S=0,m=(M=e.querySelectorAll("span")).length;S<m;S++)(s=M[S]).outerHTML=s.innerHTML;for(k=0,p=(R=e.querySelectorAll("span:empty")).length;k<p;k++)(s=R[k]).remove();for(z=0,g=(j=e.querySelectorAll("[class^='Mso']")).length;z<g;z++)(s=j[z]).removeAttribute("class");for(H=0,f=(x=e.querySelectorAll("p:empty")).length;H<f;H++)(s=x[H]).remove();return e},n.prototype.removeAttribute=function(e){var t,n,s,o,i;if(e){for(i=[],n=0,s=(o=e.attributes).length;n<s;n++)t=o[n],i.push(e.removeAttribute(t.name));return i}},n.prototype.removeAttributes=function(e){var t,n,s,o;for(t=0,n=(o=e.querySelectorAll("*")).length;t<n;t++)s=o[t],this.removeAttribute(s);return e},n}(),O.ZammadChat=e}(window),window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.chat=function(e){e||(e={});var t=[],n=function(e){return e&&e.ecoSafe?e:void 0!==e&&null!=e?o(e):""},s=e.safe,o=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},o||(o=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){t.push('<div class="zammad-chat'),this.flat&&t.push(n(" zammad-chat--flat")),t.push('"'),this.fontSize&&t.push(n(" style='font-size: "+this.fontSize+"'")),t.push('>\n  <div class="zammad-chat-header js-chat-open"'),this.background&&t.push(n(" style='background: "+this.background+"'")),t.push('>\n    <div class="zammad-chat-header-controls js-chat-toggle">\n      <span class="zammad-chat-agent-status zammad-chat-is-hidden js-chat-status" data-status="online"></span>\n      <span class="zammad-chat-header-icon">\n        <svg class="zammad-chat-header-icon-open" width="13" height="7" viewBox="0 0 13 7"><path d="M10.807 7l1.4-1.428-5-4.9L6.5-.02l-.7.7-4.9 4.9 1.414 1.413L6.5 2.886 10.807 7z" fill-rule="evenodd"/></svg>\n        <svg class="zammad-chat-header-icon-close" width="13" height="13" viewBox="0 0 13 13"><path d="m2.241.12l-2.121 2.121 4.243 4.243-4.243 4.243 2.121 2.121 4.243-4.243 4.243 4.243 2.121-2.121-4.243-4.243 4.243-4.243-2.121-2.121-4.243 4.243-4.243-4.243" fill-rule="evenodd"/></svg>\n      </span>\n    </div>\n    <div class="zammad-chat-agent zammad-chat-is-hidden">\n    </div>\n    <div class="zammad-chat-welcome">\n      <svg class="zammad-chat-icon" viewBox="0 0 24 24" width="24" height="24"><path d="M2 5C2 4 3 3 4 3h16c1 0 2 1 2 2v10C22 16 21 17 20 17H4C3 17 2 16 2 15V5zM12 17l6 4v-4h-6z"/></svg>\n      <span class="zammad-chat-welcome-text">'),t.push(this.T(this.title)),t.push('</span>\n    </div>\n  </div>\n  <div class="zammad-chat-modal"></div>\n  <div class="zammad-scroll-hint is-hidden">\n    <svg class="zammad-scroll-hint-icon" width="20" height="18" viewBox="0 0 20 18"><path d="M0,2.00585866 C0,0.898053512 0.898212381,0 1.99079514,0 L18.0092049,0 C19.1086907,0 20,0.897060126 20,2.00585866 L20,11.9941413 C20,13.1019465 19.1017876,14 18.0092049,14 L1.99079514,14 C0.891309342,14 0,13.1029399 0,11.9941413 L0,2.00585866 Z M10,14 L16,18 L16,14 L10,14 Z" fill-rule="evenodd"/></svg>\n    '),t.push(this.T(this.scrollHint)),t.push('\n  </div>\n  <div class="zammad-chat-body"></div>\n  <form class="zammad-chat-controls">\n    <div class="zammad-chat-input" rows="1" placeholder="'),t.push(this.T("Compose your message...")),t.push('" contenteditable="true"></div>\n    <button type="submit" class="zammad-chat-button zammad-chat-send"'),this.background&&t.push(n(" style='background: "+this.background+"'")),t.push(">"),t.push(this.T("Send")),t.push("</button>\n  </form>\n</div>")}).call(this)}.call(e),e.safe=s,e.escape=o,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.customer_timeout=function(e){e||(e={});var t=[],n=e.safe,s=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},s||(s=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){var e;t.push('<div class="zammad-chat-modal-text">\n  '),this.agent?(t.push("\n    "),t.push(this.T("Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.",this.delay,this.agent))):(t.push("\n    "),t.push(this.T("Since you didn't respond in the last %s minutes your conversation got closed.",this.delay))),t.push("\n  "),t.push('\n  <br>\n  <div class="zammad-chat-button js-restart"'),this.background&&t.push((e=" style='background: "+this.background+"'")&&e.ecoSafe?e:void 0!==e&&null!=e?s(e):""),t.push(">"),t.push(this.T("Start new conversation")),t.push("</div>\n</div>")}).call(this)}.call(e),e.safe=n,e.escape=s,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.loader=function(e){e||(e={});var t=[],n=e.safe,s=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},s||(s=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){t.push('<span class="zammad-chat-loading-animation">\n  <span class="zammad-chat-loading-circle"></span>\n  <span class="zammad-chat-loading-circle"></span>\n  <span class="zammad-chat-loading-circle"></span>\n</span>\n<span class="zammad-chat-modal-text">'),t.push(this.T("Connecting")),t.push("</span>")}).call(this)}.call(e),e.safe=n,e.escape=s,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.message=function(e){e||(e={});var t=[],n=function(e){return e&&e.ecoSafe?e:void 0!==e&&null!=e?o(e):""},s=e.safe,o=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},o||(o=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){t.push('<div class="zammad-chat-message zammad-chat-message--'),t.push(n(this.from)),t.push(n(this.unreadClass)),t.push('">\n  <span class="zammad-chat-message-body"'),this.background&&"customer"===this.from&&t.push(n(" style='background: "+this.background+"'")),t.push(">"),t.push(this.message),t.push("</span>\n</div>")}).call(this)}.call(e),e.safe=s,e.escape=o,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.status=function(e){e||(e={});var t=[],n=e.safe,s=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},s||(s=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){t.push('<div class="zammad-chat-status">\n  <div class="zammad-chat-status-inner">\n    '),t.push(this.status),t.push("\n  </div>\n</div>")}).call(this)}.call(e),e.safe=n,e.escape=s,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.timestamp=function(e){e||(e={});var t=[],n=function(e){return e&&e.ecoSafe?e:void 0!==e&&null!=e?o(e):""},s=e.safe,o=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},o||(o=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){t.push('<div class="zammad-chat-timestamp"><strong>'),t.push(n(this.label)),t.push("</strong> "),t.push(n(this.time)),t.push("</div>")}).call(this)}.call(e),e.safe=s,e.escape=o,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.typingIndicator=function(e){e||(e={});var t=[],n=e.safe,s=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},s||(s=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){t.push('<div class="zammad-chat-message zammad-chat-message--typing zammad-chat-message--agent">\n  <span class="zammad-chat-message-body">\n    <span class="zammad-chat-loading-animation">\n      <span class="zammad-chat-loading-circle"></span>\n      <span class="zammad-chat-loading-circle"></span>\n      <span class="zammad-chat-loading-circle"></span>\n    </span>\n  </span>\n</div>')}).call(this)}.call(e),e.safe=n,e.escape=s,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.waiting=function(e){e||(e={});var t=[],n=e.safe,s=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},s||(s=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){t.push('<div class="zammad-chat-modal-text">\n  <span class="zammad-chat-loading-animation">\n    <span class="zammad-chat-loading-circle"></span>\n    <span class="zammad-chat-loading-circle"></span>\n    <span class="zammad-chat-loading-circle"></span>\n  </span>\n  '),t.push(this.T("All colleagues are busy.")),t.push("<br>\n  "),t.push(this.T("You are on waiting list position <strong>%s</strong>.",this.position)),t.push("\n</div>")}).call(this)}.call(e),e.safe=n,e.escape=s,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.waiting_list_timeout=function(e){e||(e={});var t=[],n=e.safe,s=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},s||(s=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){var e;t.push('<div class="zammad-chat-modal-text">\n  '),t.push(this.T("We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!")),t.push('\n  <br>\n  <div class="zammad-chat-button js-restart"'),this.background&&t.push((e=" style='background: "+this.background+"'")&&e.ecoSafe?e:void 0!==e&&null!=e?s(e):""),t.push(">"),t.push(this.T("Start new conversation")),t.push("</div>\n</div>")}).call(this)}.call(e),e.safe=n,e.escape=s,t.join("")};
\ No newline at end of file
diff --git a/public/assets/chat/chat.coffee b/public/assets/chat/chat.coffee
index 73f28047b..9a01d4f81 100644
--- a/public/assets/chat/chat.coffee
+++ b/public/assets/chat/chat.coffee
@@ -718,7 +718,9 @@ do($ = window.jQuery, window) ->
           text = text.replace(/<div><\/div>/g, '<div><br></div>')
         console.log('p', docType, text)
         if docType is 'html'
-          html = $("<div>#{text}</div>")
+          sanitized = DOMPurify.sanitize(text)
+          @log.debug 'sanitized HTML clipboard', sanitized
+          html = $("<div>#{sanitized}</div>")
           match = false
           htmlTmp = text
           regex = new RegExp('<(/w|w)\:[A-Za-z]')
diff --git a/public/assets/chat/chat.css b/public/assets/chat/chat.css
index 6d619c746..9e97e1aab 100644
--- a/public/assets/chat/chat.css
+++ b/public/assets/chat/chat.css
@@ -314,6 +314,7 @@
   line-height: 1.4em;
   font-size: inherit;
   -webkit-appearance: none;
+  -moz-appearance: none;
   appearance: none;
   border: none;
   background: none;
@@ -329,6 +330,7 @@
 
 .zammad-chat-button {
   -webkit-appearance: none;
+  -moz-appearance: none;
   appearance: none;
   font-family: inherit;
   font-size: inherit;
@@ -349,6 +351,7 @@
 
 .zammad-chat-button:disabled,
 .zammad-chat-input:disabled {
+  cursor: not-allowed;
   opacity: 0.3; }
 
 .zammad-chat-is-hidden {
diff --git a/public/assets/chat/chat.js b/public/assets/chat/chat.js
index b364a9eb6..9ae20879c 100644
--- a/public/assets/chat/chat.js
+++ b/public/assets/chat/chat.js
@@ -1,7 +1,11 @@
+/*! @license DOMPurify 2.3.1 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.3.1/LICENSE */
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e=e||self).DOMPurify=t()}(this,(function(){"use strict";var e=Object.hasOwnProperty,t=Object.setPrototypeOf,n=Object.isFrozen,r=Object.getPrototypeOf,o=Object.getOwnPropertyDescriptor,i=Object.freeze,a=Object.seal,l=Object.create,c="undefined"!=typeof Reflect&&Reflect,s=c.apply,u=c.construct;s||(s=function(e,t,n){return e.apply(t,n)}),i||(i=function(e){return e}),a||(a=function(e){return e}),u||(u=function(e,t){return new(Function.prototype.bind.apply(e,[null].concat(function(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}(t))))});var f,m=x(Array.prototype.forEach),d=x(Array.prototype.pop),p=x(Array.prototype.push),g=x(String.prototype.toLowerCase),h=x(String.prototype.match),y=x(String.prototype.replace),v=x(String.prototype.indexOf),b=x(String.prototype.trim),T=x(RegExp.prototype.test),A=(f=TypeError,function(){for(var e=arguments.length,t=Array(e),n=0;n<e;n++)t[n]=arguments[n];return u(f,t)});function x(e){return function(t){for(var n=arguments.length,r=Array(n>1?n-1:0),o=1;o<n;o++)r[o-1]=arguments[o];return s(e,t,r)}}function S(e,r){t&&t(e,null);for(var o=r.length;o--;){var i=r[o];if("string"==typeof i){var a=g(i);a!==i&&(n(r)||(r[o]=a),i=a)}e[i]=!0}return e}function w(t){var n=l(null),r=void 0;for(r in t)s(e,t,[r])&&(n[r]=t[r]);return n}function N(e,t){for(;null!==e;){var n=o(e,t);if(n){if(n.get)return x(n.get);if("function"==typeof n.value)return x(n.value)}e=r(e)}return function(e){return console.warn("fallback value for",e),null}}var k=i(["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dialog","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","picture","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr"]),E=i(["svg","a","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","style","switch","symbol","text","textpath","title","tref","tspan","view","vkern"]),D=i(["feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feDistantLight","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","fePointLight","feSpecularLighting","feSpotLight","feTile","feTurbulence"]),O=i(["animate","color-profile","cursor","discard","fedropshadow","feimage","font-face","font-face-format","font-face-name","font-face-src","font-face-uri","foreignobject","hatch","hatchpath","mesh","meshgradient","meshpatch","meshrow","missing-glyph","script","set","solidcolor","unknown","use"]),R=i(["math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmultiscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mspace","msqrt","mstyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover"]),_=i(["maction","maligngroup","malignmark","mlongdiv","mscarries","mscarry","msgroup","mstack","msline","msrow","semantics","annotation","annotation-xml","mprescripts","none"]),M=i(["#text"]),L=i(["accept","action","align","alt","autocapitalize","autocomplete","autopictureinpicture","autoplay","background","bgcolor","border","capture","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","controls","controlslist","coords","crossorigin","datetime","decoding","default","dir","disabled","disablepictureinpicture","disableremoteplayback","download","draggable","enctype","enterkeyhint","face","for","headers","height","hidden","high","href","hreflang","id","inputmode","integrity","ismap","kind","label","lang","list","loading","loop","low","max","maxlength","media","method","min","minlength","multiple","muted","name","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","playsinline","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","sizes","span","srclang","start","src","srcset","step","style","summary","tabindex","title","translate","type","usemap","valign","value","width","xmlns","slot"]),F=i(["accent-height","accumulate","additive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","class","clip","clippathunits","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","filterunits","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","height","href","id","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lang","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","media","method","mode","min","name","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","preserveaspectratio","primitiveunits","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","startoffset","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","style","surfacescale","systemlanguage","tabindex","targetx","targety","transform","text-anchor","text-decoration","text-rendering","textlength","type","u1","u2","unicode","values","viewbox","visibility","version","vert-adv-y","vert-origin-x","vert-origin-y","width","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","xmlns","y","y1","y2","z","zoomandpan"]),I=i(["accent","accentunder","align","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","dir","display","displaystyle","encoding","fence","frame","height","href","id","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","width","xmlns"]),C=i(["xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]),z=a(/\{\{[\s\S]*|[\s\S]*\}\}/gm),H=a(/<%[\s\S]*|[\s\S]*%>/gm),U=a(/^data-[\-\w.\u00B7-\uFFFF]/),j=a(/^aria-[\-\w]+$/),B=a(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i),P=a(/^(?:\w+script|data):/i),W=a(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g),G="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e};function q(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}var K=function(){return"undefined"==typeof window?null:window},V=function(e,t){if("object"!==(void 0===e?"undefined":G(e))||"function"!=typeof e.createPolicy)return null;var n=null,r="data-tt-policy-suffix";t.currentScript&&t.currentScript.hasAttribute(r)&&(n=t.currentScript.getAttribute(r));var o="dompurify"+(n?"#"+n:"");try{return e.createPolicy(o,{createHTML:function(e){return e}})}catch(e){return console.warn("TrustedTypes policy "+o+" could not be created."),null}};return function e(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:K(),n=function(t){return e(t)};if(n.version="2.3.1",n.removed=[],!t||!t.document||9!==t.document.nodeType)return n.isSupported=!1,n;var r=t.document,o=t.document,a=t.DocumentFragment,l=t.HTMLTemplateElement,c=t.Node,s=t.Element,u=t.NodeFilter,f=t.NamedNodeMap,x=void 0===f?t.NamedNodeMap||t.MozNamedAttrMap:f,Y=t.Text,X=t.Comment,$=t.DOMParser,Z=t.trustedTypes,J=s.prototype,Q=N(J,"cloneNode"),ee=N(J,"nextSibling"),te=N(J,"childNodes"),ne=N(J,"parentNode");if("function"==typeof l){var re=o.createElement("template");re.content&&re.content.ownerDocument&&(o=re.content.ownerDocument)}var oe=V(Z,r),ie=oe&&ze?oe.createHTML(""):"",ae=o,le=ae.implementation,ce=ae.createNodeIterator,se=ae.createDocumentFragment,ue=ae.getElementsByTagName,fe=r.importNode,me={};try{me=w(o).documentMode?o.documentMode:{}}catch(e){}var de={};n.isSupported="function"==typeof ne&&le&&void 0!==le.createHTMLDocument&&9!==me;var pe=z,ge=H,he=U,ye=j,ve=P,be=W,Te=B,Ae=null,xe=S({},[].concat(q(k),q(E),q(D),q(R),q(M))),Se=null,we=S({},[].concat(q(L),q(F),q(I),q(C))),Ne=null,ke=null,Ee=!0,De=!0,Oe=!1,Re=!1,_e=!1,Me=!1,Le=!1,Fe=!1,Ie=!1,Ce=!0,ze=!1,He=!0,Ue=!0,je=!1,Be={},Pe=null,We=S({},["annotation-xml","audio","colgroup","desc","foreignobject","head","iframe","math","mi","mn","mo","ms","mtext","noembed","noframes","noscript","plaintext","script","style","svg","template","thead","title","video","xmp"]),Ge=null,qe=S({},["audio","video","img","source","image","track"]),Ke=null,Ve=S({},["alt","class","for","id","label","name","pattern","placeholder","role","summary","title","value","style","xmlns"]),Ye="http://www.w3.org/1998/Math/MathML",Xe="http://www.w3.org/2000/svg",$e="http://www.w3.org/1999/xhtml",Ze=$e,Je=!1,Qe=null,et=o.createElement("form"),tt=function(e){Qe&&Qe===e||(e&&"object"===(void 0===e?"undefined":G(e))||(e={}),e=w(e),Ae="ALLOWED_TAGS"in e?S({},e.ALLOWED_TAGS):xe,Se="ALLOWED_ATTR"in e?S({},e.ALLOWED_ATTR):we,Ke="ADD_URI_SAFE_ATTR"in e?S(w(Ve),e.ADD_URI_SAFE_ATTR):Ve,Ge="ADD_DATA_URI_TAGS"in e?S(w(qe),e.ADD_DATA_URI_TAGS):qe,Pe="FORBID_CONTENTS"in e?S({},e.FORBID_CONTENTS):We,Ne="FORBID_TAGS"in e?S({},e.FORBID_TAGS):{},ke="FORBID_ATTR"in e?S({},e.FORBID_ATTR):{},Be="USE_PROFILES"in e&&e.USE_PROFILES,Ee=!1!==e.ALLOW_ARIA_ATTR,De=!1!==e.ALLOW_DATA_ATTR,Oe=e.ALLOW_UNKNOWN_PROTOCOLS||!1,Re=e.SAFE_FOR_TEMPLATES||!1,_e=e.WHOLE_DOCUMENT||!1,Fe=e.RETURN_DOM||!1,Ie=e.RETURN_DOM_FRAGMENT||!1,Ce=!1!==e.RETURN_DOM_IMPORT,ze=e.RETURN_TRUSTED_TYPE||!1,Le=e.FORCE_BODY||!1,He=!1!==e.SANITIZE_DOM,Ue=!1!==e.KEEP_CONTENT,je=e.IN_PLACE||!1,Te=e.ALLOWED_URI_REGEXP||Te,Ze=e.NAMESPACE||$e,Re&&(De=!1),Ie&&(Fe=!0),Be&&(Ae=S({},[].concat(q(M))),Se=[],!0===Be.html&&(S(Ae,k),S(Se,L)),!0===Be.svg&&(S(Ae,E),S(Se,F),S(Se,C)),!0===Be.svgFilters&&(S(Ae,D),S(Se,F),S(Se,C)),!0===Be.mathMl&&(S(Ae,R),S(Se,I),S(Se,C))),e.ADD_TAGS&&(Ae===xe&&(Ae=w(Ae)),S(Ae,e.ADD_TAGS)),e.ADD_ATTR&&(Se===we&&(Se=w(Se)),S(Se,e.ADD_ATTR)),e.ADD_URI_SAFE_ATTR&&S(Ke,e.ADD_URI_SAFE_ATTR),e.FORBID_CONTENTS&&(Pe===We&&(Pe=w(Pe)),S(Pe,e.FORBID_CONTENTS)),Ue&&(Ae["#text"]=!0),_e&&S(Ae,["html","head","body"]),Ae.table&&(S(Ae,["tbody"]),delete Ne.tbody),i&&i(e),Qe=e)},nt=S({},["mi","mo","mn","ms","mtext"]),rt=S({},["foreignobject","desc","title","annotation-xml"]),ot=S({},E);S(ot,D),S(ot,O);var it=S({},R);S(it,_);var at=function(e){var t=ne(e);t&&t.tagName||(t={namespaceURI:$e,tagName:"template"});var n=g(e.tagName),r=g(t.tagName);if(e.namespaceURI===Xe)return t.namespaceURI===$e?"svg"===n:t.namespaceURI===Ye?"svg"===n&&("annotation-xml"===r||nt[r]):Boolean(ot[n]);if(e.namespaceURI===Ye)return t.namespaceURI===$e?"math"===n:t.namespaceURI===Xe?"math"===n&&rt[r]:Boolean(it[n]);if(e.namespaceURI===$e){if(t.namespaceURI===Xe&&!rt[r])return!1;if(t.namespaceURI===Ye&&!nt[r])return!1;var o=S({},["title","style","font","a","script"]);return!it[n]&&(o[n]||!ot[n])}return!1},lt=function(e){p(n.removed,{element:e});try{e.parentNode.removeChild(e)}catch(t){try{e.outerHTML=ie}catch(t){e.remove()}}},ct=function(e,t){try{p(n.removed,{attribute:t.getAttributeNode(e),from:t})}catch(e){p(n.removed,{attribute:null,from:t})}if(t.removeAttribute(e),"is"===e&&!Se[e])if(Fe||Ie)try{lt(t)}catch(e){}else try{t.setAttribute(e,"")}catch(e){}},st=function(e){var t=void 0,n=void 0;if(Le)e="<remove></remove>"+e;else{var r=h(e,/^[\r\n\t ]+/);n=r&&r[0]}var i=oe?oe.createHTML(e):e;if(Ze===$e)try{t=(new $).parseFromString(i,"text/html")}catch(e){}if(!t||!t.documentElement){t=le.createDocument(Ze,"template",null);try{t.documentElement.innerHTML=Je?"":i}catch(e){}}var a=t.body||t.documentElement;return e&&n&&a.insertBefore(o.createTextNode(n),a.childNodes[0]||null),Ze===$e?ue.call(t,_e?"html":"body")[0]:_e?t.documentElement:a},ut=function(e){return ce.call(e.ownerDocument||e,e,u.SHOW_ELEMENT|u.SHOW_COMMENT|u.SHOW_TEXT,null,!1)},ft=function(e){return!(e instanceof Y||e instanceof X)&&!("string"==typeof e.nodeName&&"string"==typeof e.textContent&&"function"==typeof e.removeChild&&e.attributes instanceof x&&"function"==typeof e.removeAttribute&&"function"==typeof e.setAttribute&&"string"==typeof e.namespaceURI&&"function"==typeof e.insertBefore)},mt=function(e){return"object"===(void 0===c?"undefined":G(c))?e instanceof c:e&&"object"===(void 0===e?"undefined":G(e))&&"number"==typeof e.nodeType&&"string"==typeof e.nodeName},dt=function(e,t,r){de[e]&&m(de[e],(function(e){e.call(n,t,r,Qe)}))},pt=function(e){var t=void 0;if(dt("beforeSanitizeElements",e,null),ft(e))return lt(e),!0;if(h(e.nodeName,/[\u0080-\uFFFF]/))return lt(e),!0;var r=g(e.nodeName);if(dt("uponSanitizeElement",e,{tagName:r,allowedTags:Ae}),!mt(e.firstElementChild)&&(!mt(e.content)||!mt(e.content.firstElementChild))&&T(/<[/\w]/g,e.innerHTML)&&T(/<[/\w]/g,e.textContent))return lt(e),!0;if("select"===r&&T(/<template/i,e.innerHTML))return lt(e),!0;if(!Ae[r]||Ne[r]){if(Ue&&!Pe[r]){var o=ne(e)||e.parentNode,i=te(e)||e.childNodes;if(i&&o)for(var a=i.length-1;a>=0;--a)o.insertBefore(Q(i[a],!0),ee(e))}return lt(e),!0}return e instanceof s&&!at(e)?(lt(e),!0):"noscript"!==r&&"noembed"!==r||!T(/<\/no(script|embed)/i,e.innerHTML)?(Re&&3===e.nodeType&&(t=e.textContent,t=y(t,pe," "),t=y(t,ge," "),e.textContent!==t&&(p(n.removed,{element:e.cloneNode()}),e.textContent=t)),dt("afterSanitizeElements",e,null),!1):(lt(e),!0)},gt=function(e,t,n){if(He&&("id"===t||"name"===t)&&(n in o||n in et))return!1;if(De&&!ke[t]&&T(he,t));else if(Ee&&T(ye,t));else{if(!Se[t]||ke[t])return!1;if(Ke[t]);else if(T(Te,y(n,be,"")));else if("src"!==t&&"xlink:href"!==t&&"href"!==t||"script"===e||0!==v(n,"data:")||!Ge[e]){if(Oe&&!T(ve,y(n,be,"")));else if(n)return!1}else;}return!0},ht=function(e){var t=void 0,r=void 0,o=void 0,i=void 0;dt("beforeSanitizeAttributes",e,null);var a=e.attributes;if(a){var l={attrName:"",attrValue:"",keepAttr:!0,allowedAttributes:Se};for(i=a.length;i--;){var c=t=a[i],s=c.name,u=c.namespaceURI;if(r=b(t.value),o=g(s),l.attrName=o,l.attrValue=r,l.keepAttr=!0,l.forceKeepAttr=void 0,dt("uponSanitizeAttribute",e,l),r=l.attrValue,!l.forceKeepAttr&&(ct(s,e),l.keepAttr))if(T(/\/>/i,r))ct(s,e);else{Re&&(r=y(r,pe," "),r=y(r,ge," "));var f=e.nodeName.toLowerCase();if(gt(f,o,r))try{u?e.setAttributeNS(u,s,r):e.setAttribute(s,r),d(n.removed)}catch(e){}}}dt("afterSanitizeAttributes",e,null)}},yt=function e(t){var n=void 0,r=ut(t);for(dt("beforeSanitizeShadowDOM",t,null);n=r.nextNode();)dt("uponSanitizeShadowNode",n,null),pt(n)||(n.content instanceof a&&e(n.content),ht(n));dt("afterSanitizeShadowDOM",t,null)};return n.sanitize=function(e,o){var i=void 0,l=void 0,s=void 0,u=void 0,f=void 0;if((Je=!e)&&(e="\x3c!--\x3e"),"string"!=typeof e&&!mt(e)){if("function"!=typeof e.toString)throw A("toString is not a function");if("string"!=typeof(e=e.toString()))throw A("dirty is not a string, aborting")}if(!n.isSupported){if("object"===G(t.toStaticHTML)||"function"==typeof t.toStaticHTML){if("string"==typeof e)return t.toStaticHTML(e);if(mt(e))return t.toStaticHTML(e.outerHTML)}return e}if(Me||tt(o),n.removed=[],"string"==typeof e&&(je=!1),je);else if(e instanceof c)1===(l=(i=st("\x3c!----\x3e")).ownerDocument.importNode(e,!0)).nodeType&&"BODY"===l.nodeName||"HTML"===l.nodeName?i=l:i.appendChild(l);else{if(!Fe&&!Re&&!_e&&-1===e.indexOf("<"))return oe&&ze?oe.createHTML(e):e;if(!(i=st(e)))return Fe?null:ie}i&&Le&&lt(i.firstChild);for(var m=ut(je?e:i);s=m.nextNode();)3===s.nodeType&&s===u||pt(s)||(s.content instanceof a&&yt(s.content),ht(s),u=s);if(u=null,je)return e;if(Fe){if(Ie)for(f=se.call(i.ownerDocument);i.firstChild;)f.appendChild(i.firstChild);else f=i;return Ce&&(f=fe.call(r,f,!0)),f}var d=_e?i.outerHTML:i.innerHTML;return Re&&(d=y(d,pe," "),d=y(d,ge," ")),oe&&ze?oe.createHTML(d):d},n.setConfig=function(e){tt(e),Me=!0},n.clearConfig=function(){Qe=null,Me=!1},n.isValidAttribute=function(e,t,n){Qe||tt({});var r=g(e),o=g(t);return gt(r,o,n)},n.addHook=function(e,t){"function"==typeof t&&(de[e]=de[e]||[],p(de[e],t))},n.removeHook=function(e){de[e]&&d(de[e])},n.removeHooks=function(e){de[e]&&(de[e]=[])},n.removeAllHooks=function(){de={}},n}()}));
+//# sourceMappingURL=purify.min.js.map
+
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["agent"] = function(__obj) {
+window.zammadChatTemplates["agent"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
@@ -59,170 +63,6 @@ window.zammadChatTemplates["agent"] = function(__obj) {
   return __out.join('');
 };
 
-if (!window.zammadChatTemplates) {
-  window.zammadChatTemplates = {};
-}
-window.zammadChatTemplates["chat"] = function(__obj) {
-  if (!__obj) __obj = {};
-  var __out = [], __capture = function(callback) {
-    var out = __out, result;
-    __out = [];
-    callback.call(this);
-    result = __out.join('');
-    __out = out;
-    return __safe(result);
-  }, __sanitize = function(value) {
-    if (value && value.ecoSafe) {
-      return value;
-    } else if (typeof value !== 'undefined' && value != null) {
-      return __escape(value);
-    } else {
-      return '';
-    }
-  }, __safe, __objSafe = __obj.safe, __escape = __obj.escape;
-  __safe = __obj.safe = function(value) {
-    if (value && value.ecoSafe) {
-      return value;
-    } else {
-      if (!(typeof value !== 'undefined' && value != null)) value = '';
-      var result = new String(value);
-      result.ecoSafe = true;
-      return result;
-    }
-  };
-  if (!__escape) {
-    __escape = __obj.escape = function(value) {
-      return ('' + value)
-        .replace(/&/g, '&amp;')
-        .replace(/</g, '&lt;')
-        .replace(/>/g, '&gt;')
-        .replace(/"/g, '&quot;');
-    };
-  }
-  (function() {
-    (function() {
-      __out.push('<div class="zammad-chat');
-    
-      if (this.flat) {
-        __out.push(__sanitize(' zammad-chat--flat'));
-      }
-    
-      __out.push('"');
-    
-      if (this.fontSize) {
-        __out.push(__sanitize(" style='font-size: " + this.fontSize + "'"));
-      }
-    
-      __out.push('>\n  <div class="zammad-chat-header js-chat-open"');
-    
-      if (this.background) {
-        __out.push(__sanitize(" style='background: " + this.background + "'"));
-      }
-    
-      __out.push('>\n    <div class="zammad-chat-header-controls js-chat-toggle">\n      <span class="zammad-chat-agent-status zammad-chat-is-hidden js-chat-status" data-status="online"></span>\n      <span class="zammad-chat-header-icon">\n        <svg class="zammad-chat-header-icon-open" width="13" height="7" viewBox="0 0 13 7"><path d="M10.807 7l1.4-1.428-5-4.9L6.5-.02l-.7.7-4.9 4.9 1.414 1.413L6.5 2.886 10.807 7z" fill-rule="evenodd"/></svg>\n        <svg class="zammad-chat-header-icon-close" width="13" height="13" viewBox="0 0 13 13"><path d="m2.241.12l-2.121 2.121 4.243 4.243-4.243 4.243 2.121 2.121 4.243-4.243 4.243 4.243 2.121-2.121-4.243-4.243 4.243-4.243-2.121-2.121-4.243 4.243-4.243-4.243" fill-rule="evenodd"/></svg>\n      </span>\n    </div>\n    <div class="zammad-chat-agent zammad-chat-is-hidden">\n    </div>\n    <div class="zammad-chat-welcome">\n      <svg class="zammad-chat-icon" viewBox="0 0 24 24" width="24" height="24"><path d="M2 5C2 4 3 3 4 3h16c1 0 2 1 2 2v10C22 16 21 17 20 17H4C3 17 2 16 2 15V5zM12 17l6 4v-4h-6z"/></svg>\n      <span class="zammad-chat-welcome-text">');
-    
-      __out.push(this.T(this.title));
-    
-      __out.push('</span>\n    </div>\n  </div>\n  <div class="zammad-chat-modal"></div>\n  <div class="zammad-scroll-hint is-hidden">\n    <svg class="zammad-scroll-hint-icon" width="20" height="18" viewBox="0 0 20 18"><path d="M0,2.00585866 C0,0.898053512 0.898212381,0 1.99079514,0 L18.0092049,0 C19.1086907,0 20,0.897060126 20,2.00585866 L20,11.9941413 C20,13.1019465 19.1017876,14 18.0092049,14 L1.99079514,14 C0.891309342,14 0,13.1029399 0,11.9941413 L0,2.00585866 Z M10,14 L16,18 L16,14 L10,14 Z" fill-rule="evenodd"/></svg>\n    ');
-    
-      __out.push(this.T(this.scrollHint));
-    
-      __out.push('\n  </div>\n  <div class="zammad-chat-body"></div>\n  <form class="zammad-chat-controls">\n    <div class="zammad-chat-input" rows="1" placeholder="');
-    
-      __out.push(this.T('Compose your message...'));
-    
-      __out.push('" contenteditable="true"></div>\n    <button type="submit" class="zammad-chat-button zammad-chat-send"');
-    
-      if (this.background) {
-        __out.push(__sanitize(" style='background: " + this.background + "'"));
-      }
-    
-      __out.push('>');
-    
-      __out.push(this.T('Send'));
-    
-      __out.push('</button>\n  </form>\n</div>');
-    
-    }).call(this);
-    
-  }).call(__obj);
-  __obj.safe = __objSafe, __obj.escape = __escape;
-  return __out.join('');
-};
-
-if (!window.zammadChatTemplates) {
-  window.zammadChatTemplates = {};
-}
-window.zammadChatTemplates["customer_timeout"] = function(__obj) {
-  if (!__obj) __obj = {};
-  var __out = [], __capture = function(callback) {
-    var out = __out, result;
-    __out = [];
-    callback.call(this);
-    result = __out.join('');
-    __out = out;
-    return __safe(result);
-  }, __sanitize = function(value) {
-    if (value && value.ecoSafe) {
-      return value;
-    } else if (typeof value !== 'undefined' && value != null) {
-      return __escape(value);
-    } else {
-      return '';
-    }
-  }, __safe, __objSafe = __obj.safe, __escape = __obj.escape;
-  __safe = __obj.safe = function(value) {
-    if (value && value.ecoSafe) {
-      return value;
-    } else {
-      if (!(typeof value !== 'undefined' && value != null)) value = '';
-      var result = new String(value);
-      result.ecoSafe = true;
-      return result;
-    }
-  };
-  if (!__escape) {
-    __escape = __obj.escape = function(value) {
-      return ('' + value)
-        .replace(/&/g, '&amp;')
-        .replace(/</g, '&lt;')
-        .replace(/>/g, '&gt;')
-        .replace(/"/g, '&quot;');
-    };
-  }
-  (function() {
-    (function() {
-      __out.push('<div class="zammad-chat-modal-text">\n  ');
-    
-      if (this.agent) {
-        __out.push('\n    ');
-        __out.push(this.T('Since you didn\'t respond in the last %s minutes your conversation with <strong>%s</strong> got closed.', this.delay, this.agent));
-        __out.push('\n  ');
-      } else {
-        __out.push('\n    ');
-        __out.push(this.T('Since you didn\'t respond in the last %s minutes your conversation got closed.', this.delay));
-        __out.push('\n  ');
-      }
-    
-      __out.push('\n  <br>\n  <div class="zammad-chat-button js-restart"');
-    
-      if (this.background) {
-        __out.push(__sanitize(" style='background: " + this.background + "'"));
-      }
-    
-      __out.push('>');
-    
-      __out.push(this.T('Start new conversation'));
-    
-      __out.push('</div>\n</div>');
-    
-    }).call(this);
-    
-  }).call(__obj);
-  __obj.safe = __objSafe, __obj.escape = __escape;
-  return __out.join('');
-};
-
 var bind = function(fn, me){ return function(){ return fn.apply(me, arguments); }; },
   slice = [].slice,
   extend = function(child, parent) { for (var key in parent) { if (hasProp.call(parent, key)) child[key] = parent[key]; } function ctor() { this.constructor = child; } ctor.prototype = parent.prototype; child.prototype = new ctor(); child.__super__ = parent.prototype; return child; },
@@ -1083,7 +923,7 @@ var bind = function(fn, me){ return function(){ return fn.apply(me, arguments);
       })(this));
       this.input.on('paste', (function(_this) {
         return function(e) {
-          var clipboardData, docType, html, htmlTmp, imageFile, imageInserted, item, match, reader, regex, replacementTag, text;
+          var clipboardData, docType, html, htmlTmp, imageFile, imageInserted, item, match, reader, regex, replacementTag, sanitized, text;
           e.stopPropagation();
           e.preventDefault();
           clipboardData;
@@ -1150,7 +990,9 @@ var bind = function(fn, me){ return function(){ return fn.apply(me, arguments);
           }
           console.log('p', docType, text);
           if (docType === 'html') {
-            html = $("<div>" + text + "</div>");
+            sanitized = DOMPurify.sanitize(text);
+            _this.log.debug('sanitized HTML clipboard', sanitized);
+            html = $("<div>" + sanitized + "</div>");
             match = false;
             htmlTmp = text;
             regex = new RegExp('<(/w|w)\:[A-Za-z]');
@@ -2269,7 +2111,171 @@ var bind = function(fn, me){ return function(){ return fn.apply(me, arguments);
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["loader"] = function(__obj) {
+window.zammadChatTemplates["chat"] = function (__obj) {
+  if (!__obj) __obj = {};
+  var __out = [], __capture = function(callback) {
+    var out = __out, result;
+    __out = [];
+    callback.call(this);
+    result = __out.join('');
+    __out = out;
+    return __safe(result);
+  }, __sanitize = function(value) {
+    if (value && value.ecoSafe) {
+      return value;
+    } else if (typeof value !== 'undefined' && value != null) {
+      return __escape(value);
+    } else {
+      return '';
+    }
+  }, __safe, __objSafe = __obj.safe, __escape = __obj.escape;
+  __safe = __obj.safe = function(value) {
+    if (value && value.ecoSafe) {
+      return value;
+    } else {
+      if (!(typeof value !== 'undefined' && value != null)) value = '';
+      var result = new String(value);
+      result.ecoSafe = true;
+      return result;
+    }
+  };
+  if (!__escape) {
+    __escape = __obj.escape = function(value) {
+      return ('' + value)
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;');
+    };
+  }
+  (function() {
+    (function() {
+      __out.push('<div class="zammad-chat');
+    
+      if (this.flat) {
+        __out.push(__sanitize(' zammad-chat--flat'));
+      }
+    
+      __out.push('"');
+    
+      if (this.fontSize) {
+        __out.push(__sanitize(" style='font-size: " + this.fontSize + "'"));
+      }
+    
+      __out.push('>\n  <div class="zammad-chat-header js-chat-open"');
+    
+      if (this.background) {
+        __out.push(__sanitize(" style='background: " + this.background + "'"));
+      }
+    
+      __out.push('>\n    <div class="zammad-chat-header-controls js-chat-toggle">\n      <span class="zammad-chat-agent-status zammad-chat-is-hidden js-chat-status" data-status="online"></span>\n      <span class="zammad-chat-header-icon">\n        <svg class="zammad-chat-header-icon-open" width="13" height="7" viewBox="0 0 13 7"><path d="M10.807 7l1.4-1.428-5-4.9L6.5-.02l-.7.7-4.9 4.9 1.414 1.413L6.5 2.886 10.807 7z" fill-rule="evenodd"/></svg>\n        <svg class="zammad-chat-header-icon-close" width="13" height="13" viewBox="0 0 13 13"><path d="m2.241.12l-2.121 2.121 4.243 4.243-4.243 4.243 2.121 2.121 4.243-4.243 4.243 4.243 2.121-2.121-4.243-4.243 4.243-4.243-2.121-2.121-4.243 4.243-4.243-4.243" fill-rule="evenodd"/></svg>\n      </span>\n    </div>\n    <div class="zammad-chat-agent zammad-chat-is-hidden">\n    </div>\n    <div class="zammad-chat-welcome">\n      <svg class="zammad-chat-icon" viewBox="0 0 24 24" width="24" height="24"><path d="M2 5C2 4 3 3 4 3h16c1 0 2 1 2 2v10C22 16 21 17 20 17H4C3 17 2 16 2 15V5zM12 17l6 4v-4h-6z"/></svg>\n      <span class="zammad-chat-welcome-text">');
+    
+      __out.push(this.T(this.title));
+    
+      __out.push('</span>\n    </div>\n  </div>\n  <div class="zammad-chat-modal"></div>\n  <div class="zammad-scroll-hint is-hidden">\n    <svg class="zammad-scroll-hint-icon" width="20" height="18" viewBox="0 0 20 18"><path d="M0,2.00585866 C0,0.898053512 0.898212381,0 1.99079514,0 L18.0092049,0 C19.1086907,0 20,0.897060126 20,2.00585866 L20,11.9941413 C20,13.1019465 19.1017876,14 18.0092049,14 L1.99079514,14 C0.891309342,14 0,13.1029399 0,11.9941413 L0,2.00585866 Z M10,14 L16,18 L16,14 L10,14 Z" fill-rule="evenodd"/></svg>\n    ');
+    
+      __out.push(this.T(this.scrollHint));
+    
+      __out.push('\n  </div>\n  <div class="zammad-chat-body"></div>\n  <form class="zammad-chat-controls">\n    <div class="zammad-chat-input" rows="1" placeholder="');
+    
+      __out.push(this.T('Compose your message...'));
+    
+      __out.push('" contenteditable="true"></div>\n    <button type="submit" class="zammad-chat-button zammad-chat-send"');
+    
+      if (this.background) {
+        __out.push(__sanitize(" style='background: " + this.background + "'"));
+      }
+    
+      __out.push('>');
+    
+      __out.push(this.T('Send'));
+    
+      __out.push('</button>\n  </form>\n</div>');
+    
+    }).call(this);
+    
+  }).call(__obj);
+  __obj.safe = __objSafe, __obj.escape = __escape;
+  return __out.join('');
+};
+
+if (!window.zammadChatTemplates) {
+  window.zammadChatTemplates = {};
+}
+window.zammadChatTemplates["customer_timeout"] = function (__obj) {
+  if (!__obj) __obj = {};
+  var __out = [], __capture = function(callback) {
+    var out = __out, result;
+    __out = [];
+    callback.call(this);
+    result = __out.join('');
+    __out = out;
+    return __safe(result);
+  }, __sanitize = function(value) {
+    if (value && value.ecoSafe) {
+      return value;
+    } else if (typeof value !== 'undefined' && value != null) {
+      return __escape(value);
+    } else {
+      return '';
+    }
+  }, __safe, __objSafe = __obj.safe, __escape = __obj.escape;
+  __safe = __obj.safe = function(value) {
+    if (value && value.ecoSafe) {
+      return value;
+    } else {
+      if (!(typeof value !== 'undefined' && value != null)) value = '';
+      var result = new String(value);
+      result.ecoSafe = true;
+      return result;
+    }
+  };
+  if (!__escape) {
+    __escape = __obj.escape = function(value) {
+      return ('' + value)
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;');
+    };
+  }
+  (function() {
+    (function() {
+      __out.push('<div class="zammad-chat-modal-text">\n  ');
+    
+      if (this.agent) {
+        __out.push('\n    ');
+        __out.push(this.T('Since you didn\'t respond in the last %s minutes your conversation with <strong>%s</strong> got closed.', this.delay, this.agent));
+        __out.push('\n  ');
+      } else {
+        __out.push('\n    ');
+        __out.push(this.T('Since you didn\'t respond in the last %s minutes your conversation got closed.', this.delay));
+        __out.push('\n  ');
+      }
+    
+      __out.push('\n  <br>\n  <div class="zammad-chat-button js-restart"');
+    
+      if (this.background) {
+        __out.push(__sanitize(" style='background: " + this.background + "'"));
+      }
+    
+      __out.push('>');
+    
+      __out.push(this.T('Start new conversation'));
+    
+      __out.push('</div>\n</div>');
+    
+    }).call(this);
+    
+  }).call(__obj);
+  __obj.safe = __objSafe, __obj.escape = __escape;
+  return __out.join('');
+};
+
+if (!window.zammadChatTemplates) {
+  window.zammadChatTemplates = {};
+}
+window.zammadChatTemplates["loader"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
@@ -2324,7 +2330,7 @@ window.zammadChatTemplates["loader"] = function(__obj) {
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["message"] = function(__obj) {
+window.zammadChatTemplates["message"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
@@ -2391,7 +2397,7 @@ window.zammadChatTemplates["message"] = function(__obj) {
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["status"] = function(__obj) {
+window.zammadChatTemplates["status"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
@@ -2446,7 +2452,7 @@ window.zammadChatTemplates["status"] = function(__obj) {
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["timestamp"] = function(__obj) {
+window.zammadChatTemplates["timestamp"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
@@ -2505,7 +2511,7 @@ window.zammadChatTemplates["timestamp"] = function(__obj) {
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["typingIndicator"] = function(__obj) {
+window.zammadChatTemplates["typingIndicator"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
@@ -2556,7 +2562,7 @@ window.zammadChatTemplates["typingIndicator"] = function(__obj) {
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["waiting"] = function(__obj) {
+window.zammadChatTemplates["waiting"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
@@ -2615,7 +2621,7 @@ window.zammadChatTemplates["waiting"] = function(__obj) {
 if (!window.zammadChatTemplates) {
   window.zammadChatTemplates = {};
 }
-window.zammadChatTemplates["waiting_list_timeout"] = function(__obj) {
+window.zammadChatTemplates["waiting_list_timeout"] = function (__obj) {
   if (!__obj) __obj = {};
   var __out = [], __capture = function(callback) {
     var out = __out, result;
diff --git a/public/assets/chat/chat.min.js b/public/assets/chat/chat.min.js
index 9e140328a..d1f6fe65f 100644
--- a/public/assets/chat/chat.min.js
+++ b/public/assets/chat/chat.min.js
@@ -1 +1 @@
-window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.agent=function(t){function e(t){return t&&t.ecoSafe?t:void 0!==t&&null!=t?o(t):""}var s=[],n=(t=t||{}).safe,o=t.escape,o=(t.safe=function(t){if(t&&t.ecoSafe)return t;void 0!==t&&null!=t||(t="");t=new String(t);return t.ecoSafe=!0,t},o||(t.escape=function(t){return(""+t).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){this.agent.avatar&&(s.push('\n<img class="zammad-chat-agent-avatar" src="'),s.push(e(this.agent.avatar)),s.push('">\n')),s.push('\n<span class="zammad-chat-agent-sentence">\n  <span class="zammad-chat-agent-name">'),s.push(e(this.agent.name)),s.push("</span>\n</span>")}.call(this)}.call(t),t.safe=n,t.escape=o,s.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.chat=function(t){function e(t){return t&&t.ecoSafe?t:void 0!==t&&null!=t?o(t):""}var s=[],n=(t=t||{}).safe,o=t.escape,o=(t.safe=function(t){if(t&&t.ecoSafe)return t;void 0!==t&&null!=t||(t="");t=new String(t);return t.ecoSafe=!0,t},o||(t.escape=function(t){return(""+t).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){s.push('<div class="zammad-chat'),this.flat&&s.push(e(" zammad-chat--flat")),s.push('"'),this.fontSize&&s.push(e(" style='font-size: "+this.fontSize+"'")),s.push('>\n  <div class="zammad-chat-header js-chat-open"'),this.background&&s.push(e(" style='background: "+this.background+"'")),s.push('>\n    <div class="zammad-chat-header-controls js-chat-toggle">\n      <span class="zammad-chat-agent-status zammad-chat-is-hidden js-chat-status" data-status="online"></span>\n      <span class="zammad-chat-header-icon">\n        <svg class="zammad-chat-header-icon-open" width="13" height="7" viewBox="0 0 13 7"><path d="M10.807 7l1.4-1.428-5-4.9L6.5-.02l-.7.7-4.9 4.9 1.414 1.413L6.5 2.886 10.807 7z" fill-rule="evenodd"/></svg>\n        <svg class="zammad-chat-header-icon-close" width="13" height="13" viewBox="0 0 13 13"><path d="m2.241.12l-2.121 2.121 4.243 4.243-4.243 4.243 2.121 2.121 4.243-4.243 4.243 4.243 2.121-2.121-4.243-4.243 4.243-4.243-2.121-2.121-4.243 4.243-4.243-4.243" fill-rule="evenodd"/></svg>\n      </span>\n    </div>\n    <div class="zammad-chat-agent zammad-chat-is-hidden">\n    </div>\n    <div class="zammad-chat-welcome">\n      <svg class="zammad-chat-icon" viewBox="0 0 24 24" width="24" height="24"><path d="M2 5C2 4 3 3 4 3h16c1 0 2 1 2 2v10C22 16 21 17 20 17H4C3 17 2 16 2 15V5zM12 17l6 4v-4h-6z"/></svg>\n      <span class="zammad-chat-welcome-text">'),s.push(this.T(this.title)),s.push('</span>\n    </div>\n  </div>\n  <div class="zammad-chat-modal"></div>\n  <div class="zammad-scroll-hint is-hidden">\n    <svg class="zammad-scroll-hint-icon" width="20" height="18" viewBox="0 0 20 18"><path d="M0,2.00585866 C0,0.898053512 0.898212381,0 1.99079514,0 L18.0092049,0 C19.1086907,0 20,0.897060126 20,2.00585866 L20,11.9941413 C20,13.1019465 19.1017876,14 18.0092049,14 L1.99079514,14 C0.891309342,14 0,13.1029399 0,11.9941413 L0,2.00585866 Z M10,14 L16,18 L16,14 L10,14 Z" fill-rule="evenodd"/></svg>\n    '),s.push(this.T(this.scrollHint)),s.push('\n  </div>\n  <div class="zammad-chat-body"></div>\n  <form class="zammad-chat-controls">\n    <div class="zammad-chat-input" rows="1" placeholder="'),s.push(this.T("Compose your message...")),s.push('" contenteditable="true"></div>\n    <button type="submit" class="zammad-chat-button zammad-chat-send"'),this.background&&s.push(e(" style='background: "+this.background+"'")),s.push(">"),s.push(this.T("Send")),s.push("</button>\n  </form>\n</div>")}.call(this)}.call(t),t.safe=n,t.escape=o,s.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.customer_timeout=function(t){var e=[],s=(t=t||{}).safe,n=t.escape,n=(t.safe=function(t){if(t&&t.ecoSafe)return t;void 0!==t&&null!=t||(t="");t=new String(t);return t.ecoSafe=!0,t},n||(t.escape=function(t){return(""+t).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){var t;e.push('<div class="zammad-chat-modal-text">\n  '),this.agent?(e.push("\n    "),e.push(this.T("Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.",this.delay,this.agent))):(e.push("\n    "),e.push(this.T("Since you didn't respond in the last %s minutes your conversation got closed.",this.delay))),e.push("\n  "),e.push('\n  <br>\n  <div class="zammad-chat-button js-restart"'),this.background&&e.push((t=" style='background: "+this.background+"'")&&t.ecoSafe?t:void 0!==t&&null!=t?n(t):""),e.push(">"),e.push(this.T("Start new conversation")),e.push("</div>\n</div>")}.call(this)}.call(t),t.safe=s,t.escape=n,e.join("")};var bind=function(t,e){return function(){return t.apply(e,arguments)}},slice=[].slice,extend=function(t,e){for(var s in e)hasProp.call(e,s)&&(t[s]=e[s]);function n(){this.constructor=t}return n.prototype=e.prototype,t.prototype=new n,t.__super__=e.prototype,t},hasProp={}.hasOwnProperty;!function(p,m){var e,s,n,o,i,t;function a(t){this.options=p.extend({},this.defaults,t),this.log=new s({debug:this.options.debug,logPrefix:this.options.logPrefix||this.logPrefix})}function r(t){this.log=bind(this.log,this),this.error=bind(this.error,this),this.notice=bind(this.notice,this),this.debug=bind(this.debug,this),this.options=p.extend({},this.defaults,t)}function l(t){this.stop=bind(this.stop,this),this.start=bind(this.start,this),l.__super__.constructor.call(this,t)}function d(t){this.ping=bind(this.ping,this),this.send=bind(this.send,this),this.reconnect=bind(this.reconnect,this),this.close=bind(this.close,this),this.connect=bind(this.connect,this),this.set=bind(this.set,this),d.__super__.constructor.call(this,t)}function c(t){return this.removeAttributes=bind(this.removeAttributes,this),this.startTimeoutObservers=bind(this.startTimeoutObservers,this),this.onCssLoaded=bind(this.onCssLoaded,this),this.setAgentOnlineState=bind(this.setAgentOnlineState,this),this.onConnectionEstablished=bind(this.onConnectionEstablished,this),this.setSessionId=bind(this.setSessionId,this),this.onConnectionReestablished=bind(this.onConnectionReestablished,this),this.reconnect=bind(this.reconnect,this),this.destroy=bind(this.destroy,this),this.onScrollHintClick=bind(this.onScrollHintClick,this),this.detectScrolledtoBottom=bind(this.detectScrolledtoBottom,this),this.onLeaveTemporary=bind(this.onLeaveTemporary,this),this.onAgentTypingEnd=bind(this.onAgentTypingEnd,this),this.onAgentTypingStart=bind(this.onAgentTypingStart,this),this.onQueue=bind(this.onQueue,this),this.onQueueScreen=bind(this.onQueueScreen,this),this.onWebSocketClose=bind(this.onWebSocketClose,this),this.onCloseAnimationEnd=bind(this.onCloseAnimationEnd,this),this.close=bind(this.close,this),this.toggle=bind(this.toggle,this),this.sessionClose=bind(this.sessionClose,this),this.onOpenAnimationEnd=bind(this.onOpenAnimationEnd,this),this.open=bind(this.open,this),this.renderMessage=bind(this.renderMessage,this),this.receiveMessage=bind(this.receiveMessage,this),this.onSubmit=bind(this.onSubmit,this),this.onFocus=bind(this.onFocus,this),this.onInput=bind(this.onInput,this),this.onReopenSession=bind(this.onReopenSession,this),this.onError=bind(this.onError,this),this.onWebSocketMessage=bind(this.onWebSocketMessage,this),this.send=bind(this.send,this),this.checkForEnter=bind(this.checkForEnter,this),this.render=bind(this.render,this),this.view=bind(this.view,this),this.T=bind(this.T,this),this.options=p.extend({},this.defaults,t),c.__super__.constructor.call(this,this.options),this.isFullscreen=m.matchMedia&&m.matchMedia("(max-width: 768px)").matches,this.scrollRoot=p(this.getScrollRoot()),p?m.WebSocket&&sessionStorage?this.options.chatId?(this.options.lang||(this.options.lang=p("html").attr("lang")),this.options.lang&&(this.translations[this.options.lang]||(this.log.debug("lang: No "+this.options.lang+" found, try first two letters"),this.options.lang=this.options.lang.replace(/-.+?$/,"")),this.log.debug("lang: "+this.options.lang)),this.options.host||this.detectHost(),this.loadCss(),this.io=new e(this.options),this.io.set({onOpen:this.render,onClose:this.onWebSocketClose,onMessage:this.onWebSocketMessage,onError:this.onError}),void this.io.connect()):(this.state="unsupported",void this.log.error("Chat: need chatId as option!")):(this.state="unsupported",void this.log.notice("Chat: Browser not supported!")):(this.state="unsupported",void this.log.notice("Chat: no jquery found!"))}t=(t=document.getElementsByTagName("script"))[t.length-1],i=m.location.protocol.replace(":",""),t&&t.src&&(o=t.src.match(".*://([^:/]*).*")[1],i=t.src.match("(.*)://[^:/]*.*")[1]),a.prototype.defaults={debug:!1},t=a,r.prototype.defaults={debug:!1},r.prototype.debug=function(){var t=1<=arguments.length?slice.call(arguments,0):[];if(this.options.debug)return this.log("debug",t)},r.prototype.notice=function(){var t=1<=arguments.length?slice.call(arguments,0):[];return this.log("notice",t)},r.prototype.error=function(){var t=1<=arguments.length?slice.call(arguments,0):[];return this.log("error",t)},r.prototype.log=function(t,e){var s,n,o,i;if(e.unshift("||"),e.unshift(t),e.unshift(this.options.logPrefix),console.log.apply(console,e),this.options.debug){for(i="",n=0,o=e.length;n<o;n++)i+=" ","object"==typeof(s=e[n])?i+=JSON.stringify(s):s&&s.toString?i+=s.toString():i+=s;return p(".js-chatLogDisplay").prepend("<div>"+i+"</div>")}},s=r,extend(l,t),l.prototype.timeoutStartedAt=null,l.prototype.logPrefix="timeout",l.prototype.defaults={debug:!1,timeout:4,timeoutIntervallCheck:.5},l.prototype.start=function(){var t,e,s;return this.stop(),e=new Date,t=function(){var t=new Date-new Date(e.getTime()+1e3*s.options.timeout*60);if(s.log.debug("Timeout check for "+s.options.timeout+" minutes (left "+t/1e3+" sec.)"),!(t<0))return s.stop(),s.options.callback()},(s=this).log.debug("Start timeout in "+this.options.timeout+" minutes"),this.intervallId=setInterval(t,1e3*this.options.timeoutIntervallCheck*60)},l.prototype.stop=function(){if(this.intervallId)return this.log.debug("Stop timeout of "+this.options.timeout+" minutes"),clearInterval(this.intervallId)},n=l,extend(d,t),d.prototype.logPrefix="io",d.prototype.set=function(t){var e,s,n=[];for(e in t)s=t[e],n.push(this.options[e]=s);return n},d.prototype.connect=function(){var e,o,s,n;return this.log.debug("Connecting to "+this.options.host),this.ws=new m.WebSocket(""+this.options.host),this.ws.onopen=(e=this,function(t){return e.log.debug("onOpen",t),e.options.onOpen(t),e.ping()}),this.ws.onmessage=(o=this,function(t){var e,s,n=JSON.parse(t.data);for(o.log.debug("onMessage",t.data),e=0,s=n.length;e<s;e++)"pong"===n[e].event&&o.ping();if(o.options.onMessage)return o.options.onMessage(n)}),this.ws.onclose=(s=this,function(t){if(s.log.debug("close websocket connection",t),s.pingDelayId&&clearTimeout(s.pingDelayId),s.manualClose){if(s.log.debug("manual close, onClose callback"),s.manualClose=!1,s.options.onClose)return s.options.onClose(t)}else if(s.log.debug("error close, onError callback"),s.options.onError)return s.options.onError("Connection lost...")}),this.ws.onerror=(n=this,function(t){if(n.log.debug("onError",t),n.options.onError)return n.options.onError(t)})},d.prototype.close=function(){return this.log.debug("close websocket manually"),this.manualClose=!0,this.ws.close()},d.prototype.reconnect=function(){return this.log.debug("reconnect"),this.close(),this.connect()},d.prototype.send=function(t,e){return this.log.debug("send",t,e=null==e?{}:e),e=JSON.stringify({event:t,data:e}),this.ws.send(e)},d.prototype.ping=function(){var t;return(t=this).pingDelayId=setTimeout(function(){return t.send("ping")},29e3)},e=d,extend(c,t),c.prototype.defaults={chatId:void 0,show:!0,target:p("body"),host:"",debug:!1,flat:!1,lang:void 0,cssAutoload:!0,cssUrl:void 0,fontSize:void 0,buttonClass:"open-zammad-chat",inactiveClass:"is-inactive",title:"<strong>Chat</strong> with us!",scrollHint:"Scroll down to see new messages",idleTimeout:6,idleTimeoutIntervallCheck:.5,inactiveTimeout:8,inactiveTimeoutIntervallCheck:.5,waitingListTimeout:4,waitingListTimeoutIntervallCheck:.5,onReady:void 0,onCloseAnimationEnd:void 0,onError:void 0,onOpenAnimationEnd:void 0,onConnectionReestablished:void 0,onSessionClosed:void 0,onConnectionEstablished:void 0,onCssLoaded:void 0},c.prototype.logPrefix="chat",c.prototype._messageCount=0,c.prototype.isOpen=!1,c.prototype.blinkOnlineInterval=null,c.prototype.stopBlinOnlineStateTimeout=null,c.prototype.showTimeEveryXMinutes=2,c.prototype.lastTimestamp=null,c.prototype.lastAddedType=null,c.prototype.inputDisabled=!1,c.prototype.inputTimeout=null,c.prototype.isTyping=!1,c.prototype.state="offline",c.prototype.initialQueueDelay=1e4,c.prototype.translations={da:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> med os!","Scroll down to see new messages":"Scroll ned for at se nye beskeder",Online:"Online",Offline:"Offline",Connecting:"Forbinder","Connection re-established":"Forbindelse genoprettet",Today:"I dag",Send:"Send","Chat closed by %s":"Chat lukket af %s","Compose your message...":"Skriv en besked...","All colleagues are busy.":"Alle kollegaer er optaget.","You are on waiting list position <strong>%s</strong>.":"Du er i venteliste som nummer <strong>%s</strong>.","Start new conversation":"Start en ny samtale","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Da du ikke har svaret i de sidste %s minutter er din samtale med <strong>%s</strong> blevet lukket.","Since you didn't respond in the last %s minutes your conversation got closed.":"Da du ikke har svaret i de sidste %s minutter er din samtale blevet lukket.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi beklager, det tager længere end forventet at få en ledig plads. Prøv venligst igen senere eller send os en e-mail. På forhånd tak!"},de:{"<strong>Chat</strong> with us!":"<strong>Chatte</strong> mit uns!","Scroll down to see new messages":"Scrolle nach unten um neue Nachrichten zu sehen",Online:"Online",Offline:"Offline",Connecting:"Verbinden","Connection re-established":"Verbindung wiederhergestellt",Today:"Heute",Send:"Senden","Chat closed by %s":"Chat beendet von %s","Compose your message...":"Ihre Nachricht...","All colleagues are busy.":"Alle Kollegen sind belegt.","You are on waiting list position <strong>%s</strong>.":"Sie sind in der Warteliste an der Position <strong>%s</strong>.","Start new conversation":"Neue Konversation starten","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Da Sie in den letzten %s Minuten nichts geschrieben haben wurde Ihre Konversation mit <strong>%s</strong> geschlossen.","Since you didn't respond in the last %s minutes your conversation got closed.":"Da Sie in den letzten %s Minuten nichts geschrieben haben wurde Ihre Konversation geschlossen.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Es tut uns leid, es dauert länger als erwartet, um einen freien Platz zu erhalten. Bitte versuchen Sie es zu einem späteren Zeitpunkt noch einmal oder schicken Sie uns eine E-Mail. Vielen Dank!"},es:{"<strong>Chat</strong> with us!":"<strong>Chatee</strong> con nosotros!","Scroll down to see new messages":"Haga scroll hacia abajo para ver nuevos mensajes",Online:"En linea",Offline:"Desconectado",Connecting:"Conectando","Connection re-established":"Conexión restablecida",Today:"Hoy",Send:"Enviar","Chat closed by %s":"Chat cerrado por %s","Compose your message...":"Escriba su mensaje...","All colleagues are busy.":"Todos los agentes están ocupados.","You are on waiting list position <strong>%s</strong>.":"Usted está en la posición <strong>%s</strong> de la lista de espera.","Start new conversation":"Iniciar nueva conversación","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Puesto que usted no respondió en los últimos %s minutos su conversación con <strong>%s</strong> se ha cerrado.","Since you didn't respond in the last %s minutes your conversation got closed.":"Puesto que usted no respondió en los últimos %s minutos su conversación se ha cerrado.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Lo sentimos, se tarda más tiempo de lo esperado para ser atendido por un agente. Inténtelo de nuevo más tarde o envíenos un correo electrónico. ¡Gracias!"},fi:{"<strong>Chat</strong> with us!":"<strong>Keskustele</strong> kanssamme!","Scroll down to see new messages":"Rullaa alas nähdäksesi uudet viestit",Online:"Paikalla",Offline:"Poissa",Connecting:"Yhdistetään","Connection re-established":"Yhteys muodostettu uudelleen",Today:"Tänään",Send:"Lähetä","Chat closed by %s":"%s sulki keskustelun","Compose your message...":"Luo viestisi...","All colleagues are busy.":"Kaikki kollegat ovat varattuja.","You are on waiting list position <strong>%s</strong>.":"Olet odotuslistalla sijalla <strong>%s</strong>.","Start new conversation":"Aloita uusi keskustelu","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Koska et vastannut viimeiseen %s minuuttiin, keskustelusi <strong>%s</strong> kanssa suljettiin.","Since you didn't respond in the last %s minutes your conversation got closed.":"Koska et vastannut viimeiseen %s minuuttiin, keskustelusi suljettiin.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Olemme pahoillamme, tyhjän paikan vapautumisessa kestää odotettua pidempään. Ole hyvä ja yritä myöhemmin uudestaan tai lähetä meille sähköpostia. Kiitos!"},fr:{"<strong>Chat</strong> with us!":"<strong>Chattez</strong> avec nous!","Scroll down to see new messages":"Faites défiler pour lire les nouveaux messages",Online:"En-ligne",Offline:"Hors-ligne",Connecting:"Connexion en cours","Connection re-established":"Connexion rétablie",Today:"Aujourdhui",Send:"Envoyer","Chat closed by %s":"Chat fermé par %s","Compose your message...":"Composez votre message...","All colleagues are busy.":"Tous les collaborateurs sont occupés actuellement.","You are on waiting list position <strong>%s</strong>.":"Vous êtes actuellement en position <strong>%s</strong> dans la file d'attente.","Start new conversation":"Démarrer une nouvelle conversation","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Si vous ne répondez pas dans les <strong>%s</strong> minutes, votre conversation avec %s sera fermée.","Since you didn't respond in the last %s minutes your conversation got closed.":"Si vous ne répondez pas dans les %s minutes, votre conversation va être fermée.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Nous sommes désolés, il faut plus de temps que prévu pour obtenir un emplacement vide. Veuillez réessayer ultérieurement ou nous envoyer un courriel. Nous vous remercions!"},he:{"<strong>Chat</strong> with us!":"<strong>שוחח</strong>איתנו!","Scroll down to see new messages":"גלול מטה כדי לראות הודעות חדשות",Online:"מחובר",Offline:"מנותק",Connecting:"מתחבר","Connection re-established":"החיבור שוחזר",Today:"היום",Send:"שלח","Chat closed by %s":'הצאט נסגר ע"י %s',"Compose your message...":"כתוב את ההודעה שלך ...","All colleagues are busy.":"כל הנציגים תפוסים","You are on waiting list position <strong>%s</strong>.":"מיקומך בתור <strong>%s</strong>.","Start new conversation":"התחל שיחה חדשה","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"מכיוון שלא הגבת במהלך %s דקות השיחה שלך עם <strong>%s</strong> נסגרה.","Since you didn't respond in the last %s minutes your conversation got closed.":"מכיוון שלא הגבת במהלך %s הדקות האחרונות השיחה שלך נסגרה.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":'מצטערים, הזמן לקבלת נציג ארוך מהרגיל. נסה שוב מאוחר יותר או שלח לנו דוא"ל. תודה!'},hu:{"<strong>Chat</strong> with us!":"<strong>Chatelj</strong> velünk!","Scroll down to see new messages":"Görgess lejjebb az újabb üzenetekért",Online:"Online",Offline:"Offline",Connecting:"Csatlakozás","Connection re-established":"Újracsatlakozás",Today:"Ma",Send:"Küldés","Chat closed by %s":"A beszélgetést lezárta %s","Compose your message...":"Írj üzenetet...","All colleagues are busy.":"Jelenleg minden kollégánk elfoglalt.","You are on waiting list position <strong>%s</strong>.":"A várólistán a <strong>%s</strong>. pozícióban várakozol.","Start new conversation":"Új beszélgetés indítása","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Mivel %s perce nem érkezett újabb üzenet, ezért a <strong>%s</strong> kollégával folytatott beszéletést lezártuk.","Since you didn't respond in the last %s minutes your conversation got closed.":"Mivel %s perce nem érkezett válasz, a beszélgetés lezárult.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Sajnáljuk, de a várakozási idő hosszabb a szokásosnál. Kérlek próbáld újra, vagy írd meg kérdésed emailben. Köszönjük!"},nl:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> met ons!","Scroll down to see new messages":"Scrol naar beneden om nieuwe berichten te zien",Online:"Online",Offline:"Offline",Connecting:"Verbinden","Connection re-established":"Verbinding herstelt",Today:"Vandaag",Send:"Verzenden","Chat closed by %s":"Chat gesloten door %s","Compose your message...":"Typ uw bericht...","All colleagues are busy.":"Alle medewerkers zijn bezet.","You are on waiting list position <strong>%s</strong>.":"U bent <strong>%s</strong> in de wachtrij.","Start new conversation":"Nieuwe conversatie starten","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Omdat u in de laatste %s minuten niets geschreven heeft wordt de conversatie met <strong>%s</strong> gesloten.","Since you didn't respond in the last %s minutes your conversation got closed.":"Omdat u in de laatste %s minuten niets geschreven heeft is de conversatie gesloten.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Het spijt ons, het duurt langer dan verwacht om te antwoorden. Alstublieft probeer het later nogmaals of stuur ons een email. Hartelijk dank!"},it:{"<strong>Chat</strong> with us!":"<strong>Chatta</strong> con noi!","Scroll down to see new messages":"Scorri verso il basso per vedere i nuovi messaggi",Online:"Online",Offline:"Offline",Connecting:"Collegamento in corso","Connection re-established":"Collegamento ristabilito",Today:"Oggi",Send:"Invio","Chat closed by %s":"Chat chiusa da %s","Compose your message...":"Componi il tuo messaggio...","All colleagues are busy.":"Tutti gli operatori sono occupati.","You are on waiting list position <strong>%s</strong>.":"Sei in posizione <strong>%s</strong> nella lista d'attesa.","Start new conversation":"Avvia una nuova chat","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Dal momento che non hai risposto negli ultimi %s minuti la tua chat con <strong>%s</strong> è stata chiusa.","Since you didn't respond in the last %s minutes your conversation got closed.":"Dal momento che non hai risposto negli ultimi %s minuti la tua chat è stata chiusa.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Ci dispiace, ci vuole più tempo del previsto per arrivare al tuo turno. Per favore riprova più tardi o inviaci un'email. Grazie!"},pl:{"<strong>Chat</strong> with us!":"<strong>Czatuj</strong> z nami!","Scroll down to see new messages":"Przewiń w dół, aby wyświetlić nowe wiadomości",Online:"Online",Offline:"Offline",Connecting:"Łączenie","Connection re-established":"Ponowne nawiązanie połączenia",Today:"dzisiejszy",Send:"Wyślij","Chat closed by %s":"Czat zamknięty przez %s","Compose your message...":"Utwórz swoją wiadomość...","All colleagues are busy.":"Wszyscy konsultanci są zajęci.","You are on waiting list position <strong>%s</strong>.":"Na liście oczekujących znajduje się pozycja <strong>%s</strong>.","Start new conversation":"Rozpoczęcie nowej konwersacji","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Ponieważ w ciągu ostatnich %s minut nie odpowiedziałeś, Twoja rozmowa z <strong>%s</strong> została zamknięta.","Since you didn't respond in the last %s minutes your conversation got closed.":"Ponieważ nie odpowiedziałeś w ciągu ostatnich %s minut, Twoja rozmowa została zamknięta.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Przykro nam, ale to trwa dłużej niż się spodziewamy. Spróbuj ponownie później lub wyślij nam wiadomość e-mail. Dziękuję!"},"pt-br":{"<strong>Chat</strong> with us!":"<strong>Chat</strong> fale conosco!","Scroll down to see new messages":"Role para baixo, para ver nosvas mensagens",Online:"Online",Offline:"Desconectado",Connecting:"Conectando","Connection re-established":"Conexão restabelecida",Today:"Hoje",Send:"Enviar","Chat closed by %s":"Chat encerrado por %s","Compose your message...":"Escreva sua mensagem...","All colleagues are busy.":"Todos os agentes estão ocupados.","You are on waiting list position <strong>%s</strong>.":"Você está na posição <strong>%s</strong> na fila de espera.","Start new conversation":"Iniciar uma nova conversa","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Como você não respondeu nos últimos %s minutos sua conversa com <strong>%s</strong> foi encerrada.","Since you didn't respond in the last %s minutes your conversation got closed.":"Como você não respondeu nos últimos %s minutos sua conversa foi encerrada.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Desculpe, mas o tempo de espera por um agente foi excedido. Tente novamente mais tarde ou nós envie um email. Obrigado"},"zh-cn":{"<strong>Chat</strong> with us!":"发起<strong>即时对话</strong>!","Scroll down to see new messages":"向下滚动以查看新消息",Online:"在线",Offline:"离线",Connecting:"连接中","Connection re-established":"正在重新建立连接",Today:"今天",Send:"发送","Chat closed by %s":"Chat closed by %s","Compose your message...":"正在输入信息...","All colleagues are busy.":"所有工作人员都在忙碌中.","You are on waiting list position <strong>%s</strong>.":"您目前的等候位置是第 <strong>%s</strong> 位.","Start new conversation":"开始新的会话","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"由于您超过 %s 分钟没有回复, 您与 <strong>%s</strong> 的会话已被关闭.","Since you didn't respond in the last %s minutes your conversation got closed.":"由于您超过 %s 分钟没有任何回复, 该对话已被关闭.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"非常抱歉, 目前需要等候更长的时间才能接入对话, 请稍后重试或向我们发送电子邮件. 谢谢!"},"zh-tw":{"<strong>Chat</strong> with us!":"開始<strong>即時對话</strong>!","Scroll down to see new messages":"向下滑動以查看新訊息",Online:"線上",Offline:"离线",Connecting:"連線中","Connection re-established":"正在重新建立連線中",Today:"今天",Send:"發送","Chat closed by %s":"Chat closed by %s","Compose your message...":"正在輸入訊息...","All colleagues are busy.":"所有服務人員都在忙碌中.","You are on waiting list position <strong>%s</strong>.":"你目前的等候位置是第 <strong>%s</strong> 順位.","Start new conversation":"開始新的對話","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"由於你超過 %s 分鐘沒有回應, 你與 <strong>%s</strong> 的對話已被關閉.","Since you didn't respond in the last %s minutes your conversation got closed.":"由於你超過 %s 分鐘沒有任何回應, 該對話已被關閉.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"非常抱歉, 當前需要等候更長的時間方可排入對話程序, 請稍後重試或向我們寄送電子郵件. 謝謝!"},ru:{"<strong>Chat</strong> with us!":"Напишите нам!","Scroll down to see new messages":"Прокрутите, чтобы увидеть новые сообщения",Online:"Онлайн",Offline:"Оффлайн",Connecting:"Подключение","Connection re-established":"Подключение восстановлено",Today:"Сегодня",Send:"Отправить","Chat closed by %s":"%s закрыл чат","Compose your message...":"Напишите сообщение...","All colleagues are busy.":"Все сотрудники заняты","You are on waiting list position %s.":"Вы в списке ожидания под номером %s","Start new conversation":"Начать новую переписку.","Since you didn't respond in the last %s minutes your conversation with %s got closed.":"Поскольку вы не отвечали в течение последних %s минут, ваш разговор с %s был закрыт.","Since you didn't respond in the last %s minutes your conversation got closed.":"Поскольку вы не отвечали в течение последних %s минут, ваш разговор был закрыт.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"К сожалению, ожидание свободного места требует больше времени. Повторите попытку позже или отправьте нам электронное письмо. Спасибо!"},sv:{"<strong>Chat</strong> with us!":"<strong>Chatta</strong> med oss!","Scroll down to see new messages":"Rulla ner för att se nya meddelanden",Online:"Online",Offline:"Offline",Connecting:"Ansluter","Connection re-established":"Anslutningen återupprättas",Today:"I dag",Send:"Skicka","Chat closed by %s":"Chatt stängd av %s","Compose your message...":"Skriv ditt meddelande...","All colleagues are busy.":"Alla kollegor är upptagna.","You are on waiting list position <strong>%s</strong>.":"Du är på väntelistan som position <strong>%s</strong>.","Start new conversation":"Starta ny konversation","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Eftersom du inte svarat inom %s minuterna i din konversation med <strong>%s</strong> så stängdes chatten.","Since you didn't respond in the last %s minutes your conversation got closed.":"Då du inte svarat inom de senaste %s minuterna så avslutades din chatt.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi är ledsna, det tar längre tid som förväntat att få en ledig plats. Försök igen senare eller skicka ett e-postmeddelande till oss. Tack!"},no:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> med oss!","Scroll down to see new messages":"Bla ned for å se nye meldinger",Online:"Pålogget",Offline:"Avlogget",Connecting:"Koble til","Connection re-established":"Tilkoblingen er gjenopprettet",Today:"I dag",Send:"Send","Chat closed by %s":"Chat avsluttes om %s","Compose your message...":"Skriv din melding...","All colleagues are busy.":"Alle våre kolleger er for øyeblikket opptatt.","You are on waiting list position <strong>%s</strong>.":"Du står nå i kø og er nr. <strong>%s</strong> på ventelisten.","Start new conversation":"Start en ny samtale","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene av samtalen, vil samtalen med  <strong>%s</strong> nå avsluttes.","Since you didn't respond in the last %s minutes your conversation got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene, har samtalen nå blitt avsluttet.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi beklager, men det tar lengre tid enn vanlig å få en ledig plass i vår chat. Vennligst prøv igjen på et senere tidspunkt eller send oss en e-post. Tusen takk!"},nb:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> med oss!","Scroll down to see new messages":"Bla ned for å se nye meldinger",Online:"Pålogget",Offline:"Avlogget",Connecting:"Koble til","Connection re-established":"Tilkoblingen er gjenopprettet",Today:"I dag",Send:"Send","Chat closed by %s":"Chat avsluttes om %s","Compose your message...":"Skriv din melding...","All colleagues are busy.":"Alle våre kolleger er for øyeblikket opptatt.","You are on waiting list position <strong>%s</strong>.":"Du står nå i kø og er nr. <strong>%s</strong> på ventelisten.","Start new conversation":"Start en ny samtale","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene av samtalen, vil samtalen med  <strong>%s</strong> nå avsluttes.","Since you didn't respond in the last %s minutes your conversation got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene, har samtalen nå blitt avsluttet.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi beklager, men det tar lengre tid enn vanlig å få en ledig plass i vår chat. Vennligst prøv igjen på et senere tidspunkt eller send oss en e-post. Tusen takk!"},el:{"<strong>Chat</strong> with us!":"<strong>Επικοινωνήστε</strong> μαζί μας!","Scroll down to see new messages":"Μεταβείτε κάτω για να δείτε τα νέα μηνύματα",Online:"Σε σύνδεση",Offline:"Αποσυνδεμένος",Connecting:"Σύνδεση","Connection re-established":"Η σύνδεση αποκαταστάθηκε",Today:"Σήμερα",Send:"Αποστολή","Chat closed by %s":"Η συνομιλία έκλεισε από τον/την %s","Compose your message...":"Γράψτε το μήνυμα σας...","All colleagues are busy.":"Όλοι οι συνάδελφοι μας είναι απασχολημένοι.","You are on waiting list position <strong>%s</strong>.":"Βρίσκεστε σε λίστα αναμονής στη θέση <strong>%s</strong>.","Start new conversation":"Έναρξη νέας συνομιλίας","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Από τη στιγμή που δεν απαντήσατε τα τελευταία %s λεπτά η συνομιλία σας με τον/την <strong>%s</strong> έκλεισε.","Since you didn't respond in the last %s minutes your conversation got closed.":"Από τη στιγμή που δεν απαντήσατε τα τελευταία %s λεπτά η συνομιλία σας έκλεισε.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Λυπούμαστε που χρειάζεται περισσότερος χρόνος από τον αναμενόμενο για να βρεθεί μία κενή θέση. Παρακαλούμε δοκιμάστε ξανά αργότερα ή στείλτε μας ένα email. Ευχαριστούμε!"}},c.prototype.sessionId=void 0,c.prototype.scrolledToBottom=!0,c.prototype.scrollSnapTolerance=10,c.prototype.richTextFormatKey={66:!0,73:!0,85:!0,83:!0},c.prototype.T=function(){var t,e,s,n,o=arguments[0],i=2<=arguments.length?slice.call(arguments,1):[];if(this.options.lang&&"en"!==this.options.lang&&(this.translations[this.options.lang]?((n=this.translations[this.options.lang])[o]||this.log.notice("Translation needed for '"+o+"'"),o=n[o]||o):this.log.notice("Translation '"+this.options.lang+"' needed!")),i)for(e=0,s=i.length;e<s;e++)t=i[e],o=o.replace(/%s/,t);return o},c.prototype.view=function(e){return s=this,function(t){return(t=t||{}).T=s.T,t.background=s.options.background,t.flat=s.options.flat,t.fontSize=s.options.fontSize,m.zammadChatTemplates[e](t)};var s},c.prototype.getScrollRoot=function(){var t,e,s;return"scrollingElement"in document?document.scrollingElement:(s=(e=document.documentElement).scrollTop,e.scrollTop=s+1,t=e.scrollTop,(e.scrollTop=s)<t?e:document.body)},c.prototype.render=function(){return this.el&&p(".zammad-chat").get(0)||this.renderBase(),p("."+this.options.buttonClass).addClass(this.options.inactiveClass),this.setAgentOnlineState("online"),this.log.debug("widget rendered"),this.startTimeoutObservers(),this.idleTimeout.start(),this.sessionId=sessionStorage.getItem("sessionId"),this.send("chat_status_customer",{session_id:this.sessionId,url:m.location.href})},c.prototype.renderBase=function(){var s,r,l,t,e;if(this.el=p(this.view("chat")({title:this.options.title,scrollHint:this.options.scrollHint})),this.options.target.append(this.el),this.input=this.el.find(".zammad-chat-input"),this.el.find(".js-chat-open").click(this.open),this.el.find(".js-chat-toggle").click(this.toggle),this.el.find(".js-chat-status").click(this.stopPropagation),this.el.find(".zammad-chat-controls").on("submit",this.onSubmit),this.el.find(".zammad-chat-body").on("scroll",this.detectScrolledtoBottom),this.el.find(".zammad-scroll-hint").click(this.onScrollHintClick),this.input.on({keydown:this.checkForEnter,input:this.onInput}),this.input.on("keydown",(s=this,function(t){var e=!1;if((e=!t.altKey&&!t.ctrlKey&&t.metaKey||!t.altKey&&t.ctrlKey&&!t.metaKey?!0:e)&&s.richTextFormatKey[t.keyCode])return t.preventDefault(),66===t.keyCode?(document.execCommand("bold"),!0):73===t.keyCode?(document.execCommand("italic"),!0):85===t.keyCode?(document.execCommand("underline"),!0):83===t.keyCode?(document.execCommand("strikeThrough"),!0):void 0})),this.input.on("paste",(r=this,function(e){var s,n,t,o,i,a;if(e.stopPropagation(),e.preventDefault(),e.clipboardData)s=e.clipboardData;else if(m.clipboardData)s=m.clipboardData;else{if(!e.originalEvent.clipboardData)throw"No clipboardData support";s=e.originalEvent.clipboardData}if(t=!1,s&&s.items&&s.items[0]&&("file"!==(o=s.items[0]).kind||"image/png"!==o.type&&"image/jpeg"!==o.type||(n=o.getAsFile(),(a=new FileReader).onload=function(t){var e=t.target.result,o=document.createElement("img");return o.src=e,t=function(t,e,s,n){return r.isRetina()&&(e/=2,0),o='<img style="width: 100%; max-width: '+e+'px;" src="'+t+'">',document.execCommand("insertHTML",!1,o)},r.resizeImage(o.src,460,"auto",2,"image/jpeg","auto",t)},a.readAsDataURL(n),t=!0)),!t){n=a=void 0;try{a=s.getData("text/html"),n="html",a&&0!==a.length||(n="text",a=s.getData("text/plain")),a&&0!==a.length||(n="text2",a=s.getData("text"))}catch(t){e=t,console.log("Sorry, can't insert markup because browser is not supporting it."),n="text3",a=s.getData("text")}return"text"!==n&&"text2"!==n&&"text3"!==n||(a=(a="<div>"+a.replace(/\n/g,"</div><div>")+"</div>").replace(/<div><\/div>/g,"<div><br></div>")),console.log("p",n,a),"html"===n&&(t=p("<div>"+a+"</div>"),e=!1,s=a,i=new RegExp("<(/w|w):[A-Za-z]"),s.match(i)&&(e=!0,s=s.replace(i,"")),i=new RegExp("<(/o|o):[A-Za-z]"),s.match(i)&&(e=!0,s=s.replace(i,"")),e&&(t=r.wordFilter(t)),(t=p(t)).contents().each(function(){if(8===this.nodeType)return p(this).remove()}),t.find("a, font, small, time, form, label").replaceWith(function(){return p(this).contents()}),t.find("textarea").each(function(){var t=this.outerHTML;return i=new RegExp("<"+this.tagName,"i"),t=t.replace(i,"<div"),i=new RegExp("</"+this.tagName,"i"),t=t.replace(i,"</div"),p(this).replaceWith(t)}),t.find("font, img, svg, input, select, button, style, applet, embed, noframes, canvas, script, frame, iframe, meta, link, title, head, fieldset").remove(),r.removeAttributes(t),a=t.html()),"text3"===n?r.pasteHtmlAtCaret(a):document.execCommand("insertHTML",!1,a),!0}})),this.input.on("drop",(l=this,function(t){var e,a,r;if(t.stopPropagation(),t.preventDefault(),m.dataTransfer)e=m.dataTransfer;else{if(!t.originalEvent.dataTransfer)throw"No clipboardData support";e=t.originalEvent.dataTransfer}if(a=t.clientX,r=t.clientY,(t=e.files[0]).type.match("image.*"))return(e=new FileReader).onload=function(t){var e=t.target.result,i=document.createElement("img");return i.src=e,t=function(t,e,s,n){var o;return l.isRetina()&&(e/=2,0),i=(i=p('<img style="width: 100%; max-width: '+e+'px;" src="'+t+'">')).get(0),document.caretPositionFromPoint?(t=document.caretPositionFromPoint(a,r),(o=document.createRange()).setStart(t.offsetNode,t.offset),o.collapse(),o.insertNode(i)):document.caretRangeFromPoint?(o=document.caretRangeFromPoint(a,r)).insertNode(i):console.log("could not find carat")},l.resizeImage(i.src,460,"auto",2,"image/jpeg","auto",t)},e.readAsDataURL(t)})),p(m).on("beforeunload",(t=this,function(){return t.onLeaveTemporary()})),p(m).bind("hashchange",(e=this,function(){if(!e.isOpen)return e.idleTimeout.start();e.sessionId&&e.send("chat_session_notice",{session_id:e.sessionId,message:m.location.href})})),this.isFullscreen)return this.input.on({focus:this.onFocus,focusout:this.onFocusOut})},c.prototype.stopPropagation=function(t){return t.stopPropagation()},c.prototype.checkForEnter=function(t){if(!this.inputDisabled&&!t.shiftKey&&13===t.keyCode)return t.preventDefault(),this.sendMessage()},c.prototype.send=function(t,e){return(e=null==e?{}:e).chat_id=this.options.chatId,this.io.send(t,e)},c.prototype.onWebSocketMessage=function(t){for(var e,s=0,n=t.length;s<n;s++)switch(e=t[s],this.log.debug("ws:onmessage",e),e.event){case"chat_error":this.log.notice(e.data),e.data&&"chat_disabled"===e.data.state&&this.destroy({remove:!0});break;case"chat_session_message":if(e.data.self_written)return;this.receiveMessage(e.data);break;case"chat_session_typing":if(e.data.self_written)return;this.onAgentTypingStart();break;case"chat_session_start":this.onConnectionEstablished(e.data);break;case"chat_session_queue":this.onQueueScreen(e.data);break;case"chat_session_closed":case"chat_session_left":this.onSessionClosed(e.data);break;case"chat_session_notice":this.addStatus(this.T(e.data.message));break;case"chat_status_customer":switch(e.data.state){case"online":this.sessionId=void 0,!this.options.cssAutoload||this.cssLoaded?this.onReady():this.socketReady=!0;break;case"offline":this.onError("Zammad Chat: No agent online");break;case"chat_disabled":this.onError("Zammad Chat: Chat is disabled");break;case"no_seats_available":this.onError("Zammad Chat: Too many clients in queue. Clients in queue: "+e.data.queue);break;case"reconnect":this.onReopenSession(e.data)}}},c.prototype.onReady=function(){var t;if(this.log.debug("widget ready for use"),p("."+this.options.buttonClass).click(this.open).removeClass(this.options.inactiveClass),"function"==typeof(t=this.options).onReady&&t.onReady(),this.options.show)return this.show()},c.prototype.onError=function(t){var e;return this.log.debug(t),this.addStatus(t),p("."+this.options.buttonClass).hide(),this.isOpen?(this.disableInput(),this.destroy({remove:!1})):this.destroy({remove:!0}),"function"==typeof(e=this.options).onError?e.onError(t):void 0},c.prototype.onReopenSession=function(t){var e,s,n,o,i;if(this.log.debug("old messages",t.session),this.inactiveTimeout.start(),i=sessionStorage.getItem("unfinished_message"),t.agent){for(this.onConnectionEstablished(t),e=0,s=(o=t.session).length;e<s;e++)n=o[e],this.renderMessage({message:n.content,id:n.id,from:n.created_by_id?"agent":"customer"});i&&this.input.html(i)}if(t.position&&this.onQueue(t),this.show(),this.open(),this.scrollToBottom(),i)return this.input.focus()},c.prototype.onInput=function(){return this.el.find(".zammad-chat-message--unread").removeClass("zammad-chat-message--unread"),sessionStorage.setItem("unfinished_message",this.input.html()),this.onTyping()},c.prototype.onFocus=function(){var t;if(p(m).scrollTop(10),t=0<p(m).scrollTop(),p(m).scrollTop(0),t)return this.log.notice("virtual keyboard shown")},c.prototype.onFocusOut=function(){},c.prototype.onTyping=function(){if(!(this.isTyping&&this.isTyping>new Date((new Date).getTime()-1500)))return this.isTyping=new Date,this.send("chat_session_typing",{session_id:this.sessionId}),this.inactiveTimeout.start()},c.prototype.onSubmit=function(t){return t.preventDefault(),this.sendMessage()},c.prototype.sendMessage=function(){var t,e=this.input.html();if(e)return this.inactiveTimeout.start(),sessionStorage.removeItem("unfinished_message"),t=this.view("message")({message:e,from:"customer",id:this._messageCount++,unreadClass:""}),this.maybeAddTimestamp(),this.el.find(".zammad-chat-message--typing").get(0)?(this.lastAddedType="typing-placeholder",this.el.find(".zammad-chat-message--typing").before(t)):(this.lastAddedType="message--customer",this.el.find(".zammad-chat-body").append(t)),this.input.html(""),this.scrollToBottom(),this.send("chat_session_message",{content:e,id:this._messageCount,session_id:this.sessionId})},c.prototype.receiveMessage=function(t){return this.inactiveTimeout.start(),this.onAgentTypingEnd(),this.maybeAddTimestamp(),this.renderMessage({message:t.message.content,id:t.id,from:"agent"}),this.scrollToBottom({showHint:!0})},c.prototype.renderMessage=function(t){return this.lastAddedType="message--"+t.from,t.unreadClass=document.hidden?" zammad-chat-message--unread":"",this.el.find(".zammad-chat-body").append(this.view("message")(t))},c.prototype.open=function(){var t;if(!this.isOpen)return this.isOpen=!0,this.log.debug("open widget"),this.show(),this.sessionId||this.showLoader(),this.el.addClass("zammad-chat-is-open"),t=this.el.height()-this.el.find(".zammad-chat-header").outerHeight(),this.el.css("bottom",-t),this.sessionId?(this.el.css("bottom",0),this.onOpenAnimationEnd()):(this.el.animate({bottom:0},500,this.onOpenAnimationEnd),this.send("chat_session_init",{url:m.location.href}));this.log.debug("widget already open, block")},c.prototype.onOpenAnimationEnd=function(){var t;return this.idleTimeout.stop(),this.isFullscreen&&this.disableScrollOnRoot(),"function"==typeof(t=this.options).onOpenAnimationEnd?t.onOpenAnimationEnd():void 0},c.prototype.sessionClose=function(){return this.send("chat_session_close",{session_id:this.sessionId}),this.inactiveTimeout.stop(),this.waitingListTimeout.stop(),sessionStorage.removeItem("unfinished_message"),this.onInitialQueueDelayId&&clearTimeout(this.onInitialQueueDelayId),this.setSessionId(void 0)},c.prototype.toggle=function(t){return this.isOpen?this.close(t):this.open(t)},c.prototype.close=function(t){if(this.isOpen){if(this.initDelayId&&clearTimeout(this.initDelayId),this.sessionId)return this.log.debug("close widget"),t&&t.stopPropagation(),this.sessionClose(),this.isFullscreen&&this.enableScrollOnRoot(),t=this.el.height()-this.el.find(".zammad-chat-header").outerHeight(),this.el.animate({bottom:-t},500,this.onCloseAnimationEnd);this.log.debug("can't close widget without sessionId")}else this.log.debug("can't close widget, it's not open")},c.prototype.onCloseAnimationEnd=function(){var t;return this.el.css("bottom",""),this.el.removeClass("zammad-chat-is-open"),this.showLoader(),this.el.find(".zammad-chat-welcome").removeClass("zammad-chat-is-hidden"),this.el.find(".zammad-chat-agent").addClass("zammad-chat-is-hidden"),this.el.find(".zammad-chat-agent-status").addClass("zammad-chat-is-hidden"),this.isOpen=!1,"function"==typeof(t=this.options).onCloseAnimationEnd&&t.onCloseAnimationEnd(),this.io.reconnect()},c.prototype.onWebSocketClose=function(){if(!this.isOpen)return this.el?(this.el.removeClass("zammad-chat-is-shown"),this.el.removeClass("zammad-chat-is-loaded")):void 0},c.prototype.show=function(){if("offline"!==this.state)return this.el.addClass("zammad-chat-is-loaded"),this.el.addClass("zammad-chat-is-shown")},c.prototype.disableInput=function(){return this.inputDisabled=!0,this.input.prop("contenteditable",!1),this.el.find(".zammad-chat-send").prop("disabled",!0),this.io.close()},c.prototype.enableInput=function(){return this.inputDisabled=!1,this.input.prop("contenteditable",!0),this.el.find(".zammad-chat-send").prop("disabled",!1)},c.prototype.hideModal=function(){return this.el.find(".zammad-chat-modal").html("")},c.prototype.onQueueScreen=function(t){var e,s;if(this.setSessionId(t.session_id),e=function(){return s.onQueue(t),s.waitingListTimeout.start()},!(s=this).initialQueueDelay||this.onInitialQueueDelayId)return this.onInitialQueueDelayId&&clearTimeout(this.onInitialQueueDelayId),e();this.onInitialQueueDelayId=setTimeout(e,this.initialQueueDelay)},c.prototype.onQueue=function(t){return this.log.notice("onQueue",t.position),this.inQueue=!0,this.el.find(".zammad-chat-modal").html(this.view("waiting")({position:t.position}))},c.prototype.onAgentTypingStart=function(){if(this.stopTypingId&&clearTimeout(this.stopTypingId),this.stopTypingId=setTimeout(this.onAgentTypingEnd,3e3),!this.el.find(".zammad-chat-message--typing").get(0)&&(this.maybeAddTimestamp(),this.el.find(".zammad-chat-body").append(this.view("typingIndicator")()),this.isVisible(this.el.find(".zammad-chat-message--typing"),!0)))return this.scrollToBottom()},c.prototype.onAgentTypingEnd=function(){return this.el.find(".zammad-chat-message--typing").remove()},c.prototype.onLeaveTemporary=function(){if(this.sessionId)return this.send("chat_session_leave_temporary",{session_id:this.sessionId})},c.prototype.maybeAddTimestamp=function(){var t,e,s=Date.now();if(!this.lastTimestamp||s-this.lastTimestamp>6e4*this.showTimeEveryXMinutes)return t=this.T("Today"),e=(new Date).toTimeString().substr(0,5),"timestamp"===this.lastAddedType?(this.updateLastTimestamp(t,e),this.lastTimestamp=s):(this.el.find(".zammad-chat-body").append(this.view("timestamp")({label:t,time:e})),this.lastTimestamp=s,this.lastAddedType="timestamp",this.scrollToBottom())},c.prototype.updateLastTimestamp=function(t,e){if(this.el)return this.el.find(".zammad-chat-body").find(".zammad-chat-timestamp").last().replaceWith(this.view("timestamp")({label:t,time:e}))},c.prototype.addStatus=function(t){if(this.el)return this.maybeAddTimestamp(),this.el.find(".zammad-chat-body").append(this.view("status")({status:t})),this.scrollToBottom()},c.prototype.detectScrolledtoBottom=function(){var t=this.el.find(".zammad-chat-body").scrollTop()+this.el.find(".zammad-chat-body").outerHeight();if(this.scrolledToBottom=Math.abs(t-this.el.find(".zammad-chat-body").prop("scrollHeight"))<=this.scrollSnapTolerance,this.scrolledToBottom)return this.el.find(".zammad-scroll-hint").addClass("is-hidden")},c.prototype.showScrollHint=function(){return this.el.find(".zammad-scroll-hint").removeClass("is-hidden"),this.el.find(".zammad-chat-body").scrollTop(this.el.find(".zammad-chat-body").scrollTop()+this.el.find(".zammad-scroll-hint").outerHeight())},c.prototype.onScrollHintClick=function(){return this.el.find(".zammad-chat-body").animate({scrollTop:this.el.find(".zammad-chat-body").prop("scrollHeight")},300)},c.prototype.scrollToBottom=function(t){t=(null!=t?t:{showHint:!1}).showHint;return this.scrolledToBottom?this.el.find(".zammad-chat-body").scrollTop(p(".zammad-chat-body").prop("scrollHeight")):t?this.showScrollHint():void 0},c.prototype.destroy=function(t){return this.log.debug("destroy widget",t=null==t?{}:t),this.setAgentOnlineState("offline"),t.remove&&this.el&&(this.el.remove(),p("."+this.options.buttonClass).hide()),this.waitingListTimeout&&this.waitingListTimeout.stop(),this.inactiveTimeout&&this.inactiveTimeout.stop(),this.idleTimeout&&this.idleTimeout.stop(),this.io.close()},c.prototype.reconnect=function(){return this.log.notice("reconnecting"),this.disableInput(),this.lastAddedType="status",this.setAgentOnlineState("connecting"),this.addStatus(this.T("Connection lost"))},c.prototype.onConnectionReestablished=function(){var t;return this.lastAddedType="status",this.setAgentOnlineState("online"),this.addStatus(this.T("Connection re-established")),"function"==typeof(t=this.options).onConnectionReestablished?t.onConnectionReestablished():void 0},c.prototype.onSessionClosed=function(t){var e;return this.addStatus(this.T("Chat closed by %s",t.realname)),this.disableInput(),this.setAgentOnlineState("offline"),this.inactiveTimeout.stop(),"function"==typeof(e=this.options).onSessionClosed?e.onSessionClosed(t):void 0},c.prototype.setSessionId=function(t){return void 0===(this.sessionId=t)?sessionStorage.removeItem("sessionId"):sessionStorage.setItem("sessionId",t)},c.prototype.onConnectionEstablished=function(t){var e;return this.onInitialQueueDelayId&&clearTimeout(this.onInitialQueueDelayId),this.inQueue=!1,t.agent&&(this.agent=t.agent),t.session_id&&this.setSessionId(t.session_id),this.el.find(".zammad-chat-body").html(""),this.el.find(".zammad-chat-agent").html(this.view("agent")({agent:this.agent})),this.enableInput(),this.hideModal(),this.el.find(".zammad-chat-welcome").addClass("zammad-chat-is-hidden"),this.el.find(".zammad-chat-agent").removeClass("zammad-chat-is-hidden"),this.el.find(".zammad-chat-agent-status").removeClass("zammad-chat-is-hidden"),this.isFullscreen||this.input.focus(),this.setAgentOnlineState("online"),this.waitingListTimeout.stop(),this.idleTimeout.stop(),this.inactiveTimeout.start(),"function"==typeof(e=this.options).onConnectionEstablished?e.onConnectionEstablished(t):void 0},c.prototype.showCustomerTimeout=function(){var t;return this.el.find(".zammad-chat-modal").html(this.view("customer_timeout")({agent:this.agent.name,delay:this.options.inactiveTimeout})),t=function(){return location.reload()},this.el.find(".js-restart").click(t),this.sessionClose()},c.prototype.showWaitingListTimeout=function(){var t;return this.el.find(".zammad-chat-modal").html(this.view("waiting_list_timeout")({delay:this.options.watingListTimeout})),t=function(){return location.reload()},this.el.find(".js-restart").click(t),this.sessionClose()},c.prototype.showLoader=function(){return this.el.find(".zammad-chat-modal").html(this.view("loader")())},c.prototype.setAgentOnlineState=function(t){var e;if(this.state=t,this.el)return e=t.charAt(0).toUpperCase()+t.slice(1),this.el.find(".zammad-chat-agent-status").attr("data-status",t).text(this.T(e))},c.prototype.detectHost=function(){var t="https"===i?"wss://":"ws://";return this.options.host=""+t+o+"/ws"},c.prototype.loadCss=function(){var t,e;if(this.options.cssAutoload)return(e=this.options.cssUrl)||(e=this.options.host.replace(/^wss/i,"https").replace(/^ws/i,"http").replace(/\/ws$/i,""),e+="/assets/chat/chat.css"),this.log.debug("load css from '"+e+"'"),t="@import url('"+e+"');",(e=document.createElement("link")).onload=this.onCssLoaded,e.rel="stylesheet",e.href="data:text/css,"+escape(t),document.getElementsByTagName("head")[0].appendChild(e)},c.prototype.onCssLoaded=function(){var t;return this.cssLoaded=!0,this.socketReady&&this.onReady(),"function"==typeof(t=this.options).onCssLoaded?t.onCssLoaded():void 0},c.prototype.startTimeoutObservers=function(){var t,e,s;return this.idleTimeout=new n({logPrefix:"idleTimeout",debug:this.options.debug,timeout:this.options.idleTimeout,timeoutIntervallCheck:this.options.idleTimeoutIntervallCheck,callback:(t=this,function(){return t.log.debug("Idle timeout reached, hide widget",new Date),t.destroy({remove:!0})})}),this.inactiveTimeout=new n({logPrefix:"inactiveTimeout",debug:this.options.debug,timeout:this.options.inactiveTimeout,timeoutIntervallCheck:this.options.inactiveTimeoutIntervallCheck,callback:(e=this,function(){return e.log.debug("Inactive timeout reached, show timeout screen.",new Date),e.showCustomerTimeout(),e.destroy({remove:!1})})}),this.waitingListTimeout=new n({logPrefix:"waitingListTimeout",debug:this.options.debug,timeout:this.options.waitingListTimeout,timeoutIntervallCheck:this.options.waitingListTimeoutIntervallCheck,callback:(s=this,function(){return s.log.debug("Waiting list timeout reached, show timeout screen.",new Date),s.showWaitingListTimeout(),s.destroy({remove:!1})})})},c.prototype.disableScrollOnRoot=function(){return this.rootScrollOffset=this.scrollRoot.scrollTop(),this.scrollRoot.css({overflow:"hidden",position:"fixed"})},c.prototype.enableScrollOnRoot=function(){return this.scrollRoot.scrollTop(this.rootScrollOffset),this.scrollRoot.css({overflow:"",position:""})},c.prototype.isVisible=function(t,e,s,n){var o,i,a,r,l,d,c,h,u;if(!(t.length<1))return o=p(m),a=(i=1<t.length?t.eq(0):t).get(0),u=o.width(),t=o.height(),n=n||"both",s=!0!==s||a.offsetWidth*a.offsetHeight,"function"==typeof a.getBoundingClientRect?(r=0<=(c=a.getBoundingClientRect()).top&&c.top<t,h=0<c.bottom&&c.bottom<=t,l=0<=c.left&&c.left<u,d=0<c.right&&c.right<=u,c=e?r||h:r&&h,r=e?l||d:l&&d,"both"===n?s&&c&&r:"vertical"===n?s&&c:"horizontal"===n?s&&r:void 0):(l=(h=o.scrollTop())+t,c=(d=o.scrollLeft())+u,o=(t=(r=i.offset()).top)+i.height(),r=(u=r.left)+i.width(),i=!0===e?o:t,t=!0===e?t:o,o=!0===e?r:u,r=!0===e?u:r,"both"===n?!!s&&t<=l&&h<=i&&r<=c&&d<=o:"vertical"===n?!!s&&t<=l&&h<=i:"horizontal"===n?!!s&&r<=c&&d<=o:void 0)},c.prototype.isRetina=function(){var t;return!!m.matchMedia&&((t=m.matchMedia("only screen and (min--moz-device-pixel-ratio: 1.3), only screen and (-o-min-device-pixel-ratio: 2.6/2), only screen and (-webkit-min-device-pixel-ratio: 1.3), only screen  and (min-device-pixel-ratio: 1.3), only screen and (min-resolution: 1.3dppx)"))&&t.matches||1<m.devicePixelRatio)},c.prototype.resizeImage=function(t,n,o,i,a,r,l,e){var d;return null==n&&(n="auto"),null==o&&(o="auto"),null==i&&(i=1),null==e&&(e=!0),(d=new Image).onload=function(){var t,e=d.width,s=d.height;return console.log("ImageService","current size",e,s),"auto"===o&&"auto"===n&&(n=e,o=s),"auto"===o&&(o=s/(e/n)),t=!1,(n="auto"===n?s/(e/o):n)<e||o<s?(t=!0,n*=i,o*=i):(n=e,o=s),(s=document.createElement("canvas")).width=n,s.height=o,s.getContext("2d").drawImage(d,0,0,n,o),"auto"===r&&(r=n<200&&o<200?1:n<400&&o<400?.9:n<600&&o<600?.8:n<900&&o<900?.7:.6),s=s.toDataURL(a,r),t?(console.log("ImageService","resize",n/i,o/i,r,.75*s.length/1024/1024,"in mb"),void l(s,n/i,o/i,!0)):(console.log("ImageService","no resize",n,o,r,.75*s.length/1024/1024,"in mb"),l(s,n,o,!1))},d.src=t},c.prototype.pasteHtmlAtCaret=function(t){var e,s,n,o,i=void 0,a=void 0;if(m.getSelection){if((i=m.getSelection()).getRangeAt&&i.rangeCount){for((a=i.getRangeAt(0)).deleteContents(),(e=document.createElement("div")).innerHTML=t,s=document.createDocumentFragment(o,n);o=e.firstChild;)n=s.appendChild(o);if(a.insertNode(s),n)return(a=a.cloneRange()).setStartAfter(n),a.collapse(!0),i.removeAllRanges(),i.addRange(a)}}else if(document.selection&&"Control"!==document.selection.type)return document.selection.createRange().pasteHTML(t)},c.prototype.wordFilter=function(t){var a,r,e=t.html();return e=(e=(e=(e=e.replace(/<!--[\s\S]+?-->/gi,"")).replace(/<(!|script[^>]*>.*?<\/script(?=[>\s])|\/?(\?xml(:\w+)?|img|meta|link|style|\w:\w+)(?=[\s\/>]))[^>]*>/gi,"")).replace(/<(\/?)s>/gi,"<$1strike>")).replace(/&nbsp;/gi," "),t.html(e),p("p",t).each(function(){var t=p(this).attr("style"),t=/mso-list:\w+ \w+([0-9]+)/.exec(t);if(t)return p(this).data("_listLevel",parseInt(t[1],10))}),a=0,r=null,p("p",t).each(function(){var t,e,s,n,o,i=p(this).data("_listLevel");if(void 0===i)return a=0;if(o=p(this).text(),e="<ul></ul>",/^\s*\w+\./.test(o)&&(e=(s=/([0-9])\./.exec(o))?null!=(s=1<(o=parseInt(s[1],10)))?s:'<ol start="'+o+{'"></ol>':"<ol></ol>"}:"<ol></ol>"),a<i&&(r=0===a?(p(this).before(e),p(this).prev()):p(e).appendTo(r)),i<a)for(t=void 0,n=a-i;void 0<=n?t<=n:n<=t;void 0<=n?++t:--t)r=r.parent();return p("span:first",this).remove(),r.append("<li>"+p(this).html()+"</li>"),p(this).remove(),a=i}),p("[style]",t).removeAttr("style"),p("[align]",t).removeAttr("align"),p("span",t).replaceWith(function(){return p(this).contents()}),p("span:empty",t).remove(),p("[class^='Mso']",t).removeAttr("class"),p("p:empty",t).remove(),t},c.prototype.removeAttribute=function(t){var e,s,n,o,i;if(t){for(e=p(t),n=0,o=(i=t.attributes).length;n<o;n++)(s=i[n])&&s.name&&t.removeAttribute(s.name);return e.removeAttr("style").removeAttr("class").removeAttr("lang").removeAttr("type").removeAttr("align").removeAttr("id").removeAttr("wrap").removeAttr("title")}},c.prototype.removeAttributes=function(t,e){var s,n;return(e=null==e?!0:e)&&t.each((s=this,function(t,e){return s.removeAttribute(e)})),t.find("*").each((n=this,function(t,e){return n.removeAttribute(e)})),t},m.ZammadChat=c}(window.jQuery,window),window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.loader=function(t){var e=[],s=(t=t||{}).safe,n=t.escape,n=(t.safe=function(t){if(t&&t.ecoSafe)return t;void 0!==t&&null!=t||(t="");t=new String(t);return t.ecoSafe=!0,t},n||(t.escape=function(t){return(""+t).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){e.push('<span class="zammad-chat-loading-animation">\n  <span class="zammad-chat-loading-circle"></span>\n  <span class="zammad-chat-loading-circle"></span>\n  <span class="zammad-chat-loading-circle"></span>\n</span>\n<span class="zammad-chat-modal-text">'),e.push(this.T("Connecting")),e.push("</span>")}.call(this)}.call(t),t.safe=s,t.escape=n,e.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.message=function(t){function e(t){return t&&t.ecoSafe?t:void 0!==t&&null!=t?o(t):""}var s=[],n=(t=t||{}).safe,o=t.escape,o=(t.safe=function(t){if(t&&t.ecoSafe)return t;void 0!==t&&null!=t||(t="");t=new String(t);return t.ecoSafe=!0,t},o||(t.escape=function(t){return(""+t).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){s.push('<div class="zammad-chat-message zammad-chat-message--'),s.push(e(this.from)),s.push(e(this.unreadClass)),s.push('">\n  <span class="zammad-chat-message-body"'),this.background&&"customer"===this.from&&s.push(e(" style='background: "+this.background+"'")),s.push(">"),s.push(this.message),s.push("</span>\n</div>")}.call(this)}.call(t),t.safe=n,t.escape=o,s.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.status=function(t){var e=[],s=(t=t||{}).safe,n=t.escape,n=(t.safe=function(t){if(t&&t.ecoSafe)return t;void 0!==t&&null!=t||(t="");t=new String(t);return t.ecoSafe=!0,t},n||(t.escape=function(t){return(""+t).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){e.push('<div class="zammad-chat-status">\n  <div class="zammad-chat-status-inner">\n    '),e.push(this.status),e.push("\n  </div>\n</div>")}.call(this)}.call(t),t.safe=s,t.escape=n,e.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.timestamp=function(t){function e(t){return t&&t.ecoSafe?t:void 0!==t&&null!=t?o(t):""}var s=[],n=(t=t||{}).safe,o=t.escape,o=(t.safe=function(t){if(t&&t.ecoSafe)return t;void 0!==t&&null!=t||(t="");t=new String(t);return t.ecoSafe=!0,t},o||(t.escape=function(t){return(""+t).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){s.push('<div class="zammad-chat-timestamp"><strong>'),s.push(e(this.label)),s.push("</strong> "),s.push(e(this.time)),s.push("</div>")}.call(this)}.call(t),t.safe=n,t.escape=o,s.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.typingIndicator=function(t){var e=[],s=(t=t||{}).safe,n=t.escape,n=(t.safe=function(t){if(t&&t.ecoSafe)return t;void 0!==t&&null!=t||(t="");t=new String(t);return t.ecoSafe=!0,t},n||(t.escape=function(t){return(""+t).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){e.push('<div class="zammad-chat-message zammad-chat-message--typing zammad-chat-message--agent">\n  <span class="zammad-chat-message-body">\n    <span class="zammad-chat-loading-animation">\n      <span class="zammad-chat-loading-circle"></span>\n      <span class="zammad-chat-loading-circle"></span>\n      <span class="zammad-chat-loading-circle"></span>\n    </span>\n  </span>\n</div>')}.call(this)}.call(t),t.safe=s,t.escape=n,e.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.waiting=function(t){var e=[],s=(t=t||{}).safe,n=t.escape,n=(t.safe=function(t){if(t&&t.ecoSafe)return t;void 0!==t&&null!=t||(t="");t=new String(t);return t.ecoSafe=!0,t},n||(t.escape=function(t){return(""+t).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){e.push('<div class="zammad-chat-modal-text">\n  <span class="zammad-chat-loading-animation">\n    <span class="zammad-chat-loading-circle"></span>\n    <span class="zammad-chat-loading-circle"></span>\n    <span class="zammad-chat-loading-circle"></span>\n  </span>\n  '),e.push(this.T("All colleagues are busy.")),e.push("<br>\n  "),e.push(this.T("You are on waiting list position <strong>%s</strong>.",this.position)),e.push("\n</div>")}.call(this)}.call(t),t.safe=s,t.escape=n,e.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.waiting_list_timeout=function(t){var e=[],s=(t=t||{}).safe,n=t.escape,n=(t.safe=function(t){if(t&&t.ecoSafe)return t;void 0!==t&&null!=t||(t="");t=new String(t);return t.ecoSafe=!0,t},n||(t.escape=function(t){return(""+t).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}));return function(){!function(){var t;e.push('<div class="zammad-chat-modal-text">\n  '),e.push(this.T("We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!")),e.push('\n  <br>\n  <div class="zammad-chat-button js-restart"'),this.background&&e.push((t=" style='background: "+this.background+"'")&&t.ecoSafe?t:void 0!==t&&null!=t?n(t):""),e.push(">"),e.push(this.T("Start new conversation")),e.push("</div>\n</div>")}.call(this)}.call(t),t.safe=s,t.escape=n,e.join("")};
\ No newline at end of file
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e=e||self).DOMPurify=t()}(this,function(){"use strict";var s=Object.hasOwnProperty,i=Object.setPrototypeOf,a=Object.isFrozen,o=Object.getPrototypeOf,r=Object.getOwnPropertyDescriptor,Le=Object.freeze,e=Object.seal,l=Object.create,t="undefined"!=typeof Reflect&&Reflect,d=t.apply,c=t.construct;d||(d=function(e,t,n){return e.apply(t,n)}),Le||(Le=function(e){return e}),e||(e=function(e){return e}),c||(c=function(e,t){return new(Function.prototype.bind.apply(e,[null].concat(function(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}(t))))});var u,Me=h(Array.prototype.forEach),je=h(Array.prototype.pop),Ne=h(Array.prototype.push),Pe=h(String.prototype.toLowerCase),Fe=h(String.prototype.match),He=h(String.prototype.replace),We=h(String.prototype.indexOf),Be=h(String.prototype.trim),Ue=h(RegExp.prototype.test),qe=(u=TypeError,function(){for(var e=arguments.length,t=Array(e),n=0;n<e;n++)t[n]=arguments[n];return c(u,t)});function h(o){return function(e){for(var t=arguments.length,n=Array(1<t?t-1:0),s=1;s<t;s++)n[s-1]=arguments[s];return d(o,e,n)}}function Ke(e,t){i&&i(e,null);for(var n=t.length;n--;){var s=t[n];if("string"==typeof s){var o=Pe(s);o!==s&&(a(t)||(t[n]=o),s=o)}e[s]=!0}return e}function Ye(e){var t=l(null),n=void 0;for(n in e)d(s,e,[n])&&(t[n]=e[n]);return t}function Qe(e,t){for(;null!==e;){var n=r(e,t);if(n){if(n.get)return h(n.get);if("function"==typeof n.value)return h(n.value)}e=o(e)}return function(e){return console.warn("fallback value for",e),null}}var Ve=Le(["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dialog","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","picture","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr"]),Ge=Le(["svg","a","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","style","switch","symbol","text","textpath","title","tref","tspan","view","vkern"]),Ze=Le(["feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feDistantLight","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","fePointLight","feSpecularLighting","feSpotLight","feTile","feTurbulence"]),Xe=Le(["animate","color-profile","cursor","discard","fedropshadow","feimage","font-face","font-face-format","font-face-name","font-face-src","font-face-uri","foreignobject","hatch","hatchpath","mesh","meshgradient","meshpatch","meshrow","missing-glyph","script","set","solidcolor","unknown","use"]),$e=Le(["math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmultiscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mspace","msqrt","mstyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover"]),Je=Le(["maction","maligngroup","malignmark","mlongdiv","mscarries","mscarry","msgroup","mstack","msline","msrow","semantics","annotation","annotation-xml","mprescripts","none"]),et=Le(["#text"]),tt=Le(["accept","action","align","alt","autocapitalize","autocomplete","autopictureinpicture","autoplay","background","bgcolor","border","capture","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","controls","controlslist","coords","crossorigin","datetime","decoding","default","dir","disabled","disablepictureinpicture","disableremoteplayback","download","draggable","enctype","enterkeyhint","face","for","headers","height","hidden","high","href","hreflang","id","inputmode","integrity","ismap","kind","label","lang","list","loading","loop","low","max","maxlength","media","method","min","minlength","multiple","muted","name","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","playsinline","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","sizes","span","srclang","start","src","srcset","step","style","summary","tabindex","title","translate","type","usemap","valign","value","width","xmlns","slot"]),nt=Le(["accent-height","accumulate","additive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","class","clip","clippathunits","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","filterunits","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","height","href","id","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lang","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","media","method","mode","min","name","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","preserveaspectratio","primitiveunits","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","startoffset","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","style","surfacescale","systemlanguage","tabindex","targetx","targety","transform","text-anchor","text-decoration","text-rendering","textlength","type","u1","u2","unicode","values","viewbox","visibility","version","vert-adv-y","vert-origin-x","vert-origin-y","width","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","xmlns","y","y1","y2","z","zoomandpan"]),st=Le(["accent","accentunder","align","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","dir","display","displaystyle","encoding","fence","frame","height","href","id","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","width","xmlns"]),ot=Le(["xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]),it=e(/\{\{[\s\S]*|[\s\S]*\}\}/gm),at=e(/<%[\s\S]*|[\s\S]*%>/gm),rt=e(/^data-[\-\w.\u00B7-\uFFFF]/),lt=e(/^aria-[\-\w]+$/),dt=e(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i),ct=e(/^(?:\w+script|data):/i),ut=e(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g),ht="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e};function mt(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}return function t(){var d=0<arguments.length&&void 0!==arguments[0]?arguments[0]:"undefined"==typeof window?null:window,u=function(e){return t(e)};if(u.version="2.3.1",u.removed=[],!d||!d.document||9!==d.document.nodeType)return u.isSupported=!1,u;var c=d.document,a=d.document,h=d.DocumentFragment,e=d.HTMLTemplateElement,m=d.Node,r=d.Element,n=d.NodeFilter,s=d.NamedNodeMap,l=void 0===s?d.NamedNodeMap||d.MozNamedAttrMap:s,p=d.Text,g=d.Comment,f=d.DOMParser,o=d.trustedTypes,i=r.prototype,y=Qe(i,"cloneNode"),v=Qe(i,"nextSibling"),b=Qe(i,"childNodes"),w=Qe(i,"parentNode");if("function"==typeof e){var T=a.createElement("template");T.content&&T.content.ownerDocument&&(a=T.content.ownerDocument)}var C=function(e,t){if("object"!==(void 0===e?"undefined":ht(e))||"function"!=typeof e.createPolicy)return null;var n=null,s="data-tt-policy-suffix";t.currentScript&&t.currentScript.hasAttribute(s)&&(n=t.currentScript.getAttribute(s));var o="dompurify"+(n?"#"+n:"");try{return e.createPolicy(o,{createHTML:function(e){return e}})}catch(e){return console.warn("TrustedTypes policy "+o+" could not be created."),null}}(o,c),S=C&&te?C.createHTML(""):"",k=a,z=k.implementation,A=k.createNodeIterator,x=k.createDocumentFragment,O=k.getElementsByTagName,I=c.importNode,E={};try{E=Ye(a).documentMode?a.documentMode:{}}catch(t){}var _={};u.isSupported="function"==typeof w&&z&&void 0!==z.createHTMLDocument&&9!==E;var D=it,R=at,L=rt,M=lt,j=ct,N=ut,P=dt,F=null,H=Ke({},[].concat(mt(Ve),mt(Ge),mt(Ze),mt($e),mt(et))),W=null,B=Ke({},[].concat(mt(tt),mt(nt),mt(st),mt(ot))),U=null,q=null,K=!0,Y=!0,Q=!1,V=!1,G=!1,Z=!1,X=!1,$=!1,J=!1,ee=!0,te=!1,ne=!0,se=!0,oe=!1,ie={},ae=null,re=Ke({},["annotation-xml","audio","colgroup","desc","foreignobject","head","iframe","math","mi","mn","mo","ms","mtext","noembed","noframes","noscript","plaintext","script","style","svg","template","thead","title","video","xmp"]),le=null,de=Ke({},["audio","video","img","source","image","track"]),ce=null,ue=Ke({},["alt","class","for","id","label","name","pattern","placeholder","role","summary","title","value","style","xmlns"]),he="http://www.w3.org/1998/Math/MathML",me="http://www.w3.org/2000/svg",pe="http://www.w3.org/1999/xhtml",ge=pe,fe=!1,ye=null,ve=a.createElement("form"),be=function(e){ye&&ye===e||(e&&"object"===(void 0===e?"undefined":ht(e))||(e={}),e=Ye(e),F="ALLOWED_TAGS"in e?Ke({},e.ALLOWED_TAGS):H,W="ALLOWED_ATTR"in e?Ke({},e.ALLOWED_ATTR):B,ce="ADD_URI_SAFE_ATTR"in e?Ke(Ye(ue),e.ADD_URI_SAFE_ATTR):ue,le="ADD_DATA_URI_TAGS"in e?Ke(Ye(de),e.ADD_DATA_URI_TAGS):de,ae="FORBID_CONTENTS"in e?Ke({},e.FORBID_CONTENTS):re,U="FORBID_TAGS"in e?Ke({},e.FORBID_TAGS):{},q="FORBID_ATTR"in e?Ke({},e.FORBID_ATTR):{},ie="USE_PROFILES"in e&&e.USE_PROFILES,K=!1!==e.ALLOW_ARIA_ATTR,Y=!1!==e.ALLOW_DATA_ATTR,Q=e.ALLOW_UNKNOWN_PROTOCOLS||!1,V=e.SAFE_FOR_TEMPLATES||!1,G=e.WHOLE_DOCUMENT||!1,$=e.RETURN_DOM||!1,J=e.RETURN_DOM_FRAGMENT||!1,ee=!1!==e.RETURN_DOM_IMPORT,te=e.RETURN_TRUSTED_TYPE||!1,X=e.FORCE_BODY||!1,ne=!1!==e.SANITIZE_DOM,se=!1!==e.KEEP_CONTENT,oe=e.IN_PLACE||!1,P=e.ALLOWED_URI_REGEXP||P,ge=e.NAMESPACE||pe,V&&(Y=!1),J&&($=!0),ie&&(F=Ke({},[].concat(mt(et))),W=[],!0===ie.html&&(Ke(F,Ve),Ke(W,tt)),!0===ie.svg&&(Ke(F,Ge),Ke(W,nt),Ke(W,ot)),!0===ie.svgFilters&&(Ke(F,Ze),Ke(W,nt),Ke(W,ot)),!0===ie.mathMl&&(Ke(F,$e),Ke(W,st),Ke(W,ot))),e.ADD_TAGS&&(F===H&&(F=Ye(F)),Ke(F,e.ADD_TAGS)),e.ADD_ATTR&&(W===B&&(W=Ye(W)),Ke(W,e.ADD_ATTR)),e.ADD_URI_SAFE_ATTR&&Ke(ce,e.ADD_URI_SAFE_ATTR),e.FORBID_CONTENTS&&(ae===re&&(ae=Ye(ae)),Ke(ae,e.FORBID_CONTENTS)),se&&(F["#text"]=!0),G&&Ke(F,["html","head","body"]),F.table&&(Ke(F,["tbody"]),delete U.tbody),Le&&Le(e),ye=e)},we=Ke({},["mi","mo","mn","ms","mtext"]),Te=Ke({},["foreignobject","desc","title","annotation-xml"]),Ce=Ke({},Ge);Ke(Ce,Ze),Ke(Ce,Xe);var Se=Ke({},$e);Ke(Se,Je);var ke=function(t){Ne(u.removed,{element:t});try{t.parentNode.removeChild(t)}catch(e){try{t.outerHTML=S}catch(e){t.remove()}}},ze=function(e,t){try{Ne(u.removed,{attribute:t.getAttributeNode(e),from:t})}catch(e){Ne(u.removed,{attribute:null,from:t})}if(t.removeAttribute(e),"is"===e&&!W[e])if($||J)try{ke(t)}catch(e){}else try{t.setAttribute(e,"")}catch(e){}},Ae=function(e){var t=void 0,n=void 0;if(X)e="<remove></remove>"+e;else{var s=Fe(e,/^[\r\n\t ]+/);n=s&&s[0]}var o=C?C.createHTML(e):e;if(ge===pe)try{t=(new f).parseFromString(o,"text/html")}catch(e){}if(!t||!t.documentElement){t=z.createDocument(ge,"template",null);try{t.documentElement.innerHTML=fe?"":o}catch(e){}}var i=t.body||t.documentElement;return e&&n&&i.insertBefore(a.createTextNode(n),i.childNodes[0]||null),ge===pe?O.call(t,G?"html":"body")[0]:G?t.documentElement:i},xe=function(e){return A.call(e.ownerDocument||e,e,n.SHOW_ELEMENT|n.SHOW_COMMENT|n.SHOW_TEXT,null,!1)},Oe=function(e){return"object"===(void 0===m?"undefined":ht(m))?e instanceof m:e&&"object"===(void 0===e?"undefined":ht(e))&&"number"==typeof e.nodeType&&"string"==typeof e.nodeName},Ie=function(e,t,n){_[e]&&Me(_[e],function(e){e.call(u,t,n,ye)})},Ee=function(e){var t,n=void 0;if(Ie("beforeSanitizeElements",e,null),!((t=e)instanceof p||t instanceof g||"string"==typeof t.nodeName&&"string"==typeof t.textContent&&"function"==typeof t.removeChild&&t.attributes instanceof l&&"function"==typeof t.removeAttribute&&"function"==typeof t.setAttribute&&"string"==typeof t.namespaceURI&&"function"==typeof t.insertBefore))return ke(e),!0;if(Fe(e.nodeName,/[\u0080-\uFFFF]/))return ke(e),!0;var s=Pe(e.nodeName);if(Ie("uponSanitizeElement",e,{tagName:s,allowedTags:F}),!Oe(e.firstElementChild)&&(!Oe(e.content)||!Oe(e.content.firstElementChild))&&Ue(/<[/\w]/g,e.innerHTML)&&Ue(/<[/\w]/g,e.textContent))return ke(e),!0;if("select"===s&&Ue(/<template/i,e.innerHTML))return ke(e),!0;if(!F[s]||U[s]){if(se&&!ae[s]){var o=w(e)||e.parentNode,i=b(e)||e.childNodes;if(i&&o)for(var a=i.length-1;0<=a;--a)o.insertBefore(y(i[a],!0),v(e))}return ke(e),!0}return e instanceof r&&!function(e){var t=w(e);t&&t.tagName||(t={namespaceURI:pe,tagName:"template"});var n=Pe(e.tagName),s=Pe(t.tagName);if(e.namespaceURI===me)return t.namespaceURI===pe?"svg"===n:t.namespaceURI===he?"svg"===n&&("annotation-xml"===s||we[s]):Boolean(Ce[n]);if(e.namespaceURI===he)return t.namespaceURI===pe?"math"===n:t.namespaceURI===me?"math"===n&&Te[s]:Boolean(Se[n]);if(e.namespaceURI===pe){if(t.namespaceURI===me&&!Te[s])return!1;if(t.namespaceURI===he&&!we[s])return!1;var o=Ke({},["title","style","font","a","script"]);return!Se[n]&&(o[n]||!Ce[n])}return!1}(e)?(ke(e),!0):"noscript"!==s&&"noembed"!==s||!Ue(/<\/no(script|embed)/i,e.innerHTML)?(V&&3===e.nodeType&&(n=e.textContent,n=He(n,D," "),n=He(n,R," "),e.textContent!==n&&(Ne(u.removed,{element:e.cloneNode()}),e.textContent=n)),Ie("afterSanitizeElements",e,null),!1):(ke(e),!0)},_e=function(e,t,n){if(ne&&("id"===t||"name"===t)&&(n in a||n in ve))return!1;if(Y&&!q[t]&&Ue(L,t));else if(K&&Ue(M,t));else{if(!W[t]||q[t])return!1;if(ce[t]);else if(Ue(P,He(n,N,"")));else if("src"!==t&&"xlink:href"!==t&&"href"!==t||"script"===e||0!==We(n,"data:")||!le[e])if(Q&&!Ue(j,He(n,N,"")));else if(n)return!1}return!0},De=function(e){var t=void 0,n=void 0,s=void 0,o=void 0;Ie("beforeSanitizeAttributes",e,null);var i=e.attributes;if(i){var a={attrName:"",attrValue:"",keepAttr:!0,allowedAttributes:W};for(o=i.length;o--;){var r=t=i[o],l=r.name,d=r.namespaceURI;if(n=Be(t.value),s=Pe(l),a.attrName=s,a.attrValue=n,a.keepAttr=!0,a.forceKeepAttr=void 0,Ie("uponSanitizeAttribute",e,a),n=a.attrValue,!a.forceKeepAttr&&(ze(l,e),a.keepAttr))if(Ue(/\/>/i,n))ze(l,e);else{V&&(n=He(n,D," "),n=He(n,R," "));var c=e.nodeName.toLowerCase();if(_e(c,s,n))try{d?e.setAttributeNS(d,l,n):e.setAttribute(l,n),je(u.removed)}catch(e){}}}Ie("afterSanitizeAttributes",e,null)}},Re=function e(t){var n=void 0,s=xe(t);for(Ie("beforeSanitizeShadowDOM",t,null);n=s.nextNode();)Ie("uponSanitizeShadowNode",n,null),Ee(n)||(n.content instanceof h&&e(n.content),De(n));Ie("afterSanitizeShadowDOM",t,null)};return u.sanitize=function(e,t){var n=void 0,s=void 0,o=void 0,i=void 0,a=void 0;if((fe=!e)&&(e="\x3c!--\x3e"),"string"!=typeof e&&!Oe(e)){if("function"!=typeof e.toString)throw qe("toString is not a function");if("string"!=typeof(e=e.toString()))throw qe("dirty is not a string, aborting")}if(!u.isSupported){if("object"===ht(d.toStaticHTML)||"function"==typeof d.toStaticHTML){if("string"==typeof e)return d.toStaticHTML(e);if(Oe(e))return d.toStaticHTML(e.outerHTML)}return e}if(Z||be(t),u.removed=[],"string"==typeof e&&(oe=!1),oe);else if(e instanceof m)1===(s=(n=Ae("\x3c!----\x3e")).ownerDocument.importNode(e,!0)).nodeType&&"BODY"===s.nodeName||"HTML"===s.nodeName?n=s:n.appendChild(s);else{if(!$&&!V&&!G&&-1===e.indexOf("<"))return C&&te?C.createHTML(e):e;if(!(n=Ae(e)))return $?null:S}n&&X&&ke(n.firstChild);for(var r=xe(oe?e:n);o=r.nextNode();)3===o.nodeType&&o===i||Ee(o)||(o.content instanceof h&&Re(o.content),De(o),i=o);if(i=null,oe)return e;if($){if(J)for(a=x.call(n.ownerDocument);n.firstChild;)a.appendChild(n.firstChild);else a=n;return ee&&(a=I.call(c,a,!0)),a}var l=G?n.outerHTML:n.innerHTML;return V&&(l=He(l,D," "),l=He(l,R," ")),C&&te?C.createHTML(l):l},u.setConfig=function(e){be(e),Z=!0},u.clearConfig=function(){ye=null,Z=!1},u.isValidAttribute=function(e,t,n){ye||be({});var s=Pe(e),o=Pe(t);return _e(s,o,n)},u.addHook=function(e,t){"function"==typeof t&&(_[e]=_[e]||[],Ne(_[e],t))},u.removeHook=function(e){_[e]&&je(_[e])},u.removeHooks=function(e){_[e]&&(_[e]=[])},u.removeAllHooks=function(){_={}},u}()}),window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.agent=function(e){e||(e={});var t=[],n=function(e){return e&&e.ecoSafe?e:void 0!==e&&null!=e?o(e):""},s=e.safe,o=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},o||(o=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){this.agent.avatar&&(t.push('\n<img class="zammad-chat-agent-avatar" src="'),t.push(n(this.agent.avatar)),t.push('">\n')),t.push('\n<span class="zammad-chat-agent-sentence">\n  <span class="zammad-chat-agent-name">'),t.push(n(this.agent.name)),t.push("</span>\n</span>")}).call(this)}.call(e),e.safe=s,e.escape=o,t.join("")};var bind=function(e,t){return function(){return e.apply(t,arguments)}},slice=[].slice,extend=function(e,t){for(var n in t)hasProp.call(t,n)&&(e[n]=t[n]);function s(){this.constructor=e}return s.prototype=t.prototype,e.prototype=new s,e.__super__=t.prototype,e},hasProp={}.hasOwnProperty;!function(E,_){var n,s,t,o,e,i,a,r,l;i=(l=document.getElementsByTagName("script"))[l.length-1],r=_.location.protocol.replace(":",""),i&&i.src&&(a=i.src.match(".*://([^:/]*).*")[1],r=i.src.match("(.*)://[^:/]*.*")[1]),n=function(){function e(e){this.options=E.extend({},this.defaults,e),this.log=new t({debug:this.options.debug,logPrefix:this.options.logPrefix||this.logPrefix})}return e.prototype.defaults={debug:!1},e}(),t=function(){function e(e){this.log=bind(this.log,this),this.error=bind(this.error,this),this.notice=bind(this.notice,this),this.debug=bind(this.debug,this),this.options=E.extend({},this.defaults,e)}return e.prototype.defaults={debug:!1},e.prototype.debug=function(){var e;if(e=1<=arguments.length?slice.call(arguments,0):[],this.options.debug)return this.log("debug",e)},e.prototype.notice=function(){var e;return e=1<=arguments.length?slice.call(arguments,0):[],this.log("notice",e)},e.prototype.error=function(){var e;return e=1<=arguments.length?slice.call(arguments,0):[],this.log("error",e)},e.prototype.log=function(e,t){var n,s,o,i;if(t.unshift("||"),t.unshift(e),t.unshift(this.options.logPrefix),console.log.apply(console,t),this.options.debug){for(i="",s=0,o=t.length;s<o;s++)i+=" ","object"==typeof(n=t[s])?i+=JSON.stringify(n):n&&n.toString?i+=n.toString():i+=n;return E(".js-chatLogDisplay").prepend("<div>"+i+"</div>")}},e}(),o=function(e){function t(e){this.stop=bind(this.stop,this),this.start=bind(this.start,this),t.__super__.constructor.call(this,e)}return extend(t,n),t.prototype.timeoutStartedAt=null,t.prototype.logPrefix="timeout",t.prototype.defaults={debug:!1,timeout:4,timeoutIntervallCheck:.5},t.prototype.start=function(){var e,t,n;return this.stop(),t=new Date,e=function(){var e;if(e=new Date-new Date(t.getTime()+1e3*n.options.timeout*60),n.log.debug("Timeout check for "+n.options.timeout+" minutes (left "+e/1e3+" sec.)"),!(e<0))return n.stop(),n.options.callback()},(n=this).log.debug("Start timeout in "+this.options.timeout+" minutes"),this.intervallId=setInterval(e,1e3*this.options.timeoutIntervallCheck*60)},t.prototype.stop=function(){if(this.intervallId)return this.log.debug("Stop timeout of "+this.options.timeout+" minutes"),clearInterval(this.intervallId)},t}(),s=function(e){function t(e){this.ping=bind(this.ping,this),this.send=bind(this.send,this),this.reconnect=bind(this.reconnect,this),this.close=bind(this.close,this),this.connect=bind(this.connect,this),this.set=bind(this.set,this),t.__super__.constructor.call(this,e)}return extend(t,n),t.prototype.logPrefix="io",t.prototype.set=function(e){var t,n,s;for(t in n=[],e)s=e[t],n.push(this.options[t]=s);return n},t.prototype.connect=function(){var t,o,n,s;return this.log.debug("Connecting to "+this.options.host),this.ws=new _.WebSocket(""+this.options.host),this.ws.onopen=(t=this,function(e){return t.log.debug("onOpen",e),t.options.onOpen(e),t.ping()}),this.ws.onmessage=(o=this,function(e){var t,n,s;for(s=JSON.parse(e.data),o.log.debug("onMessage",e.data),t=0,n=s.length;t<n;t++)"pong"===s[t].event&&o.ping();if(o.options.onMessage)return o.options.onMessage(s)}),this.ws.onclose=(n=this,function(e){if(n.log.debug("close websocket connection",e),n.pingDelayId&&clearTimeout(n.pingDelayId),n.manualClose){if(n.log.debug("manual close, onClose callback"),n.manualClose=!1,n.options.onClose)return n.options.onClose(e)}else if(n.log.debug("error close, onError callback"),n.options.onError)return n.options.onError("Connection lost...")}),this.ws.onerror=(s=this,function(e){if(s.log.debug("onError",e),s.options.onError)return s.options.onError(e)})},t.prototype.close=function(){return this.log.debug("close websocket manually"),this.manualClose=!0,this.ws.close()},t.prototype.reconnect=function(){return this.log.debug("reconnect"),this.close(),this.connect()},t.prototype.send=function(e,t){var n;return null==t&&(t={}),this.log.debug("send",e,t),n=JSON.stringify({event:e,data:t}),this.ws.send(n)},t.prototype.ping=function(){var e,t;return e=function(){return t.send("ping")},(t=this).pingDelayId=setTimeout(e,29e3)},t}(),e=function(e){function t(e){return this.removeAttributes=bind(this.removeAttributes,this),this.startTimeoutObservers=bind(this.startTimeoutObservers,this),this.onCssLoaded=bind(this.onCssLoaded,this),this.setAgentOnlineState=bind(this.setAgentOnlineState,this),this.onConnectionEstablished=bind(this.onConnectionEstablished,this),this.setSessionId=bind(this.setSessionId,this),this.onConnectionReestablished=bind(this.onConnectionReestablished,this),this.reconnect=bind(this.reconnect,this),this.destroy=bind(this.destroy,this),this.onScrollHintClick=bind(this.onScrollHintClick,this),this.detectScrolledtoBottom=bind(this.detectScrolledtoBottom,this),this.onLeaveTemporary=bind(this.onLeaveTemporary,this),this.onAgentTypingEnd=bind(this.onAgentTypingEnd,this),this.onAgentTypingStart=bind(this.onAgentTypingStart,this),this.onQueue=bind(this.onQueue,this),this.onQueueScreen=bind(this.onQueueScreen,this),this.onWebSocketClose=bind(this.onWebSocketClose,this),this.onCloseAnimationEnd=bind(this.onCloseAnimationEnd,this),this.close=bind(this.close,this),this.toggle=bind(this.toggle,this),this.sessionClose=bind(this.sessionClose,this),this.onOpenAnimationEnd=bind(this.onOpenAnimationEnd,this),this.open=bind(this.open,this),this.renderMessage=bind(this.renderMessage,this),this.receiveMessage=bind(this.receiveMessage,this),this.onSubmit=bind(this.onSubmit,this),this.onFocus=bind(this.onFocus,this),this.onInput=bind(this.onInput,this),this.onReopenSession=bind(this.onReopenSession,this),this.onError=bind(this.onError,this),this.onWebSocketMessage=bind(this.onWebSocketMessage,this),this.send=bind(this.send,this),this.checkForEnter=bind(this.checkForEnter,this),this.render=bind(this.render,this),this.view=bind(this.view,this),this.T=bind(this.T,this),this.options=E.extend({},this.defaults,e),t.__super__.constructor.call(this,this.options),this.isFullscreen=_.matchMedia&&_.matchMedia("(max-width: 768px)").matches,this.scrollRoot=E(this.getScrollRoot()),E?_.WebSocket&&sessionStorage?this.options.chatId?(this.options.lang||(this.options.lang=E("html").attr("lang")),this.options.lang&&(this.translations[this.options.lang]||(this.log.debug("lang: No "+this.options.lang+" found, try first two letters"),this.options.lang=this.options.lang.replace(/-.+?$/,"")),this.log.debug("lang: "+this.options.lang)),this.options.host||this.detectHost(),this.loadCss(),this.io=new s(this.options),this.io.set({onOpen:this.render,onClose:this.onWebSocketClose,onMessage:this.onWebSocketMessage,onError:this.onError}),void this.io.connect()):(this.state="unsupported",void this.log.error("Chat: need chatId as option!")):(this.state="unsupported",void this.log.notice("Chat: Browser not supported!")):(this.state="unsupported",void this.log.notice("Chat: no jquery found!"))}return extend(t,n),t.prototype.defaults={chatId:void 0,show:!0,target:E("body"),host:"",debug:!1,flat:!1,lang:void 0,cssAutoload:!0,cssUrl:void 0,fontSize:void 0,buttonClass:"open-zammad-chat",inactiveClass:"is-inactive",title:"<strong>Chat</strong> with us!",scrollHint:"Scroll down to see new messages",idleTimeout:6,idleTimeoutIntervallCheck:.5,inactiveTimeout:8,inactiveTimeoutIntervallCheck:.5,waitingListTimeout:4,waitingListTimeoutIntervallCheck:.5,onReady:void 0,onCloseAnimationEnd:void 0,onError:void 0,onOpenAnimationEnd:void 0,onConnectionReestablished:void 0,onSessionClosed:void 0,onConnectionEstablished:void 0,onCssLoaded:void 0},t.prototype.logPrefix="chat",t.prototype._messageCount=0,t.prototype.isOpen=!1,t.prototype.blinkOnlineInterval=null,t.prototype.stopBlinOnlineStateTimeout=null,t.prototype.showTimeEveryXMinutes=2,t.prototype.lastTimestamp=null,t.prototype.lastAddedType=null,t.prototype.inputDisabled=!1,t.prototype.inputTimeout=null,t.prototype.isTyping=!1,t.prototype.state="offline",t.prototype.initialQueueDelay=1e4,t.prototype.translations={da:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> med os!","Scroll down to see new messages":"Scroll ned for at se nye beskeder",Online:"Online",Offline:"Offline",Connecting:"Forbinder","Connection re-established":"Forbindelse genoprettet",Today:"I dag",Send:"Send","Chat closed by %s":"Chat lukket af %s","Compose your message...":"Skriv en besked...","All colleagues are busy.":"Alle kollegaer er optaget.","You are on waiting list position <strong>%s</strong>.":"Du er i venteliste som nummer <strong>%s</strong>.","Start new conversation":"Start en ny samtale","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Da du ikke har svaret i de sidste %s minutter er din samtale med <strong>%s</strong> blevet lukket.","Since you didn't respond in the last %s minutes your conversation got closed.":"Da du ikke har svaret i de sidste %s minutter er din samtale blevet lukket.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi beklager, det tager længere end forventet at få en ledig plads. Prøv venligst igen senere eller send os en e-mail. På forhånd tak!"},de:{"<strong>Chat</strong> with us!":"<strong>Chatte</strong> mit uns!","Scroll down to see new messages":"Scrolle nach unten um neue Nachrichten zu sehen",Online:"Online",Offline:"Offline",Connecting:"Verbinden","Connection re-established":"Verbindung wiederhergestellt",Today:"Heute",Send:"Senden","Chat closed by %s":"Chat beendet von %s","Compose your message...":"Ihre Nachricht...","All colleagues are busy.":"Alle Kollegen sind belegt.","You are on waiting list position <strong>%s</strong>.":"Sie sind in der Warteliste an der Position <strong>%s</strong>.","Start new conversation":"Neue Konversation starten","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Da Sie in den letzten %s Minuten nichts geschrieben haben wurde Ihre Konversation mit <strong>%s</strong> geschlossen.","Since you didn't respond in the last %s minutes your conversation got closed.":"Da Sie in den letzten %s Minuten nichts geschrieben haben wurde Ihre Konversation geschlossen.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Es tut uns leid, es dauert länger als erwartet, um einen freien Platz zu erhalten. Bitte versuchen Sie es zu einem späteren Zeitpunkt noch einmal oder schicken Sie uns eine E-Mail. Vielen Dank!"},es:{"<strong>Chat</strong> with us!":"<strong>Chatee</strong> con nosotros!","Scroll down to see new messages":"Haga scroll hacia abajo para ver nuevos mensajes",Online:"En linea",Offline:"Desconectado",Connecting:"Conectando","Connection re-established":"Conexión restablecida",Today:"Hoy",Send:"Enviar","Chat closed by %s":"Chat cerrado por %s","Compose your message...":"Escriba su mensaje...","All colleagues are busy.":"Todos los agentes están ocupados.","You are on waiting list position <strong>%s</strong>.":"Usted está en la posición <strong>%s</strong> de la lista de espera.","Start new conversation":"Iniciar nueva conversación","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Puesto que usted no respondió en los últimos %s minutos su conversación con <strong>%s</strong> se ha cerrado.","Since you didn't respond in the last %s minutes your conversation got closed.":"Puesto que usted no respondió en los últimos %s minutos su conversación se ha cerrado.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Lo sentimos, se tarda más tiempo de lo esperado para ser atendido por un agente. Inténtelo de nuevo más tarde o envíenos un correo electrónico. ¡Gracias!"},fi:{"<strong>Chat</strong> with us!":"<strong>Keskustele</strong> kanssamme!","Scroll down to see new messages":"Rullaa alas nähdäksesi uudet viestit",Online:"Paikalla",Offline:"Poissa",Connecting:"Yhdistetään","Connection re-established":"Yhteys muodostettu uudelleen",Today:"Tänään",Send:"Lähetä","Chat closed by %s":"%s sulki keskustelun","Compose your message...":"Luo viestisi...","All colleagues are busy.":"Kaikki kollegat ovat varattuja.","You are on waiting list position <strong>%s</strong>.":"Olet odotuslistalla sijalla <strong>%s</strong>.","Start new conversation":"Aloita uusi keskustelu","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Koska et vastannut viimeiseen %s minuuttiin, keskustelusi <strong>%s</strong> kanssa suljettiin.","Since you didn't respond in the last %s minutes your conversation got closed.":"Koska et vastannut viimeiseen %s minuuttiin, keskustelusi suljettiin.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Olemme pahoillamme, tyhjän paikan vapautumisessa kestää odotettua pidempään. Ole hyvä ja yritä myöhemmin uudestaan tai lähetä meille sähköpostia. Kiitos!"},fr:{"<strong>Chat</strong> with us!":"<strong>Chattez</strong> avec nous!","Scroll down to see new messages":"Faites défiler pour lire les nouveaux messages",Online:"En-ligne",Offline:"Hors-ligne",Connecting:"Connexion en cours","Connection re-established":"Connexion rétablie",Today:"Aujourdhui",Send:"Envoyer","Chat closed by %s":"Chat fermé par %s","Compose your message...":"Composez votre message...","All colleagues are busy.":"Tous les collaborateurs sont occupés actuellement.","You are on waiting list position <strong>%s</strong>.":"Vous êtes actuellement en position <strong>%s</strong> dans la file d'attente.","Start new conversation":"Démarrer une nouvelle conversation","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Si vous ne répondez pas dans les <strong>%s</strong> minutes, votre conversation avec %s sera fermée.","Since you didn't respond in the last %s minutes your conversation got closed.":"Si vous ne répondez pas dans les %s minutes, votre conversation va être fermée.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Nous sommes désolés, il faut plus de temps que prévu pour obtenir un emplacement vide. Veuillez réessayer ultérieurement ou nous envoyer un courriel. Nous vous remercions!"},he:{"<strong>Chat</strong> with us!":"<strong>שוחח</strong>איתנו!","Scroll down to see new messages":"גלול מטה כדי לראות הודעות חדשות",Online:"מחובר",Offline:"מנותק",Connecting:"מתחבר","Connection re-established":"החיבור שוחזר",Today:"היום",Send:"שלח","Chat closed by %s":'הצאט נסגר ע"י %s',"Compose your message...":"כתוב את ההודעה שלך ...","All colleagues are busy.":"כל הנציגים תפוסים","You are on waiting list position <strong>%s</strong>.":"מיקומך בתור <strong>%s</strong>.","Start new conversation":"התחל שיחה חדשה","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"מכיוון שלא הגבת במהלך %s דקות השיחה שלך עם <strong>%s</strong> נסגרה.","Since you didn't respond in the last %s minutes your conversation got closed.":"מכיוון שלא הגבת במהלך %s הדקות האחרונות השיחה שלך נסגרה.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":'מצטערים, הזמן לקבלת נציג ארוך מהרגיל. נסה שוב מאוחר יותר או שלח לנו דוא"ל. תודה!'},hu:{"<strong>Chat</strong> with us!":"<strong>Chatelj</strong> velünk!","Scroll down to see new messages":"Görgess lejjebb az újabb üzenetekért",Online:"Online",Offline:"Offline",Connecting:"Csatlakozás","Connection re-established":"Újracsatlakozás",Today:"Ma",Send:"Küldés","Chat closed by %s":"A beszélgetést lezárta %s","Compose your message...":"Írj üzenetet...","All colleagues are busy.":"Jelenleg minden kollégánk elfoglalt.","You are on waiting list position <strong>%s</strong>.":"A várólistán a <strong>%s</strong>. pozícióban várakozol.","Start new conversation":"Új beszélgetés indítása","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Mivel %s perce nem érkezett újabb üzenet, ezért a <strong>%s</strong> kollégával folytatott beszéletést lezártuk.","Since you didn't respond in the last %s minutes your conversation got closed.":"Mivel %s perce nem érkezett válasz, a beszélgetés lezárult.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Sajnáljuk, de a várakozási idő hosszabb a szokásosnál. Kérlek próbáld újra, vagy írd meg kérdésed emailben. Köszönjük!"},nl:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> met ons!","Scroll down to see new messages":"Scrol naar beneden om nieuwe berichten te zien",Online:"Online",Offline:"Offline",Connecting:"Verbinden","Connection re-established":"Verbinding herstelt",Today:"Vandaag",Send:"Verzenden","Chat closed by %s":"Chat gesloten door %s","Compose your message...":"Typ uw bericht...","All colleagues are busy.":"Alle medewerkers zijn bezet.","You are on waiting list position <strong>%s</strong>.":"U bent <strong>%s</strong> in de wachtrij.","Start new conversation":"Nieuwe conversatie starten","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Omdat u in de laatste %s minuten niets geschreven heeft wordt de conversatie met <strong>%s</strong> gesloten.","Since you didn't respond in the last %s minutes your conversation got closed.":"Omdat u in de laatste %s minuten niets geschreven heeft is de conversatie gesloten.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Het spijt ons, het duurt langer dan verwacht om te antwoorden. Alstublieft probeer het later nogmaals of stuur ons een email. Hartelijk dank!"},it:{"<strong>Chat</strong> with us!":"<strong>Chatta</strong> con noi!","Scroll down to see new messages":"Scorri verso il basso per vedere i nuovi messaggi",Online:"Online",Offline:"Offline",Connecting:"Collegamento in corso","Connection re-established":"Collegamento ristabilito",Today:"Oggi",Send:"Invio","Chat closed by %s":"Chat chiusa da %s","Compose your message...":"Componi il tuo messaggio...","All colleagues are busy.":"Tutti gli operatori sono occupati.","You are on waiting list position <strong>%s</strong>.":"Sei in posizione <strong>%s</strong> nella lista d'attesa.","Start new conversation":"Avvia una nuova chat","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Dal momento che non hai risposto negli ultimi %s minuti la tua chat con <strong>%s</strong> è stata chiusa.","Since you didn't respond in the last %s minutes your conversation got closed.":"Dal momento che non hai risposto negli ultimi %s minuti la tua chat è stata chiusa.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Ci dispiace, ci vuole più tempo del previsto per arrivare al tuo turno. Per favore riprova più tardi o inviaci un'email. Grazie!"},pl:{"<strong>Chat</strong> with us!":"<strong>Czatuj</strong> z nami!","Scroll down to see new messages":"Przewiń w dół, aby wyświetlić nowe wiadomości",Online:"Online",Offline:"Offline",Connecting:"Łączenie","Connection re-established":"Ponowne nawiązanie połączenia",Today:"dzisiejszy",Send:"Wyślij","Chat closed by %s":"Czat zamknięty przez %s","Compose your message...":"Utwórz swoją wiadomość...","All colleagues are busy.":"Wszyscy konsultanci są zajęci.","You are on waiting list position <strong>%s</strong>.":"Na liście oczekujących znajduje się pozycja <strong>%s</strong>.","Start new conversation":"Rozpoczęcie nowej konwersacji","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Ponieważ w ciągu ostatnich %s minut nie odpowiedziałeś, Twoja rozmowa z <strong>%s</strong> została zamknięta.","Since you didn't respond in the last %s minutes your conversation got closed.":"Ponieważ nie odpowiedziałeś w ciągu ostatnich %s minut, Twoja rozmowa została zamknięta.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Przykro nam, ale to trwa dłużej niż się spodziewamy. Spróbuj ponownie później lub wyślij nam wiadomość e-mail. Dziękuję!"},"pt-br":{"<strong>Chat</strong> with us!":"<strong>Chat</strong> fale conosco!","Scroll down to see new messages":"Role para baixo, para ver nosvas mensagens",Online:"Online",Offline:"Desconectado",Connecting:"Conectando","Connection re-established":"Conexão restabelecida",Today:"Hoje",Send:"Enviar","Chat closed by %s":"Chat encerrado por %s","Compose your message...":"Escreva sua mensagem...","All colleagues are busy.":"Todos os agentes estão ocupados.","You are on waiting list position <strong>%s</strong>.":"Você está na posição <strong>%s</strong> na fila de espera.","Start new conversation":"Iniciar uma nova conversa","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Como você não respondeu nos últimos %s minutos sua conversa com <strong>%s</strong> foi encerrada.","Since you didn't respond in the last %s minutes your conversation got closed.":"Como você não respondeu nos últimos %s minutos sua conversa foi encerrada.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Desculpe, mas o tempo de espera por um agente foi excedido. Tente novamente mais tarde ou nós envie um email. Obrigado"},"zh-cn":{"<strong>Chat</strong> with us!":"发起<strong>即时对话</strong>!","Scroll down to see new messages":"向下滚动以查看新消息",Online:"在线",Offline:"离线",Connecting:"连接中","Connection re-established":"正在重新建立连接",Today:"今天",Send:"发送","Chat closed by %s":"Chat closed by %s","Compose your message...":"正在输入信息...","All colleagues are busy.":"所有工作人员都在忙碌中.","You are on waiting list position <strong>%s</strong>.":"您目前的等候位置是第 <strong>%s</strong> 位.","Start new conversation":"开始新的会话","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"由于您超过 %s 分钟没有回复, 您与 <strong>%s</strong> 的会话已被关闭.","Since you didn't respond in the last %s minutes your conversation got closed.":"由于您超过 %s 分钟没有任何回复, 该对话已被关闭.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"非常抱歉, 目前需要等候更长的时间才能接入对话, 请稍后重试或向我们发送电子邮件. 谢谢!"},"zh-tw":{"<strong>Chat</strong> with us!":"開始<strong>即時對话</strong>!","Scroll down to see new messages":"向下滑動以查看新訊息",Online:"線上",Offline:"离线",Connecting:"連線中","Connection re-established":"正在重新建立連線中",Today:"今天",Send:"發送","Chat closed by %s":"Chat closed by %s","Compose your message...":"正在輸入訊息...","All colleagues are busy.":"所有服務人員都在忙碌中.","You are on waiting list position <strong>%s</strong>.":"你目前的等候位置是第 <strong>%s</strong> 順位.","Start new conversation":"開始新的對話","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"由於你超過 %s 分鐘沒有回應, 你與 <strong>%s</strong> 的對話已被關閉.","Since you didn't respond in the last %s minutes your conversation got closed.":"由於你超過 %s 分鐘沒有任何回應, 該對話已被關閉.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"非常抱歉, 當前需要等候更長的時間方可排入對話程序, 請稍後重試或向我們寄送電子郵件. 謝謝!"},ru:{"<strong>Chat</strong> with us!":"Напишите нам!","Scroll down to see new messages":"Прокрутите, чтобы увидеть новые сообщения",Online:"Онлайн",Offline:"Оффлайн",Connecting:"Подключение","Connection re-established":"Подключение восстановлено",Today:"Сегодня",Send:"Отправить","Chat closed by %s":"%s закрыл чат","Compose your message...":"Напишите сообщение...","All colleagues are busy.":"Все сотрудники заняты","You are on waiting list position %s.":"Вы в списке ожидания под номером %s","Start new conversation":"Начать новую переписку.","Since you didn't respond in the last %s minutes your conversation with %s got closed.":"Поскольку вы не отвечали в течение последних %s минут, ваш разговор с %s был закрыт.","Since you didn't respond in the last %s minutes your conversation got closed.":"Поскольку вы не отвечали в течение последних %s минут, ваш разговор был закрыт.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"К сожалению, ожидание свободного места требует больше времени. Повторите попытку позже или отправьте нам электронное письмо. Спасибо!"},sv:{"<strong>Chat</strong> with us!":"<strong>Chatta</strong> med oss!","Scroll down to see new messages":"Rulla ner för att se nya meddelanden",Online:"Online",Offline:"Offline",Connecting:"Ansluter","Connection re-established":"Anslutningen återupprättas",Today:"I dag",Send:"Skicka","Chat closed by %s":"Chatt stängd av %s","Compose your message...":"Skriv ditt meddelande...","All colleagues are busy.":"Alla kollegor är upptagna.","You are on waiting list position <strong>%s</strong>.":"Du är på väntelistan som position <strong>%s</strong>.","Start new conversation":"Starta ny konversation","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Eftersom du inte svarat inom %s minuterna i din konversation med <strong>%s</strong> så stängdes chatten.","Since you didn't respond in the last %s minutes your conversation got closed.":"Då du inte svarat inom de senaste %s minuterna så avslutades din chatt.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi är ledsna, det tar längre tid som förväntat att få en ledig plats. Försök igen senare eller skicka ett e-postmeddelande till oss. Tack!"},no:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> med oss!","Scroll down to see new messages":"Bla ned for å se nye meldinger",Online:"Pålogget",Offline:"Avlogget",Connecting:"Koble til","Connection re-established":"Tilkoblingen er gjenopprettet",Today:"I dag",Send:"Send","Chat closed by %s":"Chat avsluttes om %s","Compose your message...":"Skriv din melding...","All colleagues are busy.":"Alle våre kolleger er for øyeblikket opptatt.","You are on waiting list position <strong>%s</strong>.":"Du står nå i kø og er nr. <strong>%s</strong> på ventelisten.","Start new conversation":"Start en ny samtale","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene av samtalen, vil samtalen med  <strong>%s</strong> nå avsluttes.","Since you didn't respond in the last %s minutes your conversation got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene, har samtalen nå blitt avsluttet.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi beklager, men det tar lengre tid enn vanlig å få en ledig plass i vår chat. Vennligst prøv igjen på et senere tidspunkt eller send oss en e-post. Tusen takk!"},nb:{"<strong>Chat</strong> with us!":"<strong>Chat</strong> med oss!","Scroll down to see new messages":"Bla ned for å se nye meldinger",Online:"Pålogget",Offline:"Avlogget",Connecting:"Koble til","Connection re-established":"Tilkoblingen er gjenopprettet",Today:"I dag",Send:"Send","Chat closed by %s":"Chat avsluttes om %s","Compose your message...":"Skriv din melding...","All colleagues are busy.":"Alle våre kolleger er for øyeblikket opptatt.","You are on waiting list position <strong>%s</strong>.":"Du står nå i kø og er nr. <strong>%s</strong> på ventelisten.","Start new conversation":"Start en ny samtale","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene av samtalen, vil samtalen med  <strong>%s</strong> nå avsluttes.","Since you didn't respond in the last %s minutes your conversation got closed.":"Ettersom du ikke har respondert i løpet av de siste %s minuttene, har samtalen nå blitt avsluttet.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Vi beklager, men det tar lengre tid enn vanlig å få en ledig plass i vår chat. Vennligst prøv igjen på et senere tidspunkt eller send oss en e-post. Tusen takk!"},el:{"<strong>Chat</strong> with us!":"<strong>Επικοινωνήστε</strong> μαζί μας!","Scroll down to see new messages":"Μεταβείτε κάτω για να δείτε τα νέα μηνύματα",Online:"Σε σύνδεση",Offline:"Αποσυνδεμένος",Connecting:"Σύνδεση","Connection re-established":"Η σύνδεση αποκαταστάθηκε",Today:"Σήμερα",Send:"Αποστολή","Chat closed by %s":"Η συνομιλία έκλεισε από τον/την %s","Compose your message...":"Γράψτε το μήνυμα σας...","All colleagues are busy.":"Όλοι οι συνάδελφοι μας είναι απασχολημένοι.","You are on waiting list position <strong>%s</strong>.":"Βρίσκεστε σε λίστα αναμονής στη θέση <strong>%s</strong>.","Start new conversation":"Έναρξη νέας συνομιλίας","Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.":"Από τη στιγμή που δεν απαντήσατε τα τελευταία %s λεπτά η συνομιλία σας με τον/την <strong>%s</strong> έκλεισε.","Since you didn't respond in the last %s minutes your conversation got closed.":"Από τη στιγμή που δεν απαντήσατε τα τελευταία %s λεπτά η συνομιλία σας έκλεισε.","We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!":"Λυπούμαστε που χρειάζεται περισσότερος χρόνος από τον αναμενόμενο για να βρεθεί μία κενή θέση. Παρακαλούμε δοκιμάστε ξανά αργότερα ή στείλτε μας ένα email. Ευχαριστούμε!"}},t.prototype.sessionId=void 0,t.prototype.scrolledToBottom=!0,t.prototype.scrollSnapTolerance=10,t.prototype.richTextFormatKey={66:!0,73:!0,85:!0,83:!0},t.prototype.T=function(){var e,t,n,s,o,i;if(o=arguments[0],t=2<=arguments.length?slice.call(arguments,1):[],this.options.lang&&"en"!==this.options.lang&&(this.translations[this.options.lang]?((i=this.translations[this.options.lang])[o]||this.log.notice("Translation needed for '"+o+"'"),o=i[o]||o):this.log.notice("Translation '"+this.options.lang+"' needed!")),t)for(n=0,s=t.length;n<s;n++)e=t[n],o=o.replace(/%s/,e);return o},t.prototype.view=function(t){return n=this,function(e){return e||(e={}),e.T=n.T,e.background=n.options.background,e.flat=n.options.flat,e.fontSize=n.options.fontSize,_.zammadChatTemplates[t](e)};var n},t.prototype.getScrollRoot=function(){var e,t,n;return"scrollingElement"in document?document.scrollingElement:(n=(t=document.documentElement).scrollTop,t.scrollTop=n+1,e=t.scrollTop,(t.scrollTop=n)<e?t:document.body)},t.prototype.render=function(){return this.el&&E(".zammad-chat").get(0)||this.renderBase(),E("."+this.options.buttonClass).addClass(this.options.inactiveClass),this.setAgentOnlineState("online"),this.log.debug("widget rendered"),this.startTimeoutObservers(),this.idleTimeout.start(),this.sessionId=sessionStorage.getItem("sessionId"),this.send("chat_status_customer",{session_id:this.sessionId,url:_.location.href})},t.prototype.renderBase=function(){var n,m,c,e,t;if(this.el=E(this.view("chat")({title:this.options.title,scrollHint:this.options.scrollHint})),this.options.target.append(this.el),this.input=this.el.find(".zammad-chat-input"),this.el.find(".js-chat-open").click(this.open),this.el.find(".js-chat-toggle").click(this.toggle),this.el.find(".js-chat-status").click(this.stopPropagation),this.el.find(".zammad-chat-controls").on("submit",this.onSubmit),this.el.find(".zammad-chat-body").on("scroll",this.detectScrolledtoBottom),this.el.find(".zammad-scroll-hint").click(this.onScrollHintClick),this.input.on({keydown:this.checkForEnter,input:this.onInput}),this.input.on("keydown",(n=this,function(e){var t;if(t=!1,(e.altKey||e.ctrlKey||!e.metaKey)&&(e.altKey||!e.ctrlKey||e.metaKey)||(t=!0),t&&n.richTextFormatKey[e.keyCode]){if(e.preventDefault(),66===e.keyCode)return document.execCommand("bold"),!0;if(73===e.keyCode)return document.execCommand("italic"),!0;if(85===e.keyCode)return document.execCommand("underline"),!0;if(83===e.keyCode)return document.execCommand("strikeThrough"),!0}})),this.input.on("paste",(m=this,function(t){var n,s,e,o,i,a,r,l,d,c,u,h;if(t.stopPropagation(),t.preventDefault(),t.clipboardData)n=t.clipboardData;else if(_.clipboardData)n=_.clipboardData;else{if(!t.originalEvent.clipboardData)throw"No clipboardData support";n=t.originalEvent.clipboardData}if(a=!1,n&&n.items&&n.items[0]&&("file"!==(r=n.items[0]).kind||"image/png"!==r.type&&"image/jpeg"!==r.type||(i=r.getAsFile(),(d=new FileReader).onload=function(e){var o,t,i;return i=e.target.result,(o=document.createElement("img")).src=i,t=function(e,t,n,s){return m.isRetina()&&(t/=2),o='<img style="width: 100%; max-width: '+t+'px;" src="'+(i=e)+'">',document.execCommand("insertHTML",!1,o)},m.resizeImage(o.src,460,"auto",2,"image/jpeg","auto",t)},d.readAsDataURL(i),a=!0)),!a){s=h=void 0;try{h=n.getData("text/html"),s="html",h&&0!==h.length||(s="text",h=n.getData("text/plain")),h&&0!==h.length||(s="text2",h=n.getData("text"))}catch(e){t=e,console.log("Sorry, can't insert markup because browser is not supporting it."),s="text3",h=n.getData("text")}return"text"!==s&&"text2"!==s&&"text3"!==s||(h=(h="<div>"+h.replace(/\n/g,"</div><div>")+"</div>").replace(/<div><\/div>/g,"<div><br></div>")),console.log("p",s,h),"html"===s&&(u=DOMPurify.sanitize(h),m.log.debug("sanitized HTML clipboard",u),e=E("<div>"+u+"</div>"),l=!1,o=h,c=new RegExp("<(/w|w):[A-Za-z]"),o.match(c)&&(l=!0,o=o.replace(c,"")),c=new RegExp("<(/o|o):[A-Za-z]"),o.match(c)&&(l=!0,o=o.replace(c,"")),l&&(e=m.wordFilter(e)),(e=E(e)).contents().each(function(){if(8===this.nodeType)return E(this).remove()}),e.find("a, font, small, time, form, label").replaceWith(function(){return E(this).contents()}),e.find("textarea").each(function(){var e,t;return t=this.outerHTML,c=new RegExp("<"+this.tagName,"i"),e=t.replace(c,"<div"),c=new RegExp("</"+this.tagName,"i"),e=e.replace(c,"</div"),E(this).replaceWith(e)}),e.find("font, img, svg, input, select, button, style, applet, embed, noframes, canvas, script, frame, iframe, meta, link, title, head, fieldset").remove(),m.removeAttributes(e),h=e.html()),"text3"===s?m.pasteHtmlAtCaret(h):document.execCommand("insertHTML",!1,h),!0}})),this.input.on("drop",(c=this,function(e){var t,n,s,l,d;if(e.stopPropagation(),e.preventDefault(),_.dataTransfer)t=_.dataTransfer;else{if(!e.originalEvent.dataTransfer)throw"No clipboardData support";t=e.originalEvent.dataTransfer}if(l=e.clientX,d=e.clientY,(n=t.files[0]).type.match("image.*"))return(s=new FileReader).onload=function(e){var a,t,r;return r=e.target.result,(a=document.createElement("img")).src=r,t=function(e,t,n,s){var o,i;return c.isRetina()&&(t/=2),a=(a=E('<img style="width: 100%; max-width: '+t+'px;" src="'+(r=e)+'">')).get(0),document.caretPositionFromPoint?(o=document.caretPositionFromPoint(l,d),(i=document.createRange()).setStart(o.offsetNode,o.offset),i.collapse(),i.insertNode(a)):document.caretRangeFromPoint?(i=document.caretRangeFromPoint(l,d)).insertNode(a):console.log("could not find carat")},c.resizeImage(a.src,460,"auto",2,"image/jpeg","auto",t)},s.readAsDataURL(n)})),E(_).on("beforeunload",(e=this,function(){return e.onLeaveTemporary()})),E(_).bind("hashchange",(t=this,function(){if(!t.isOpen)return t.idleTimeout.start();t.sessionId&&t.send("chat_session_notice",{session_id:t.sessionId,message:_.location.href})})),this.isFullscreen)return this.input.on({focus:this.onFocus,focusout:this.onFocusOut})},t.prototype.stopPropagation=function(e){return e.stopPropagation()},t.prototype.checkForEnter=function(e){if(!this.inputDisabled&&!e.shiftKey&&13===e.keyCode)return e.preventDefault(),this.sendMessage()},t.prototype.send=function(e,t){return null==t&&(t={}),t.chat_id=this.options.chatId,this.io.send(e,t)},t.prototype.onWebSocketMessage=function(e){var t,n,s;for(t=0,n=e.length;t<n;t++)switch(s=e[t],this.log.debug("ws:onmessage",s),s.event){case"chat_error":this.log.notice(s.data),s.data&&"chat_disabled"===s.data.state&&this.destroy({remove:!0});break;case"chat_session_message":if(s.data.self_written)return;this.receiveMessage(s.data);break;case"chat_session_typing":if(s.data.self_written)return;this.onAgentTypingStart();break;case"chat_session_start":this.onConnectionEstablished(s.data);break;case"chat_session_queue":this.onQueueScreen(s.data);break;case"chat_session_closed":case"chat_session_left":this.onSessionClosed(s.data);break;case"chat_session_notice":this.addStatus(this.T(s.data.message));break;case"chat_status_customer":switch(s.data.state){case"online":this.sessionId=void 0,!this.options.cssAutoload||this.cssLoaded?this.onReady():this.socketReady=!0;break;case"offline":this.onError("Zammad Chat: No agent online");break;case"chat_disabled":this.onError("Zammad Chat: Chat is disabled");break;case"no_seats_available":this.onError("Zammad Chat: Too many clients in queue. Clients in queue: "+s.data.queue);break;case"reconnect":this.onReopenSession(s.data)}}},t.prototype.onReady=function(){var e;if(this.log.debug("widget ready for use"),E("."+this.options.buttonClass).click(this.open).removeClass(this.options.inactiveClass),"function"==typeof(e=this.options).onReady&&e.onReady(),this.options.show)return this.show()},t.prototype.onError=function(e){var t;return this.log.debug(e),this.addStatus(e),E("."+this.options.buttonClass).hide(),this.isOpen?(this.disableInput(),this.destroy({remove:!1})):this.destroy({remove:!0}),"function"==typeof(t=this.options).onError?t.onError(e):void 0},t.prototype.onReopenSession=function(e){var t,n,s,o,i;if(this.log.debug("old messages",e.session),this.inactiveTimeout.start(),i=sessionStorage.getItem("unfinished_message"),e.agent){for(this.onConnectionEstablished(e),t=0,n=(o=e.session).length;t<n;t++)s=o[t],this.renderMessage({message:s.content,id:s.id,from:s.created_by_id?"agent":"customer"});i&&this.input.html(i)}if(e.position&&this.onQueue(e),this.show(),this.open(),this.scrollToBottom(),i)return this.input.focus()},t.prototype.onInput=function(){return this.el.find(".zammad-chat-message--unread").removeClass("zammad-chat-message--unread"),sessionStorage.setItem("unfinished_message",this.input.html()),this.onTyping()},t.prototype.onFocus=function(){var e;if(E(_).scrollTop(10),e=0<E(_).scrollTop(),E(_).scrollTop(0),e)return this.log.notice("virtual keyboard shown")},t.prototype.onFocusOut=function(){},t.prototype.onTyping=function(){if(!(this.isTyping&&this.isTyping>new Date((new Date).getTime()-1500)))return this.isTyping=new Date,this.send("chat_session_typing",{session_id:this.sessionId}),this.inactiveTimeout.start()},t.prototype.onSubmit=function(e){return e.preventDefault(),this.sendMessage()},t.prototype.sendMessage=function(){var e,t;if(e=this.input.html())return this.inactiveTimeout.start(),sessionStorage.removeItem("unfinished_message"),t=this.view("message")({message:e,from:"customer",id:this._messageCount++,unreadClass:""}),this.maybeAddTimestamp(),this.el.find(".zammad-chat-message--typing").get(0)?(this.lastAddedType="typing-placeholder",this.el.find(".zammad-chat-message--typing").before(t)):(this.lastAddedType="message--customer",this.el.find(".zammad-chat-body").append(t)),this.input.html(""),this.scrollToBottom(),this.send("chat_session_message",{content:e,id:this._messageCount,session_id:this.sessionId})},t.prototype.receiveMessage=function(e){return this.inactiveTimeout.start(),this.onAgentTypingEnd(),this.maybeAddTimestamp(),this.renderMessage({message:e.message.content,id:e.id,from:"agent"}),this.scrollToBottom({showHint:!0})},t.prototype.renderMessage=function(e){return this.lastAddedType="message--"+e.from,e.unreadClass=document.hidden?" zammad-chat-message--unread":"",this.el.find(".zammad-chat-body").append(this.view("message")(e))},t.prototype.open=function(){var e;if(!this.isOpen)return this.isOpen=!0,this.log.debug("open widget"),this.show(),this.sessionId||this.showLoader(),this.el.addClass("zammad-chat-is-open"),e=this.el.height()-this.el.find(".zammad-chat-header").outerHeight(),this.el.css("bottom",-e),this.sessionId?(this.el.css("bottom",0),this.onOpenAnimationEnd()):(this.el.animate({bottom:0},500,this.onOpenAnimationEnd),this.send("chat_session_init",{url:_.location.href}));this.log.debug("widget already open, block")},t.prototype.onOpenAnimationEnd=function(){var e;return this.idleTimeout.stop(),this.isFullscreen&&this.disableScrollOnRoot(),"function"==typeof(e=this.options).onOpenAnimationEnd?e.onOpenAnimationEnd():void 0},t.prototype.sessionClose=function(){return this.send("chat_session_close",{session_id:this.sessionId}),this.inactiveTimeout.stop(),this.waitingListTimeout.stop(),sessionStorage.removeItem("unfinished_message"),this.onInitialQueueDelayId&&clearTimeout(this.onInitialQueueDelayId),this.setSessionId(void 0)},t.prototype.toggle=function(e){return this.isOpen?this.close(e):this.open(e)},t.prototype.close=function(e){var t;if(this.isOpen){if(this.initDelayId&&clearTimeout(this.initDelayId),this.sessionId)return this.log.debug("close widget"),e&&e.stopPropagation(),this.sessionClose(),this.isFullscreen&&this.enableScrollOnRoot(),t=this.el.height()-this.el.find(".zammad-chat-header").outerHeight(),this.el.animate({bottom:-t},500,this.onCloseAnimationEnd);this.log.debug("can't close widget without sessionId")}else this.log.debug("can't close widget, it's not open")},t.prototype.onCloseAnimationEnd=function(){var e;return this.el.css("bottom",""),this.el.removeClass("zammad-chat-is-open"),this.showLoader(),this.el.find(".zammad-chat-welcome").removeClass("zammad-chat-is-hidden"),this.el.find(".zammad-chat-agent").addClass("zammad-chat-is-hidden"),this.el.find(".zammad-chat-agent-status").addClass("zammad-chat-is-hidden"),this.isOpen=!1,"function"==typeof(e=this.options).onCloseAnimationEnd&&e.onCloseAnimationEnd(),this.io.reconnect()},t.prototype.onWebSocketClose=function(){if(!this.isOpen)return this.el?(this.el.removeClass("zammad-chat-is-shown"),this.el.removeClass("zammad-chat-is-loaded")):void 0},t.prototype.show=function(){if("offline"!==this.state)return this.el.addClass("zammad-chat-is-loaded"),this.el.addClass("zammad-chat-is-shown")},t.prototype.disableInput=function(){return this.inputDisabled=!0,this.input.prop("contenteditable",!1),this.el.find(".zammad-chat-send").prop("disabled",!0),this.io.close()},t.prototype.enableInput=function(){return this.inputDisabled=!1,this.input.prop("contenteditable",!0),this.el.find(".zammad-chat-send").prop("disabled",!1)},t.prototype.hideModal=function(){return this.el.find(".zammad-chat-modal").html("")},t.prototype.onQueueScreen=function(e){var t,n;if(this.setSessionId(e.session_id),t=function(){return n.onQueue(e),n.waitingListTimeout.start()},!(n=this).initialQueueDelay||this.onInitialQueueDelayId)return this.onInitialQueueDelayId&&clearTimeout(this.onInitialQueueDelayId),t();this.onInitialQueueDelayId=setTimeout(t,this.initialQueueDelay)},t.prototype.onQueue=function(e){return this.log.notice("onQueue",e.position),this.inQueue=!0,this.el.find(".zammad-chat-modal").html(this.view("waiting")({position:e.position}))},t.prototype.onAgentTypingStart=function(){if(this.stopTypingId&&clearTimeout(this.stopTypingId),this.stopTypingId=setTimeout(this.onAgentTypingEnd,3e3),!this.el.find(".zammad-chat-message--typing").get(0)&&(this.maybeAddTimestamp(),this.el.find(".zammad-chat-body").append(this.view("typingIndicator")()),this.isVisible(this.el.find(".zammad-chat-message--typing"),!0)))return this.scrollToBottom()},t.prototype.onAgentTypingEnd=function(){return this.el.find(".zammad-chat-message--typing").remove()},t.prototype.onLeaveTemporary=function(){if(this.sessionId)return this.send("chat_session_leave_temporary",{session_id:this.sessionId})},t.prototype.maybeAddTimestamp=function(){var e,t,n;if(n=Date.now(),!this.lastTimestamp||n-this.lastTimestamp>6e4*this.showTimeEveryXMinutes)return e=this.T("Today"),t=(new Date).toTimeString().substr(0,5),"timestamp"===this.lastAddedType?(this.updateLastTimestamp(e,t),this.lastTimestamp=n):(this.el.find(".zammad-chat-body").append(this.view("timestamp")({label:e,time:t})),this.lastTimestamp=n,this.lastAddedType="timestamp",this.scrollToBottom())},t.prototype.updateLastTimestamp=function(e,t){if(this.el)return this.el.find(".zammad-chat-body").find(".zammad-chat-timestamp").last().replaceWith(this.view("timestamp")({label:e,time:t}))},t.prototype.addStatus=function(e){if(this.el)return this.maybeAddTimestamp(),this.el.find(".zammad-chat-body").append(this.view("status")({status:e})),this.scrollToBottom()},t.prototype.detectScrolledtoBottom=function(){var e;if(e=this.el.find(".zammad-chat-body").scrollTop()+this.el.find(".zammad-chat-body").outerHeight(),this.scrolledToBottom=Math.abs(e-this.el.find(".zammad-chat-body").prop("scrollHeight"))<=this.scrollSnapTolerance,this.scrolledToBottom)return this.el.find(".zammad-scroll-hint").addClass("is-hidden")},t.prototype.showScrollHint=function(){return this.el.find(".zammad-scroll-hint").removeClass("is-hidden"),this.el.find(".zammad-chat-body").scrollTop(this.el.find(".zammad-chat-body").scrollTop()+this.el.find(".zammad-scroll-hint").outerHeight())},t.prototype.onScrollHintClick=function(){return this.el.find(".zammad-chat-body").animate({scrollTop:this.el.find(".zammad-chat-body").prop("scrollHeight")},300)},t.prototype.scrollToBottom=function(e){var t;return t=(null!=e?e:{showHint:!1}).showHint,this.scrolledToBottom?this.el.find(".zammad-chat-body").scrollTop(E(".zammad-chat-body").prop("scrollHeight")):t?this.showScrollHint():void 0},t.prototype.destroy=function(e){return null==e&&(e={}),this.log.debug("destroy widget",e),this.setAgentOnlineState("offline"),e.remove&&this.el&&(this.el.remove(),E("."+this.options.buttonClass).hide()),this.waitingListTimeout&&this.waitingListTimeout.stop(),this.inactiveTimeout&&this.inactiveTimeout.stop(),this.idleTimeout&&this.idleTimeout.stop(),this.io.close()},t.prototype.reconnect=function(){return this.log.notice("reconnecting"),this.disableInput(),this.lastAddedType="status",this.setAgentOnlineState("connecting"),this.addStatus(this.T("Connection lost"))},t.prototype.onConnectionReestablished=function(){var e;return this.lastAddedType="status",this.setAgentOnlineState("online"),this.addStatus(this.T("Connection re-established")),"function"==typeof(e=this.options).onConnectionReestablished?e.onConnectionReestablished():void 0},t.prototype.onSessionClosed=function(e){var t;return this.addStatus(this.T("Chat closed by %s",e.realname)),this.disableInput(),this.setAgentOnlineState("offline"),this.inactiveTimeout.stop(),"function"==typeof(t=this.options).onSessionClosed?t.onSessionClosed(e):void 0},t.prototype.setSessionId=function(e){return void 0===(this.sessionId=e)?sessionStorage.removeItem("sessionId"):sessionStorage.setItem("sessionId",e)},t.prototype.onConnectionEstablished=function(e){var t;return this.onInitialQueueDelayId&&clearTimeout(this.onInitialQueueDelayId),this.inQueue=!1,e.agent&&(this.agent=e.agent),e.session_id&&this.setSessionId(e.session_id),this.el.find(".zammad-chat-body").html(""),this.el.find(".zammad-chat-agent").html(this.view("agent")({agent:this.agent})),this.enableInput(),this.hideModal(),this.el.find(".zammad-chat-welcome").addClass("zammad-chat-is-hidden"),this.el.find(".zammad-chat-agent").removeClass("zammad-chat-is-hidden"),this.el.find(".zammad-chat-agent-status").removeClass("zammad-chat-is-hidden"),this.isFullscreen||this.input.focus(),this.setAgentOnlineState("online"),this.waitingListTimeout.stop(),this.idleTimeout.stop(),this.inactiveTimeout.start(),"function"==typeof(t=this.options).onConnectionEstablished?t.onConnectionEstablished(e):void 0},t.prototype.showCustomerTimeout=function(){var e;return this.el.find(".zammad-chat-modal").html(this.view("customer_timeout")({agent:this.agent.name,delay:this.options.inactiveTimeout})),e=function(){return location.reload()},this.el.find(".js-restart").click(e),this.sessionClose()},t.prototype.showWaitingListTimeout=function(){var e;return this.el.find(".zammad-chat-modal").html(this.view("waiting_list_timeout")({delay:this.options.watingListTimeout})),e=function(){return location.reload()},this.el.find(".js-restart").click(e),this.sessionClose()},t.prototype.showLoader=function(){return this.el.find(".zammad-chat-modal").html(this.view("loader")())},t.prototype.setAgentOnlineState=function(e){var t;if(this.state=e,this.el)return t=e.charAt(0).toUpperCase()+e.slice(1),this.el.find(".zammad-chat-agent-status").attr("data-status",e).text(this.T(t))},t.prototype.detectHost=function(){var e;return e="ws://","https"===r&&(e="wss://"),this.options.host=""+e+a+"/ws"},t.prototype.loadCss=function(){var e,t,n;if(this.options.cssAutoload)return(n=this.options.cssUrl)||(n=this.options.host.replace(/^wss/i,"https").replace(/^ws/i,"http").replace(/\/ws$/i,""),n+="/assets/chat/chat.css"),this.log.debug("load css from '"+n+"'"),t="@import url('"+n+"');",(e=document.createElement("link")).onload=this.onCssLoaded,e.rel="stylesheet",e.href="data:text/css,"+escape(t),document.getElementsByTagName("head")[0].appendChild(e)},t.prototype.onCssLoaded=function(){var e;return this.cssLoaded=!0,this.socketReady&&this.onReady(),"function"==typeof(e=this.options).onCssLoaded?e.onCssLoaded():void 0},t.prototype.startTimeoutObservers=function(){var e,t,n;return this.idleTimeout=new o({logPrefix:"idleTimeout",debug:this.options.debug,timeout:this.options.idleTimeout,timeoutIntervallCheck:this.options.idleTimeoutIntervallCheck,callback:(e=this,function(){return e.log.debug("Idle timeout reached, hide widget",new Date),e.destroy({remove:!0})})}),this.inactiveTimeout=new o({logPrefix:"inactiveTimeout",debug:this.options.debug,timeout:this.options.inactiveTimeout,timeoutIntervallCheck:this.options.inactiveTimeoutIntervallCheck,callback:(t=this,function(){return t.log.debug("Inactive timeout reached, show timeout screen.",new Date),t.showCustomerTimeout(),t.destroy({remove:!1})})}),this.waitingListTimeout=new o({logPrefix:"waitingListTimeout",debug:this.options.debug,timeout:this.options.waitingListTimeout,timeoutIntervallCheck:this.options.waitingListTimeoutIntervallCheck,callback:(n=this,function(){return n.log.debug("Waiting list timeout reached, show timeout screen.",new Date),n.showWaitingListTimeout(),n.destroy({remove:!1})})})},t.prototype.disableScrollOnRoot=function(){return this.rootScrollOffset=this.scrollRoot.scrollTop(),this.scrollRoot.css({overflow:"hidden",position:"fixed"})},t.prototype.enableScrollOnRoot=function(){return this.scrollRoot.scrollTop(this.rootScrollOffset),this.scrollRoot.css({overflow:"",position:""})},t.prototype.isVisible=function(e,t,n,s){var o,i,a,r,l,d,c,u,h,m,p,g,f,y,v,b,w,T,C,S,k,z,A,x,O,I;if(!(e.length<1))if(i=E(_),T=(o=1<e.length?e.eq(0):e).get(0),I=i.width(),O=i.height(),s=s||"both",u=!0!==n||T.offsetWidth*T.offsetHeight,"function"==typeof T.getBoundingClientRect){if(C=0<=(w=T.getBoundingClientRect()).top&&w.top<O,c=0<w.bottom&&w.bottom<=O,y=0<=w.left&&w.left<I,b=0<w.right&&w.right<=I,S=t?C||c:C&&c,f=t?y||b:y&&b,"both"===s)return u&&S&&f;if("vertical"===s)return u&&S;if("horizontal"===s)return u&&f}else{if(k=(x=i.scrollTop())+O,A=(z=i.scrollLeft())+I,a=(d=(v=o.offset()).top)+o.height(),l=(r=v.left)+o.width(),g=!0===t?a:d,h=!0===t?d:a,m=!0===t?l:r,p=!0===t?r:l,"both"===s)return!!u&&h<=k&&x<=g&&p<=A&&z<=m;if("vertical"===s)return!!u&&h<=k&&x<=g;if("horizontal"===s)return!!u&&p<=A&&z<=m}},t.prototype.isRetina=function(){var e;return!!_.matchMedia&&((e=_.matchMedia("only screen and (min--moz-device-pixel-ratio: 1.3), only screen and (-o-min-device-pixel-ratio: 2.6/2), only screen and (-webkit-min-device-pixel-ratio: 1.3), only screen  and (min-device-pixel-ratio: 1.3), only screen and (min-resolution: 1.3dppx)"))&&e.matches||1<_.devicePixelRatio)},t.prototype.resizeImage=function(e,i,a,r,l,d,c,t){var u;return null==i&&(i="auto"),null==a&&(a="auto"),null==r&&(r=1),null==t&&(t=!0),(u=new Image).onload=function(){var e,t,n,s,o;return n=u.width,t=u.height,console.log("ImageService","current size",n,t),"auto"===a&&"auto"===i&&(i=n,a=t),"auto"===a&&(a=t/(n/i)),"auto"===i&&(i=t/(n/a)),o=!1,i<n||a<t?(o=!0,i*=r,a*=r):(i=n,a=t),(e=document.createElement("canvas")).width=i,e.height=a,e.getContext("2d").drawImage(u,0,0,i,a),"auto"===d&&(d=i<200&&a<200?1:i<400&&a<400?.9:i<600&&a<600?.8:i<900&&a<900?.7:.6),s=e.toDataURL(l,d),o?(console.log("ImageService","resize",i/r,a/r,d,.75*s.length/1024/1024,"in mb"),void c(s,i/r,a/r,!0)):(console.log("ImageService","no resize",i,a,d,.75*s.length/1024/1024,"in mb"),c(s,i,a,!1))},u.src=e},t.prototype.pasteHtmlAtCaret=function(e){var t,n,s,o,i,a;if(i=a=void 0,_.getSelection){if((a=_.getSelection()).getRangeAt&&a.rangeCount){for((i=a.getRangeAt(0)).deleteContents(),(t=document.createElement("div")).innerHTML=e,n=document.createDocumentFragment(o,s);o=t.firstChild;)s=n.appendChild(o);if(i.insertNode(n),s)return(i=i.cloneRange()).setStartAfter(s),i.collapse(!0),a.removeAllRanges(),a.addRange(i)}}else if(document.selection&&"Control"!==document.selection.type)return document.selection.createRange().pasteHTML(e)},t.prototype.wordFilter=function(e){var t,c,u;return t=(t=(t=(t=(t=e.html()).replace(/<!--[\s\S]+?-->/gi,"")).replace(/<(!|script[^>]*>.*?<\/script(?=[>\s])|\/?(\?xml(:\w+)?|img|meta|link|style|\w:\w+)(?=[\s\/>]))[^>]*>/gi,"")).replace(/<(\/?)s>/gi,"<$1strike>")).replace(/&nbsp;/gi," "),e.html(t),E("p",e).each(function(){var e,t;if(t=E(this).attr("style"),e=/mso-list:\w+ \w+([0-9]+)/.exec(t))return E(this).data("_listLevel",parseInt(e[1],10))}),c=0,u=null,E("p",e).each(function(){var e,t,n,s,o,i,a,r,l,d;if(void 0!==(e=E(this).data("_listLevel"))){if(d=E(this).text(),s="<ul></ul>",/^\s*\w+\./.test(d)&&(s=(o=/([0-9])\./.exec(d))?null!=(i=1<(l=parseInt(o[1],10)))?i:'<ol start="'+l+{'"></ol>':"<ol></ol>"}:"<ol></ol>"),c<e&&(0===c?(E(this).before(s),u=E(this).prev()):u=E(s).appendTo(u)),e<c)for(t=n=a=t,r=c-e;a<=r?n<=r:r<=n;t=a<=r?++n:--n)u=u.parent();return E("span:first",this).remove(),u.append("<li>"+E(this).html()+"</li>"),E(this).remove(),c=e}return c=0}),E("[style]",e).removeAttr("style"),E("[align]",e).removeAttr("align"),E("span",e).replaceWith(function(){return E(this).contents()}),E("span:empty",e).remove(),E("[class^='Mso']",e).removeAttr("class"),E("p:empty",e).remove(),e},t.prototype.removeAttribute=function(e){var t,n,s,o,i;if(e){for(t=E(e),s=0,o=(i=e.attributes).length;s<o;s++)(n=i[s])&&n.name&&e.removeAttribute(n.name);return t.removeAttr("style").removeAttr("class").removeAttr("lang").removeAttr("type").removeAttr("align").removeAttr("id").removeAttr("wrap").removeAttr("title")}},t.prototype.removeAttributes=function(e,t){var n,s;return null==t&&(t=!0),t&&e.each((n=this,function(e,t){return n.removeAttribute(t)})),e.find("*").each((s=this,function(e,t){return s.removeAttribute(t)})),e},t}(),_.ZammadChat=e}(window.jQuery,window),window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.chat=function(e){e||(e={});var t=[],n=function(e){return e&&e.ecoSafe?e:void 0!==e&&null!=e?o(e):""},s=e.safe,o=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},o||(o=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){t.push('<div class="zammad-chat'),this.flat&&t.push(n(" zammad-chat--flat")),t.push('"'),this.fontSize&&t.push(n(" style='font-size: "+this.fontSize+"'")),t.push('>\n  <div class="zammad-chat-header js-chat-open"'),this.background&&t.push(n(" style='background: "+this.background+"'")),t.push('>\n    <div class="zammad-chat-header-controls js-chat-toggle">\n      <span class="zammad-chat-agent-status zammad-chat-is-hidden js-chat-status" data-status="online"></span>\n      <span class="zammad-chat-header-icon">\n        <svg class="zammad-chat-header-icon-open" width="13" height="7" viewBox="0 0 13 7"><path d="M10.807 7l1.4-1.428-5-4.9L6.5-.02l-.7.7-4.9 4.9 1.414 1.413L6.5 2.886 10.807 7z" fill-rule="evenodd"/></svg>\n        <svg class="zammad-chat-header-icon-close" width="13" height="13" viewBox="0 0 13 13"><path d="m2.241.12l-2.121 2.121 4.243 4.243-4.243 4.243 2.121 2.121 4.243-4.243 4.243 4.243 2.121-2.121-4.243-4.243 4.243-4.243-2.121-2.121-4.243 4.243-4.243-4.243" fill-rule="evenodd"/></svg>\n      </span>\n    </div>\n    <div class="zammad-chat-agent zammad-chat-is-hidden">\n    </div>\n    <div class="zammad-chat-welcome">\n      <svg class="zammad-chat-icon" viewBox="0 0 24 24" width="24" height="24"><path d="M2 5C2 4 3 3 4 3h16c1 0 2 1 2 2v10C22 16 21 17 20 17H4C3 17 2 16 2 15V5zM12 17l6 4v-4h-6z"/></svg>\n      <span class="zammad-chat-welcome-text">'),t.push(this.T(this.title)),t.push('</span>\n    </div>\n  </div>\n  <div class="zammad-chat-modal"></div>\n  <div class="zammad-scroll-hint is-hidden">\n    <svg class="zammad-scroll-hint-icon" width="20" height="18" viewBox="0 0 20 18"><path d="M0,2.00585866 C0,0.898053512 0.898212381,0 1.99079514,0 L18.0092049,0 C19.1086907,0 20,0.897060126 20,2.00585866 L20,11.9941413 C20,13.1019465 19.1017876,14 18.0092049,14 L1.99079514,14 C0.891309342,14 0,13.1029399 0,11.9941413 L0,2.00585866 Z M10,14 L16,18 L16,14 L10,14 Z" fill-rule="evenodd"/></svg>\n    '),t.push(this.T(this.scrollHint)),t.push('\n  </div>\n  <div class="zammad-chat-body"></div>\n  <form class="zammad-chat-controls">\n    <div class="zammad-chat-input" rows="1" placeholder="'),t.push(this.T("Compose your message...")),t.push('" contenteditable="true"></div>\n    <button type="submit" class="zammad-chat-button zammad-chat-send"'),this.background&&t.push(n(" style='background: "+this.background+"'")),t.push(">"),t.push(this.T("Send")),t.push("</button>\n  </form>\n</div>")}).call(this)}.call(e),e.safe=s,e.escape=o,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.customer_timeout=function(e){e||(e={});var t=[],n=e.safe,s=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},s||(s=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){var e;t.push('<div class="zammad-chat-modal-text">\n  '),this.agent?(t.push("\n    "),t.push(this.T("Since you didn't respond in the last %s minutes your conversation with <strong>%s</strong> got closed.",this.delay,this.agent))):(t.push("\n    "),t.push(this.T("Since you didn't respond in the last %s minutes your conversation got closed.",this.delay))),t.push("\n  "),t.push('\n  <br>\n  <div class="zammad-chat-button js-restart"'),this.background&&t.push((e=" style='background: "+this.background+"'")&&e.ecoSafe?e:void 0!==e&&null!=e?s(e):""),t.push(">"),t.push(this.T("Start new conversation")),t.push("</div>\n</div>")}).call(this)}.call(e),e.safe=n,e.escape=s,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.loader=function(e){e||(e={});var t=[],n=e.safe,s=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},s||(s=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){t.push('<span class="zammad-chat-loading-animation">\n  <span class="zammad-chat-loading-circle"></span>\n  <span class="zammad-chat-loading-circle"></span>\n  <span class="zammad-chat-loading-circle"></span>\n</span>\n<span class="zammad-chat-modal-text">'),t.push(this.T("Connecting")),t.push("</span>")}).call(this)}.call(e),e.safe=n,e.escape=s,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.message=function(e){e||(e={});var t=[],n=function(e){return e&&e.ecoSafe?e:void 0!==e&&null!=e?o(e):""},s=e.safe,o=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},o||(o=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){t.push('<div class="zammad-chat-message zammad-chat-message--'),t.push(n(this.from)),t.push(n(this.unreadClass)),t.push('">\n  <span class="zammad-chat-message-body"'),this.background&&"customer"===this.from&&t.push(n(" style='background: "+this.background+"'")),t.push(">"),t.push(this.message),t.push("</span>\n</div>")}).call(this)}.call(e),e.safe=s,e.escape=o,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.status=function(e){e||(e={});var t=[],n=e.safe,s=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},s||(s=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){t.push('<div class="zammad-chat-status">\n  <div class="zammad-chat-status-inner">\n    '),t.push(this.status),t.push("\n  </div>\n</div>")}).call(this)}.call(e),e.safe=n,e.escape=s,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.timestamp=function(e){e||(e={});var t=[],n=function(e){return e&&e.ecoSafe?e:void 0!==e&&null!=e?o(e):""},s=e.safe,o=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},o||(o=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){t.push('<div class="zammad-chat-timestamp"><strong>'),t.push(n(this.label)),t.push("</strong> "),t.push(n(this.time)),t.push("</div>")}).call(this)}.call(e),e.safe=s,e.escape=o,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.typingIndicator=function(e){e||(e={});var t=[],n=e.safe,s=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},s||(s=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){t.push('<div class="zammad-chat-message zammad-chat-message--typing zammad-chat-message--agent">\n  <span class="zammad-chat-message-body">\n    <span class="zammad-chat-loading-animation">\n      <span class="zammad-chat-loading-circle"></span>\n      <span class="zammad-chat-loading-circle"></span>\n      <span class="zammad-chat-loading-circle"></span>\n    </span>\n  </span>\n</div>')}).call(this)}.call(e),e.safe=n,e.escape=s,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.waiting=function(e){e||(e={});var t=[],n=e.safe,s=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},s||(s=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){t.push('<div class="zammad-chat-modal-text">\n  <span class="zammad-chat-loading-animation">\n    <span class="zammad-chat-loading-circle"></span>\n    <span class="zammad-chat-loading-circle"></span>\n    <span class="zammad-chat-loading-circle"></span>\n  </span>\n  '),t.push(this.T("All colleagues are busy.")),t.push("<br>\n  "),t.push(this.T("You are on waiting list position <strong>%s</strong>.",this.position)),t.push("\n</div>")}).call(this)}.call(e),e.safe=n,e.escape=s,t.join("")},window.zammadChatTemplates||(window.zammadChatTemplates={}),window.zammadChatTemplates.waiting_list_timeout=function(e){e||(e={});var t=[],n=e.safe,s=e.escape;return e.safe=function(e){if(e&&e.ecoSafe)return e;void 0!==e&&null!=e||(e="");var t=new String(e);return t.ecoSafe=!0,t},s||(s=e.escape=function(e){return(""+e).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/"/g,"&quot;")}),function(){(function(){var e;t.push('<div class="zammad-chat-modal-text">\n  '),t.push(this.T("We are sorry, it takes longer as expected to get an empty slot. Please try again later or send us an email. Thank you!")),t.push('\n  <br>\n  <div class="zammad-chat-button js-restart"'),this.background&&t.push((e=" style='background: "+this.background+"'")&&e.ecoSafe?e:void 0!==e&&null!=e?s(e):""),t.push(">"),t.push(this.T("Start new conversation")),t.push("</div>\n</div>")}).call(this)}.call(e),e.safe=n,e.escape=s,t.join("")};
\ No newline at end of file
diff --git a/public/assets/chat/docker-entrypoint.sh b/public/assets/chat/docker-entrypoint.sh
new file mode 100755
index 000000000..3760633d3
--- /dev/null
+++ b/public/assets/chat/docker-entrypoint.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+cd "${GULP_DIR}" || exit
+
+gulp js css no-jquery
diff --git a/public/assets/chat/gulpfile.js b/public/assets/chat/gulpfile.js
index b7fcb0fee..2053d10e8 100644
--- a/public/assets/chat/gulpfile.js
+++ b/public/assets/chat/gulpfile.js
@@ -25,11 +25,14 @@ gulp.task('js', function(){
   var templates = gulp.src('views/*.eco')
     .pipe(eco({namespace: 'zammadChatTemplates'}));
 
+  var purify = gulp.src('purify.min.js');
+
   var js = gulp.src('chat.coffee')
     .pipe(plumber())
     .pipe(coffee({bare: true}).on('error', gutil.log));
 
   return merge(templates, js)
+    .add(purify)
     .pipe(concat('chat.js'))
     .pipe(gulp.dest('./'))
     .pipe(uglify())
@@ -42,11 +45,14 @@ gulp.task('no-jquery', function(){
   var templates = gulp.src('views/*.eco')
     .pipe(eco({namespace: 'zammadChatTemplates'}));
 
+  var purify = gulp.src('purify.min.js');
+
   var js = gulp.src('chat-no-jquery.coffee')
     .pipe(plumber())
     .pipe(coffee({bare: true}).on('error', gutil.log));
 
   return merge(templates, js)
+    .add(purify)
     .pipe(concat('chat-no-jquery.js'))
     .pipe(gulp.dest('./'))
     .pipe(uglify())
diff --git a/public/assets/chat/purify.min.js b/public/assets/chat/purify.min.js
new file mode 100644
index 000000000..e5c4c2f8d
--- /dev/null
+++ b/public/assets/chat/purify.min.js
@@ -0,0 +1,3 @@
+/*! @license DOMPurify 2.3.1 | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.3.1/LICENSE */
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e=e||self).DOMPurify=t()}(this,(function(){"use strict";var e=Object.hasOwnProperty,t=Object.setPrototypeOf,n=Object.isFrozen,r=Object.getPrototypeOf,o=Object.getOwnPropertyDescriptor,i=Object.freeze,a=Object.seal,l=Object.create,c="undefined"!=typeof Reflect&&Reflect,s=c.apply,u=c.construct;s||(s=function(e,t,n){return e.apply(t,n)}),i||(i=function(e){return e}),a||(a=function(e){return e}),u||(u=function(e,t){return new(Function.prototype.bind.apply(e,[null].concat(function(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}(t))))});var f,m=x(Array.prototype.forEach),d=x(Array.prototype.pop),p=x(Array.prototype.push),g=x(String.prototype.toLowerCase),h=x(String.prototype.match),y=x(String.prototype.replace),v=x(String.prototype.indexOf),b=x(String.prototype.trim),T=x(RegExp.prototype.test),A=(f=TypeError,function(){for(var e=arguments.length,t=Array(e),n=0;n<e;n++)t[n]=arguments[n];return u(f,t)});function x(e){return function(t){for(var n=arguments.length,r=Array(n>1?n-1:0),o=1;o<n;o++)r[o-1]=arguments[o];return s(e,t,r)}}function S(e,r){t&&t(e,null);for(var o=r.length;o--;){var i=r[o];if("string"==typeof i){var a=g(i);a!==i&&(n(r)||(r[o]=a),i=a)}e[i]=!0}return e}function w(t){var n=l(null),r=void 0;for(r in t)s(e,t,[r])&&(n[r]=t[r]);return n}function N(e,t){for(;null!==e;){var n=o(e,t);if(n){if(n.get)return x(n.get);if("function"==typeof n.value)return x(n.value)}e=r(e)}return function(e){return console.warn("fallback value for",e),null}}var k=i(["a","abbr","acronym","address","area","article","aside","audio","b","bdi","bdo","big","blink","blockquote","body","br","button","canvas","caption","center","cite","code","col","colgroup","content","data","datalist","dd","decorator","del","details","dfn","dialog","dir","div","dl","dt","element","em","fieldset","figcaption","figure","font","footer","form","h1","h2","h3","h4","h5","h6","head","header","hgroup","hr","html","i","img","input","ins","kbd","label","legend","li","main","map","mark","marquee","menu","menuitem","meter","nav","nobr","ol","optgroup","option","output","p","picture","pre","progress","q","rp","rt","ruby","s","samp","section","select","shadow","small","source","spacer","span","strike","strong","style","sub","summary","sup","table","tbody","td","template","textarea","tfoot","th","thead","time","tr","track","tt","u","ul","var","video","wbr"]),E=i(["svg","a","altglyph","altglyphdef","altglyphitem","animatecolor","animatemotion","animatetransform","circle","clippath","defs","desc","ellipse","filter","font","g","glyph","glyphref","hkern","image","line","lineargradient","marker","mask","metadata","mpath","path","pattern","polygon","polyline","radialgradient","rect","stop","style","switch","symbol","text","textpath","title","tref","tspan","view","vkern"]),D=i(["feBlend","feColorMatrix","feComponentTransfer","feComposite","feConvolveMatrix","feDiffuseLighting","feDisplacementMap","feDistantLight","feFlood","feFuncA","feFuncB","feFuncG","feFuncR","feGaussianBlur","feMerge","feMergeNode","feMorphology","feOffset","fePointLight","feSpecularLighting","feSpotLight","feTile","feTurbulence"]),O=i(["animate","color-profile","cursor","discard","fedropshadow","feimage","font-face","font-face-format","font-face-name","font-face-src","font-face-uri","foreignobject","hatch","hatchpath","mesh","meshgradient","meshpatch","meshrow","missing-glyph","script","set","solidcolor","unknown","use"]),R=i(["math","menclose","merror","mfenced","mfrac","mglyph","mi","mlabeledtr","mmultiscripts","mn","mo","mover","mpadded","mphantom","mroot","mrow","ms","mspace","msqrt","mstyle","msub","msup","msubsup","mtable","mtd","mtext","mtr","munder","munderover"]),_=i(["maction","maligngroup","malignmark","mlongdiv","mscarries","mscarry","msgroup","mstack","msline","msrow","semantics","annotation","annotation-xml","mprescripts","none"]),M=i(["#text"]),L=i(["accept","action","align","alt","autocapitalize","autocomplete","autopictureinpicture","autoplay","background","bgcolor","border","capture","cellpadding","cellspacing","checked","cite","class","clear","color","cols","colspan","controls","controlslist","coords","crossorigin","datetime","decoding","default","dir","disabled","disablepictureinpicture","disableremoteplayback","download","draggable","enctype","enterkeyhint","face","for","headers","height","hidden","high","href","hreflang","id","inputmode","integrity","ismap","kind","label","lang","list","loading","loop","low","max","maxlength","media","method","min","minlength","multiple","muted","name","noshade","novalidate","nowrap","open","optimum","pattern","placeholder","playsinline","poster","preload","pubdate","radiogroup","readonly","rel","required","rev","reversed","role","rows","rowspan","spellcheck","scope","selected","shape","size","sizes","span","srclang","start","src","srcset","step","style","summary","tabindex","title","translate","type","usemap","valign","value","width","xmlns","slot"]),F=i(["accent-height","accumulate","additive","alignment-baseline","ascent","attributename","attributetype","azimuth","basefrequency","baseline-shift","begin","bias","by","class","clip","clippathunits","clip-path","clip-rule","color","color-interpolation","color-interpolation-filters","color-profile","color-rendering","cx","cy","d","dx","dy","diffuseconstant","direction","display","divisor","dur","edgemode","elevation","end","fill","fill-opacity","fill-rule","filter","filterunits","flood-color","flood-opacity","font-family","font-size","font-size-adjust","font-stretch","font-style","font-variant","font-weight","fx","fy","g1","g2","glyph-name","glyphref","gradientunits","gradienttransform","height","href","id","image-rendering","in","in2","k","k1","k2","k3","k4","kerning","keypoints","keysplines","keytimes","lang","lengthadjust","letter-spacing","kernelmatrix","kernelunitlength","lighting-color","local","marker-end","marker-mid","marker-start","markerheight","markerunits","markerwidth","maskcontentunits","maskunits","max","mask","media","method","mode","min","name","numoctaves","offset","operator","opacity","order","orient","orientation","origin","overflow","paint-order","path","pathlength","patterncontentunits","patterntransform","patternunits","points","preservealpha","preserveaspectratio","primitiveunits","r","rx","ry","radius","refx","refy","repeatcount","repeatdur","restart","result","rotate","scale","seed","shape-rendering","specularconstant","specularexponent","spreadmethod","startoffset","stddeviation","stitchtiles","stop-color","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-linecap","stroke-linejoin","stroke-miterlimit","stroke-opacity","stroke","stroke-width","style","surfacescale","systemlanguage","tabindex","targetx","targety","transform","text-anchor","text-decoration","text-rendering","textlength","type","u1","u2","unicode","values","viewbox","visibility","version","vert-adv-y","vert-origin-x","vert-origin-y","width","word-spacing","wrap","writing-mode","xchannelselector","ychannelselector","x","x1","x2","xmlns","y","y1","y2","z","zoomandpan"]),I=i(["accent","accentunder","align","bevelled","close","columnsalign","columnlines","columnspan","denomalign","depth","dir","display","displaystyle","encoding","fence","frame","height","href","id","largeop","length","linethickness","lspace","lquote","mathbackground","mathcolor","mathsize","mathvariant","maxsize","minsize","movablelimits","notation","numalign","open","rowalign","rowlines","rowspacing","rowspan","rspace","rquote","scriptlevel","scriptminsize","scriptsizemultiplier","selection","separator","separators","stretchy","subscriptshift","supscriptshift","symmetric","voffset","width","xmlns"]),C=i(["xlink:href","xml:id","xlink:title","xml:space","xmlns:xlink"]),z=a(/\{\{[\s\S]*|[\s\S]*\}\}/gm),H=a(/<%[\s\S]*|[\s\S]*%>/gm),U=a(/^data-[\-\w.\u00B7-\uFFFF]/),j=a(/^aria-[\-\w]+$/),B=a(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i),P=a(/^(?:\w+script|data):/i),W=a(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g),G="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e};function q(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t<e.length;t++)n[t]=e[t];return n}return Array.from(e)}var K=function(){return"undefined"==typeof window?null:window},V=function(e,t){if("object"!==(void 0===e?"undefined":G(e))||"function"!=typeof e.createPolicy)return null;var n=null,r="data-tt-policy-suffix";t.currentScript&&t.currentScript.hasAttribute(r)&&(n=t.currentScript.getAttribute(r));var o="dompurify"+(n?"#"+n:"");try{return e.createPolicy(o,{createHTML:function(e){return e}})}catch(e){return console.warn("TrustedTypes policy "+o+" could not be created."),null}};return function e(){var t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:K(),n=function(t){return e(t)};if(n.version="2.3.1",n.removed=[],!t||!t.document||9!==t.document.nodeType)return n.isSupported=!1,n;var r=t.document,o=t.document,a=t.DocumentFragment,l=t.HTMLTemplateElement,c=t.Node,s=t.Element,u=t.NodeFilter,f=t.NamedNodeMap,x=void 0===f?t.NamedNodeMap||t.MozNamedAttrMap:f,Y=t.Text,X=t.Comment,$=t.DOMParser,Z=t.trustedTypes,J=s.prototype,Q=N(J,"cloneNode"),ee=N(J,"nextSibling"),te=N(J,"childNodes"),ne=N(J,"parentNode");if("function"==typeof l){var re=o.createElement("template");re.content&&re.content.ownerDocument&&(o=re.content.ownerDocument)}var oe=V(Z,r),ie=oe&&ze?oe.createHTML(""):"",ae=o,le=ae.implementation,ce=ae.createNodeIterator,se=ae.createDocumentFragment,ue=ae.getElementsByTagName,fe=r.importNode,me={};try{me=w(o).documentMode?o.documentMode:{}}catch(e){}var de={};n.isSupported="function"==typeof ne&&le&&void 0!==le.createHTMLDocument&&9!==me;var pe=z,ge=H,he=U,ye=j,ve=P,be=W,Te=B,Ae=null,xe=S({},[].concat(q(k),q(E),q(D),q(R),q(M))),Se=null,we=S({},[].concat(q(L),q(F),q(I),q(C))),Ne=null,ke=null,Ee=!0,De=!0,Oe=!1,Re=!1,_e=!1,Me=!1,Le=!1,Fe=!1,Ie=!1,Ce=!0,ze=!1,He=!0,Ue=!0,je=!1,Be={},Pe=null,We=S({},["annotation-xml","audio","colgroup","desc","foreignobject","head","iframe","math","mi","mn","mo","ms","mtext","noembed","noframes","noscript","plaintext","script","style","svg","template","thead","title","video","xmp"]),Ge=null,qe=S({},["audio","video","img","source","image","track"]),Ke=null,Ve=S({},["alt","class","for","id","label","name","pattern","placeholder","role","summary","title","value","style","xmlns"]),Ye="http://www.w3.org/1998/Math/MathML",Xe="http://www.w3.org/2000/svg",$e="http://www.w3.org/1999/xhtml",Ze=$e,Je=!1,Qe=null,et=o.createElement("form"),tt=function(e){Qe&&Qe===e||(e&&"object"===(void 0===e?"undefined":G(e))||(e={}),e=w(e),Ae="ALLOWED_TAGS"in e?S({},e.ALLOWED_TAGS):xe,Se="ALLOWED_ATTR"in e?S({},e.ALLOWED_ATTR):we,Ke="ADD_URI_SAFE_ATTR"in e?S(w(Ve),e.ADD_URI_SAFE_ATTR):Ve,Ge="ADD_DATA_URI_TAGS"in e?S(w(qe),e.ADD_DATA_URI_TAGS):qe,Pe="FORBID_CONTENTS"in e?S({},e.FORBID_CONTENTS):We,Ne="FORBID_TAGS"in e?S({},e.FORBID_TAGS):{},ke="FORBID_ATTR"in e?S({},e.FORBID_ATTR):{},Be="USE_PROFILES"in e&&e.USE_PROFILES,Ee=!1!==e.ALLOW_ARIA_ATTR,De=!1!==e.ALLOW_DATA_ATTR,Oe=e.ALLOW_UNKNOWN_PROTOCOLS||!1,Re=e.SAFE_FOR_TEMPLATES||!1,_e=e.WHOLE_DOCUMENT||!1,Fe=e.RETURN_DOM||!1,Ie=e.RETURN_DOM_FRAGMENT||!1,Ce=!1!==e.RETURN_DOM_IMPORT,ze=e.RETURN_TRUSTED_TYPE||!1,Le=e.FORCE_BODY||!1,He=!1!==e.SANITIZE_DOM,Ue=!1!==e.KEEP_CONTENT,je=e.IN_PLACE||!1,Te=e.ALLOWED_URI_REGEXP||Te,Ze=e.NAMESPACE||$e,Re&&(De=!1),Ie&&(Fe=!0),Be&&(Ae=S({},[].concat(q(M))),Se=[],!0===Be.html&&(S(Ae,k),S(Se,L)),!0===Be.svg&&(S(Ae,E),S(Se,F),S(Se,C)),!0===Be.svgFilters&&(S(Ae,D),S(Se,F),S(Se,C)),!0===Be.mathMl&&(S(Ae,R),S(Se,I),S(Se,C))),e.ADD_TAGS&&(Ae===xe&&(Ae=w(Ae)),S(Ae,e.ADD_TAGS)),e.ADD_ATTR&&(Se===we&&(Se=w(Se)),S(Se,e.ADD_ATTR)),e.ADD_URI_SAFE_ATTR&&S(Ke,e.ADD_URI_SAFE_ATTR),e.FORBID_CONTENTS&&(Pe===We&&(Pe=w(Pe)),S(Pe,e.FORBID_CONTENTS)),Ue&&(Ae["#text"]=!0),_e&&S(Ae,["html","head","body"]),Ae.table&&(S(Ae,["tbody"]),delete Ne.tbody),i&&i(e),Qe=e)},nt=S({},["mi","mo","mn","ms","mtext"]),rt=S({},["foreignobject","desc","title","annotation-xml"]),ot=S({},E);S(ot,D),S(ot,O);var it=S({},R);S(it,_);var at=function(e){var t=ne(e);t&&t.tagName||(t={namespaceURI:$e,tagName:"template"});var n=g(e.tagName),r=g(t.tagName);if(e.namespaceURI===Xe)return t.namespaceURI===$e?"svg"===n:t.namespaceURI===Ye?"svg"===n&&("annotation-xml"===r||nt[r]):Boolean(ot[n]);if(e.namespaceURI===Ye)return t.namespaceURI===$e?"math"===n:t.namespaceURI===Xe?"math"===n&&rt[r]:Boolean(it[n]);if(e.namespaceURI===$e){if(t.namespaceURI===Xe&&!rt[r])return!1;if(t.namespaceURI===Ye&&!nt[r])return!1;var o=S({},["title","style","font","a","script"]);return!it[n]&&(o[n]||!ot[n])}return!1},lt=function(e){p(n.removed,{element:e});try{e.parentNode.removeChild(e)}catch(t){try{e.outerHTML=ie}catch(t){e.remove()}}},ct=function(e,t){try{p(n.removed,{attribute:t.getAttributeNode(e),from:t})}catch(e){p(n.removed,{attribute:null,from:t})}if(t.removeAttribute(e),"is"===e&&!Se[e])if(Fe||Ie)try{lt(t)}catch(e){}else try{t.setAttribute(e,"")}catch(e){}},st=function(e){var t=void 0,n=void 0;if(Le)e="<remove></remove>"+e;else{var r=h(e,/^[\r\n\t ]+/);n=r&&r[0]}var i=oe?oe.createHTML(e):e;if(Ze===$e)try{t=(new $).parseFromString(i,"text/html")}catch(e){}if(!t||!t.documentElement){t=le.createDocument(Ze,"template",null);try{t.documentElement.innerHTML=Je?"":i}catch(e){}}var a=t.body||t.documentElement;return e&&n&&a.insertBefore(o.createTextNode(n),a.childNodes[0]||null),Ze===$e?ue.call(t,_e?"html":"body")[0]:_e?t.documentElement:a},ut=function(e){return ce.call(e.ownerDocument||e,e,u.SHOW_ELEMENT|u.SHOW_COMMENT|u.SHOW_TEXT,null,!1)},ft=function(e){return!(e instanceof Y||e instanceof X)&&!("string"==typeof e.nodeName&&"string"==typeof e.textContent&&"function"==typeof e.removeChild&&e.attributes instanceof x&&"function"==typeof e.removeAttribute&&"function"==typeof e.setAttribute&&"string"==typeof e.namespaceURI&&"function"==typeof e.insertBefore)},mt=function(e){return"object"===(void 0===c?"undefined":G(c))?e instanceof c:e&&"object"===(void 0===e?"undefined":G(e))&&"number"==typeof e.nodeType&&"string"==typeof e.nodeName},dt=function(e,t,r){de[e]&&m(de[e],(function(e){e.call(n,t,r,Qe)}))},pt=function(e){var t=void 0;if(dt("beforeSanitizeElements",e,null),ft(e))return lt(e),!0;if(h(e.nodeName,/[\u0080-\uFFFF]/))return lt(e),!0;var r=g(e.nodeName);if(dt("uponSanitizeElement",e,{tagName:r,allowedTags:Ae}),!mt(e.firstElementChild)&&(!mt(e.content)||!mt(e.content.firstElementChild))&&T(/<[/\w]/g,e.innerHTML)&&T(/<[/\w]/g,e.textContent))return lt(e),!0;if("select"===r&&T(/<template/i,e.innerHTML))return lt(e),!0;if(!Ae[r]||Ne[r]){if(Ue&&!Pe[r]){var o=ne(e)||e.parentNode,i=te(e)||e.childNodes;if(i&&o)for(var a=i.length-1;a>=0;--a)o.insertBefore(Q(i[a],!0),ee(e))}return lt(e),!0}return e instanceof s&&!at(e)?(lt(e),!0):"noscript"!==r&&"noembed"!==r||!T(/<\/no(script|embed)/i,e.innerHTML)?(Re&&3===e.nodeType&&(t=e.textContent,t=y(t,pe," "),t=y(t,ge," "),e.textContent!==t&&(p(n.removed,{element:e.cloneNode()}),e.textContent=t)),dt("afterSanitizeElements",e,null),!1):(lt(e),!0)},gt=function(e,t,n){if(He&&("id"===t||"name"===t)&&(n in o||n in et))return!1;if(De&&!ke[t]&&T(he,t));else if(Ee&&T(ye,t));else{if(!Se[t]||ke[t])return!1;if(Ke[t]);else if(T(Te,y(n,be,"")));else if("src"!==t&&"xlink:href"!==t&&"href"!==t||"script"===e||0!==v(n,"data:")||!Ge[e]){if(Oe&&!T(ve,y(n,be,"")));else if(n)return!1}else;}return!0},ht=function(e){var t=void 0,r=void 0,o=void 0,i=void 0;dt("beforeSanitizeAttributes",e,null);var a=e.attributes;if(a){var l={attrName:"",attrValue:"",keepAttr:!0,allowedAttributes:Se};for(i=a.length;i--;){var c=t=a[i],s=c.name,u=c.namespaceURI;if(r=b(t.value),o=g(s),l.attrName=o,l.attrValue=r,l.keepAttr=!0,l.forceKeepAttr=void 0,dt("uponSanitizeAttribute",e,l),r=l.attrValue,!l.forceKeepAttr&&(ct(s,e),l.keepAttr))if(T(/\/>/i,r))ct(s,e);else{Re&&(r=y(r,pe," "),r=y(r,ge," "));var f=e.nodeName.toLowerCase();if(gt(f,o,r))try{u?e.setAttributeNS(u,s,r):e.setAttribute(s,r),d(n.removed)}catch(e){}}}dt("afterSanitizeAttributes",e,null)}},yt=function e(t){var n=void 0,r=ut(t);for(dt("beforeSanitizeShadowDOM",t,null);n=r.nextNode();)dt("uponSanitizeShadowNode",n,null),pt(n)||(n.content instanceof a&&e(n.content),ht(n));dt("afterSanitizeShadowDOM",t,null)};return n.sanitize=function(e,o){var i=void 0,l=void 0,s=void 0,u=void 0,f=void 0;if((Je=!e)&&(e="\x3c!--\x3e"),"string"!=typeof e&&!mt(e)){if("function"!=typeof e.toString)throw A("toString is not a function");if("string"!=typeof(e=e.toString()))throw A("dirty is not a string, aborting")}if(!n.isSupported){if("object"===G(t.toStaticHTML)||"function"==typeof t.toStaticHTML){if("string"==typeof e)return t.toStaticHTML(e);if(mt(e))return t.toStaticHTML(e.outerHTML)}return e}if(Me||tt(o),n.removed=[],"string"==typeof e&&(je=!1),je);else if(e instanceof c)1===(l=(i=st("\x3c!----\x3e")).ownerDocument.importNode(e,!0)).nodeType&&"BODY"===l.nodeName||"HTML"===l.nodeName?i=l:i.appendChild(l);else{if(!Fe&&!Re&&!_e&&-1===e.indexOf("<"))return oe&&ze?oe.createHTML(e):e;if(!(i=st(e)))return Fe?null:ie}i&&Le&&lt(i.firstChild);for(var m=ut(je?e:i);s=m.nextNode();)3===s.nodeType&&s===u||pt(s)||(s.content instanceof a&&yt(s.content),ht(s),u=s);if(u=null,je)return e;if(Fe){if(Ie)for(f=se.call(i.ownerDocument);i.firstChild;)f.appendChild(i.firstChild);else f=i;return Ce&&(f=fe.call(r,f,!0)),f}var d=_e?i.outerHTML:i.innerHTML;return Re&&(d=y(d,pe," "),d=y(d,ge," ")),oe&&ze?oe.createHTML(d):d},n.setConfig=function(e){tt(e),Me=!0},n.clearConfig=function(){Qe=null,Me=!1},n.isValidAttribute=function(e,t,n){Qe||tt({});var r=g(e),o=g(t);return gt(r,o,n)},n.addHook=function(e,t){"function"==typeof t&&(de[e]=de[e]||[],p(de[e],t))},n.removeHook=function(e){de[e]&&d(de[e])},n.removeHooks=function(e){de[e]&&(de[e]=[])},n.removeAllHooks=function(){de={}},n}()}));
+//# sourceMappingURL=purify.min.js.map

From 1285c88ca3955a97b11e0eef01dad2e003b9f246 Mon Sep 17 00:00:00 2001
From: Dominik Klein <dk@zammad.com>
Date: Wed, 1 Sep 2021 09:46:00 +0200
Subject: [PATCH 31/65] Maintenance: Increase performance of ticket creation
 via form.

---
 app/controllers/form_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/form_controller.rb b/app/controllers/form_controller.rb
index b86d42566..a6aa926e6 100644
--- a/app/controllers/form_controller.rb
+++ b/app/controllers/form_controller.rb
@@ -156,7 +156,7 @@ class FormController < ApplicationController
   end
 
   def token_gen(fingerprint)
-    crypt = ActiveSupport::MessageEncryptor.new(Setting.get('application_secret')[0, 32])
+    crypt = ActiveSupport::MessageEncryptor.new(Setting.get('application_secret')[0, 32], serializer: JSON)
     fingerprint = "#{Base64.strict_encode64(Setting.get('fqdn'))}:#{Time.zone.now.to_i}:#{Base64.strict_encode64(fingerprint)}"
     Base64.strict_encode64(crypt.encrypt_and_sign(fingerprint))
   end
@@ -167,7 +167,7 @@ class FormController < ApplicationController
       raise Exceptions::Forbidden
     end
     begin
-      crypt = ActiveSupport::MessageEncryptor.new(Setting.get('application_secret')[0, 32])
+      crypt = ActiveSupport::MessageEncryptor.new(Setting.get('application_secret')[0, 32], serializer: JSON)
       result = crypt.decrypt_and_verify(Base64.decode64(token))
     rescue
       Rails.logger.info 'Invalid token for form!'

From f86576c1e4887379484e7a6f0a152b63f486c067 Mon Sep 17 00:00:00 2001
From: Thorsten Eckel <te@zammad.com>
Date: Fri, 10 Sep 2021 18:01:23 +0200
Subject: [PATCH 32/65] Maintenance: Improve application boot time by reducing
 initial asset payload

---
 app/policies/setting_policy.rb                |  1 +
 ...maintenance_improve_setting_preferences.rb | 15 +++++++++++
 db/seeds/settings.rb                          |  1 +
 ...enance_improve_setting_preferences_spec.rb | 18 +++++++++++++
 spec/requests/settings_spec.rb                | 26 +++++++++++++++++++
 5 files changed, 61 insertions(+)
 create mode 100644 db/migrate/20210830174638_maintenance_improve_setting_preferences.rb
 create mode 100644 spec/db/migrate/maintenance_improve_setting_preferences_spec.rb

diff --git a/app/policies/setting_policy.rb b/app/policies/setting_policy.rb
index 66c1a1c6f..843e09b50 100644
--- a/app/policies/setting_policy.rb
+++ b/app/policies/setting_policy.rb
@@ -13,6 +13,7 @@ class SettingPolicy < ApplicationPolicy
   private
 
   def permitted?
+    return false if record.preferences[:protected]
     return true if !record.preferences[:permission]
 
     user.permissions?(record.preferences[:permission])
diff --git a/db/migrate/20210830174638_maintenance_improve_setting_preferences.rb b/db/migrate/20210830174638_maintenance_improve_setting_preferences.rb
new file mode 100644
index 000000000..f39a1a8ce
--- /dev/null
+++ b/db/migrate/20210830174638_maintenance_improve_setting_preferences.rb
@@ -0,0 +1,15 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+class MaintenanceImproveSettingPreferences < ActiveRecord::Migration[6.0]
+  def change
+    return if !Setting.exists?(name: 'system_init_done')
+
+    protected_settings = %w[application_secret]
+
+    protected_settings.each do |name|
+      setting = Setting.find_by(name: name)
+      setting.preferences[:protected] = true
+      setting.save!
+    end
+  end
+end
diff --git a/db/seeds/settings.rb b/db/seeds/settings.rb
index ae2ff84fe..6704464d5 100644
--- a/db/seeds/settings.rb
+++ b/db/seeds/settings.rb
@@ -9,6 +9,7 @@ Setting.create_if_not_exists(
   state:       SecureRandom.hex(128),
   preferences: {
     permission: ['admin'],
+    protected:  true,
   },
   frontend:    false
 )
diff --git a/spec/db/migrate/maintenance_improve_setting_preferences_spec.rb b/spec/db/migrate/maintenance_improve_setting_preferences_spec.rb
new file mode 100644
index 000000000..1630aa0f6
--- /dev/null
+++ b/spec/db/migrate/maintenance_improve_setting_preferences_spec.rb
@@ -0,0 +1,18 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+require 'rails_helper'
+
+RSpec.describe MaintenanceImproveSettingPreferences, type: :db_migration do
+  context 'when having old setting preferences without protected flag' do
+    before do
+      setting.preferences.delete(:protected)
+      setting.save!
+    end
+
+    let(:setting) { Setting.find_by(name: 'application_secret') }
+
+    it 'add protected flag' do
+      expect { migrate }.to change { setting.reload.preferences[:protected] }.to(true)
+    end
+  end
+end
diff --git a/spec/requests/settings_spec.rb b/spec/requests/settings_spec.rb
index dd94b1f66..87cbd92d7 100644
--- a/spec/requests/settings_spec.rb
+++ b/spec/requests/settings_spec.rb
@@ -225,5 +225,31 @@ RSpec.describe 'Settings', type: :request do
       expect(response).to have_http_status(:forbidden)
       expect(json_response['error']).to eq('Not authorized (user)!')
     end
+
+    it 'protected setting not existing in list' do
+      authenticated_as(admin)
+      get '/api/v1/settings', params: {}, as: :json
+      expect(json_response.detect { |setting| setting['name'] == 'application_secret' }).to eq(nil)
+    end
+
+    it 'can not show protected setting' do
+      setting = Setting.find_by(name: 'application_secret')
+      authenticated_as(admin)
+      get "/api/v1/settings/#{setting.id}", params: {}, as: :json
+      expect(response).to have_http_status(:forbidden)
+    end
+
+    it 'can not update protected setting' do
+      setting = Setting.find_by(name: 'application_secret')
+      params = {
+        id:    setting.id,
+        state: 'Examaple'
+      }
+      put "/api/v1/settings/#{setting.id}", params: params, as: :json
+
+      authenticated_as(admin)
+      put "/api/v1/settings/#{setting.id}", params: {}, as: :json
+      expect(response).to have_http_status(:forbidden)
+    end
   end
 end

From 57b9ac91f3195baa77511c5414508b5544b4d245 Mon Sep 17 00:00:00 2001
From: Dominik Klein <dk@zammad.com>
Date: Mon, 13 Sep 2021 15:33:22 +0200
Subject: [PATCH 33/65] Maintenance: Improve package installation.

---
 .../javascripts/app/views/package.jst.eco     |  7 +-
 app/models/package.rb                         | 54 +++++++-----
 spec/models/package_spec.rb                   | 82 +++++++++++++++++++
 3 files changed, 120 insertions(+), 23 deletions(-)
 create mode 100644 spec/models/package_spec.rb

diff --git a/app/assets/javascripts/app/views/package.jst.eco b/app/assets/javascripts/app/views/package.jst.eco
index c7c34023e..cb2a519ab 100644
--- a/app/assets/javascripts/app/views/package.jst.eco
+++ b/app/assets/javascripts/app/views/package.jst.eco
@@ -3,6 +3,11 @@
 </div>
 
 <div class="page-content">
+  <p>
+    <%- @T('The installation of packages comes with security implications, because arbitrary code will be executed in the context of the Zammad application.') %>
+    <br>
+    <%- @T('Only packages from known, trusted and verfied sources should be installed.') %>
+  </p>
   <p>
     <%- @T('After installing, updating or uninstalling packages the following commands need to be executed on the server:') %>
     <ul>
@@ -48,4 +53,4 @@
     <% end %>
     </tbody>
   </table>
-</div>
\ No newline at end of file
+</div>
diff --git a/app/models/package.rb b/app/models/package.rb
index 22bd30d64..b81631b57 100644
--- a/app/models/package.rb
+++ b/app/models/package.rb
@@ -263,32 +263,37 @@ subsequently in a separate step.
       )
     end
 
-    # store package
-    if !data[:reinstall]
-      package_db = Package.create(meta)
-      Store.add(
-        object:        'Package',
-        o_id:          package_db.id,
-        data:          package.to_json,
-        filename:      "#{meta[:name]}-#{meta[:version]}.zpm",
-        preferences:   {},
-        created_by_id: UserInfo.current_user_id || 1,
-      )
-    end
+    Transaction.execute do
+      # store package
+      if !data[:reinstall]
+        package_db = Package.create(meta)
+        Store.add(
+          object:        'Package',
+          o_id:          package_db.id,
+          data:          package.to_json,
+          filename:      "#{meta[:name]}-#{meta[:version]}.zpm",
+          preferences:   {},
+          created_by_id: UserInfo.current_user_id || 1,
+        )
+      end
 
-    # write files
-    package['files'].each do |file|
-      permission = file['permission'] || '644'
-      content    = Base64.decode64(file['content'])
-      _write_file(file['location'], permission, content)
-    end
+      # write files
+      package['files'].each do |file|
+        if !allowed_file_path?(file['location'])
+          raise "Can't create file, because of not allowed file location: #{file['location']}!"
+        end
 
-    # update package state
-    package_db.state = 'installed'
-    package_db.save
+        permission = file['permission'] || '644'
+        content    = Base64.decode64(file['content'])
+        _write_file(file['location'], permission, content)
+      end
+
+      # update package state
+      package_db.state = 'installed'
+      package_db.save
+    end
 
     # prebuild assets
-
     package_db
   end
 
@@ -483,4 +488,9 @@ execute all pending package migrations at once
 
     true
   end
+
+  def self.allowed_file_path?(file)
+    file.exclude?('..') && file.exclude?('%2e%2e')
+  end
+  private_class_method :allowed_file_path?
 end
diff --git a/spec/models/package_spec.rb b/spec/models/package_spec.rb
new file mode 100644
index 000000000..87eb74829
--- /dev/null
+++ b/spec/models/package_spec.rb
@@ -0,0 +1,82 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+require 'rails_helper'
+
+RSpec.describe Package, type: :model do
+  let(:package_zpm_files_json) do
+    <<-JSON
+      [
+        {
+          "permission": "644",
+          "location": "example.rb",
+          "content": "YWJjw6TDtsO8w58="
+        },
+        {
+          "permission": "644",
+          "location": "app/controllers/test_controller.rb",
+          "content": "YWJjw6TDtsO8w58="
+        }
+      ]
+    JSON
+  end
+  let(:package_zpm_json) do
+    <<-JSON
+    {
+      "name": "UnitTestSample",
+      "version": "1.0.1",
+      "vendor": "Zammad Foundation",
+      "license": "ABC",
+      "url": "https://zammad.org/",
+      "description": [
+        {
+          "language": "en",
+          "text": "some description"
+        }
+      ],
+      "files": #{package_zpm_files_json}
+    }
+    JSON
+  end
+
+  context 'with different file locations' do
+    context 'with correct file locations' do
+      it 'installation should work' do
+        expect(described_class.install(string: package_zpm_json)).to be_truthy
+      end
+    end
+
+    shared_examples 'check not allowed file location' do |file_location|
+      let(:package_zpm_files_json) do
+        <<-JSON
+          [
+            {
+              "permission": "644",
+              "location": "example.rb",
+              "content": "YWJjw6TDtsO8w58="
+            },
+            {
+              "permission": "644",
+              "location": "#{file_location}",
+              "content": "YWJjw6TDtsO8w58="
+            }
+          ]
+        JSON
+      end
+
+      it 'installation should raise a error and package/store should not be present, because of not allowed file location' do
+        expect { described_class.install(string: package_zpm_json) }
+          .to raise_error(RuntimeError)
+          .and change(described_class, :count).by(0)
+          .and change(Store, :count).by(0)
+      end
+    end
+
+    context "with not allowed file location part: '..'" do
+      include_examples 'check not allowed file location', '../../../../../tmp/test_controller.rb'
+    end
+
+    context "with not allowed file location part: '%2e%2e'" do
+      include_examples 'check not allowed file location', '%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/tmp/test_controller.rb'
+    end
+  end
+end

From 7dbd1c1b15b967dfa45df98c8f80076572db1358 Mon Sep 17 00:00:00 2001
From: Rolf Schmidt <rolf.schmidt@zammad.com>
Date: Wed, 22 Sep 2021 14:39:10 +0200
Subject: [PATCH 34/65] Maintenance: Remove while loop user check login.

---
 app/models/user.rb       | 17 ++++++++---------
 spec/models/user_spec.rb | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 9 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index a93432e4e..2f01b9c57 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -926,17 +926,16 @@ try to find correct name
     end
 
     # check if login already exists
-    self.login = login.downcase.strip
-    check      = true
-    while check
+    base_login = login.downcase.strip
+
+    alternatives = [nil] + Array(1..20) + [ SecureRandom.uuid ]
+    alternatives.each do |suffix|
+      self.login = "#{base_login}#{suffix}"
       exists = User.find_by(login: login)
-      if exists && exists.id != id
-        self.login = "#{login}#{rand(999)}" # rubocop:disable Zammad/ForbidRand
-      else
-        check = false
-      end
+      return true if !exists || exists.id == id
     end
-    true
+
+    raise Exceptions::UnprocessableEntity, "Invalid user login generation for login #{login}!"
   end
 
   def check_mail_delivery_failed
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 06fbe43c9..6bbc6eca7 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -573,6 +573,38 @@ RSpec.describe User, type: :model do
         end
       end
     end
+
+    describe '#check_login' do
+      let(:agent) { create(:agent) }
+
+      it 'does use the origin login' do
+        new_agent = create(:agent)
+        expect(new_agent.login).not_to end_with('1')
+      end
+
+      it 'does number up agent logins (1)' do
+        new_agent = create(:agent, login: agent.login)
+        expect(new_agent.login).to eq("#{agent.login}1")
+      end
+
+      it 'does number up agent logins (5)' do
+        new_agent = create(:agent, login: agent.login)
+        4.times do
+          new_agent = create(:agent, login: agent.login)
+        end
+
+        expect(new_agent.login).to eq("#{agent.login}5")
+      end
+
+      it 'does backup with uuid in cases of many duplicates' do
+        new_agent = create(:agent, login: agent.login)
+        20.times do
+          new_agent = create(:agent, login: agent.login)
+        end
+
+        expect(new_agent.login.sub!(agent.login, '')).to be_a_uuid
+      end
+    end
   end
 
   describe 'Attributes:' do

From acc93a23fb6442d1839ceecd17f6b40ebef3accb Mon Sep 17 00:00:00 2001
From: Thorsten Eckel <te@zammad.com>
Date: Wed, 22 Sep 2021 14:49:22 +0200
Subject: [PATCH 35/65] Maintenance: Enhance attachment preview capabilities

---
 app/controllers/application_controller.rb     |   2 +-
 .../application_controller/has_download.rb    |  44 ++++
 .../has_download/download_file.rb             |  54 +++++
 ...e_content_security_policy_for_downloads.rb |  25 ---
 app/controllers/attachments_controller.rb     |  25 +--
 app/controllers/ticket_articles_controller.rb |  36 +--
 .../has_download/download_file_spec.rb        |  88 ++++++++
 .../ticket/article_attachments_spec.rb        | 206 +++++++++++-------
 8 files changed, 322 insertions(+), 158 deletions(-)
 create mode 100644 app/controllers/application_controller/has_download.rb
 create mode 100644 app/controllers/application_controller/has_download/download_file.rb
 delete mode 100644 app/controllers/application_controller/has_secure_content_security_policy_for_downloads.rb
 create mode 100644 spec/controllers/application_controller/has_download/download_file_spec.rb

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 9dd30f46b..10bc7ba05 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -10,8 +10,8 @@ class ApplicationController < ActionController::Base
   include ApplicationController::RendersModels
   include ApplicationController::HasUser
   include ApplicationController::HasResponseExtentions
+  include ApplicationController::HasDownload
   include ApplicationController::PreventsCsrf
-  include ApplicationController::HasSecureContentSecurityPolicyForDownloads
   include ApplicationController::LogsHttpAccess
   include ApplicationController::Authorizes
 end
diff --git a/app/controllers/application_controller/has_download.rb b/app/controllers/application_controller/has_download.rb
new file mode 100644
index 000000000..b43435934
--- /dev/null
+++ b/app/controllers/application_controller/has_download.rb
@@ -0,0 +1,44 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+module ApplicationController::HasDownload
+  extend ActiveSupport::Concern
+
+  included do
+    around_action do |_controller, block|
+
+      subscriber = proc do
+        policy = ActionDispatch::ContentSecurityPolicy.new
+        policy.default_src :none
+
+        # The 'plugin_types' rule is deprecated and should be changed in the future.
+        policy.plugin_types 'application/pdf'
+
+        request.content_security_policy = policy
+      end
+
+      ActiveSupport::Notifications.subscribed(subscriber, 'send_file.action_controller') do
+        ActiveSupport::Notifications.subscribed(subscriber, 'send_data.action_controller') do
+          block.call
+        end
+      end
+    end
+  end
+
+  private
+
+  def file_id
+    @file_id ||= params[:id]
+  end
+
+  def download_file
+    @download_file ||= ::ApplicationController::HasDownload::DownloadFile.new(file_id, disposition: sanitized_disposition)
+  end
+
+  def sanitized_disposition
+    disposition = params.fetch(:disposition, 'inline')
+    valid_disposition = %w[inline attachment]
+    return disposition if valid_disposition.include?(disposition)
+
+    raise Exceptions::Forbidden, "Invalid disposition #{disposition} requested. Only #{valid_disposition.join(', ')} are valid."
+  end
+end
diff --git a/app/controllers/application_controller/has_download/download_file.rb b/app/controllers/application_controller/has_download/download_file.rb
new file mode 100644
index 000000000..1ea3751f7
--- /dev/null
+++ b/app/controllers/application_controller/has_download/download_file.rb
@@ -0,0 +1,54 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+class ApplicationController::HasDownload::DownloadFile < SimpleDelegator
+  attr_reader :requested_disposition
+
+  def initialize(id, disposition: 'inline')
+    @requested_disposition = disposition
+
+    super(Store.find(id))
+  end
+
+  def disposition
+    return 'attachment' if forcibly_download_as_binary? || !allowed_inline?
+
+    requested_disposition
+  end
+
+  def content_type
+    return ActiveStorage.binary_content_type if forcibly_download_as_binary?
+
+    file_content_type
+  end
+
+  def content(view_type)
+    return __getobj__.content if view_type.blank? || !preferences[:resizable]
+
+    return content_inline if content_inline? && view_type == 'inline'
+    return content_preview if content_preview? && view_type == 'preview'
+
+    __getobj__.content
+  end
+
+  private
+
+  def allowed_inline?
+    ActiveStorage.content_types_allowed_inline.include?(content_type)
+  end
+
+  def forcibly_download_as_binary?
+    ActiveStorage.content_types_to_serve_as_binary.include?(file_content_type)
+  end
+
+  def file_content_type
+    @file_content_type ||= preferences['Content-Type'] || preferences['Mime-Type'] || ActiveStorage.binary_content_type
+  end
+
+  def content_inline?
+    preferences[:content_inline] == true
+  end
+
+  def content_preview?
+    preferences[:content_preview] == true
+  end
+end
diff --git a/app/controllers/application_controller/has_secure_content_security_policy_for_downloads.rb b/app/controllers/application_controller/has_secure_content_security_policy_for_downloads.rb
deleted file mode 100644
index 3bb623fc1..000000000
--- a/app/controllers/application_controller/has_secure_content_security_policy_for_downloads.rb
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
-
-module ApplicationController::HasSecureContentSecurityPolicyForDownloads
-  extend ActiveSupport::Concern
-
-  included do
-
-    around_action do |_controller, block|
-
-      subscriber = proc do
-        policy = ActionDispatch::ContentSecurityPolicy.new
-        policy.default_src :none
-        policy.plugin_types 'application/pdf'
-
-        request.content_security_policy = policy
-      end
-
-      ActiveSupport::Notifications.subscribed(subscriber, 'send_file.action_controller') do
-        ActiveSupport::Notifications.subscribed(subscriber, 'send_data.action_controller') do
-          block.call
-        end
-      end
-    end
-  end
-end
diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index 8c2a7cd72..d00568ad2 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -6,14 +6,13 @@ class AttachmentsController < ApplicationController
   prepend_before_action :authentication_check_only, only: %i[show destroy]
 
   def show
-    content   = @file.content_preview if params[:preview] && @file.preferences[:content_preview]
-    content ||= @file.content
+    view_type = params[:preview] ? 'preview' : nil
 
     send_data(
-      content,
-      filename:    @file.filename,
-      type:        @file.preferences['Content-Type'] || @file.preferences['Mime-Type'] || 'application/octet-stream',
-      disposition: sanitized_disposition
+      download_file.content(view_type),
+      filename:    download_file.filename,
+      type:        download_file.content_type,
+      disposition: download_file.disposition
     )
   end
 
@@ -52,7 +51,7 @@ class AttachmentsController < ApplicationController
   end
 
   def destroy
-    Store.remove_item(@file.id)
+    Store.remove_item(download_file.id)
 
     render json: {
       success: true,
@@ -72,18 +71,8 @@ class AttachmentsController < ApplicationController
 
   private
 
-  def sanitized_disposition
-    disposition = params.fetch(:disposition, 'inline')
-    valid_disposition = %w[inline attachment]
-    return disposition if valid_disposition.include?(disposition)
-
-    raise Exceptions::Forbidden, "Invalid disposition #{disposition} requested. Only #{valid_disposition.join(', ')} are valid."
-  end
-
   def authorize!
-    @file = Store.find(params[:id])
-
-    record = @file&.store_object&.name&.safe_constantize&.find(@file.o_id)
+    record = download_file&.store_object&.name&.safe_constantize&.find(download_file.o_id)
     authorize(record) if record
   rescue Pundit::NotAuthorizedError
     raise ActiveRecord::RecordNotFound
diff --git a/app/controllers/ticket_articles_controller.rb b/app/controllers/ticket_articles_controller.rb
index 8180d558d..1cb5edad2 100644
--- a/app/controllers/ticket_articles_controller.rb
+++ b/app/controllers/ticket_articles_controller.rb
@@ -175,29 +175,11 @@ class TicketArticlesController < ApplicationController
     end
     raise Exceptions::Forbidden, 'Requested file id is not linked with article_id.' if !access
 
-    # find file
-    file = Store.find(params[:id])
-
-    disposition = sanitized_disposition
-
-    content = nil
-    if params[:view].present? && file.preferences[:resizable] == true
-      if file.preferences[:content_inline] == true && params[:view] == 'inline'
-        content = file.content_inline
-      elsif file.preferences[:content_preview] == true && params[:view] == 'preview'
-        content = file.content_preview
-      end
-    end
-
-    if content.blank?
-      content = file.content
-    end
-
     send_data(
-      content,
-      filename:    file.filename,
-      type:        file.preferences['Content-Type'] || file.preferences['Mime-Type'] || 'application/octet-stream',
-      disposition: disposition
+      download_file.content(params[:view]),
+      filename:    download_file.filename,
+      type:        download_file.content_type,
+      disposition: download_file.disposition
     )
   end
 
@@ -278,14 +260,4 @@ class TicketArticlesController < ApplicationController
 
     render json: result
   end
-
-  private
-
-  def sanitized_disposition
-    disposition = params.fetch(:disposition, 'inline')
-    valid_disposition = %w[inline attachment]
-    return disposition if valid_disposition.include?(disposition)
-
-    raise Exceptions::Forbidden, "Invalid disposition #{disposition} requested. Only #{valid_disposition.join(', ')} are valid."
-  end
 end
diff --git a/spec/controllers/application_controller/has_download/download_file_spec.rb b/spec/controllers/application_controller/has_download/download_file_spec.rb
new file mode 100644
index 000000000..eb31d8ef6
--- /dev/null
+++ b/spec/controllers/application_controller/has_download/download_file_spec.rb
@@ -0,0 +1,88 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+require 'rails_helper'
+
+RSpec.describe ApplicationController::HasDownload::DownloadFile do
+  subject(:download_file) { described_class.new(stored_file.id, disposition: 'inline') }
+
+  let(:file_content_type) { 'application/pdf' }
+  let(:file_data) { 'A example file.' }
+  let(:file_name) { 'example.pdf' }
+
+  let(:stored_file) do
+    Store.add(
+      object:        'Ticket',
+      o_id:          1,
+      data:          file_data,
+      filename:      file_name,
+      preferences:   {
+        'Content-Type' => file_content_type,
+      },
+      created_by_id: 1,
+    )
+  end
+
+  describe '#disposition' do
+    context "with given object dispostion 'inline'" do
+      context 'with allowed inline content type (from ActiveStorage.content_types_allowed_inline)' do
+        it 'disposition is inline' do
+          expect(download_file.disposition).to eq('inline')
+        end
+      end
+
+      context 'with binary content type (ActiveStorage.content_types_to_serve_as_binary)' do
+        let(:file_content_type) { 'image/svg+xml' }
+
+        it 'disposition forced to attachment' do
+          expect(download_file.disposition).to eq('attachment')
+        end
+      end
+    end
+
+    context "with given object dispostion 'attachment'" do
+      subject(:download_file) { described_class.new(stored_file.id, disposition: 'attachment') }
+
+      it 'disposition is attachment' do
+        expect(download_file.disposition).to eq('attachment')
+      end
+    end
+  end
+
+  describe '#content_type' do
+    context 'with none binary content type' do
+      it 'check content type' do
+        expect(download_file.content_type).to eq('application/pdf')
+      end
+    end
+
+    context 'with forced active storage binary content type' do
+      let(:file_content_type) { 'image/svg+xml' }
+
+      it 'check content type' do
+        expect(download_file.content_type).to eq('application/octet-stream')
+      end
+    end
+  end
+
+  describe '#content' do
+    context 'with not resizable file' do
+      it 'check that normal content will be returned' do
+        expect(download_file.content('preview')).to eq('A example file.')
+      end
+    end
+
+    context 'with image content type' do
+      let(:file_content_type) { 'image/jpg' }
+      let(:file_data) { File.binread(Rails.root.join('test/data/upload/upload2.jpg')) }
+      let(:file_name) { 'image.jpg' }
+
+      it 'check that inline content will be returned' do
+        expect(download_file.content('inline')).to not_eq(file_data)
+      end
+
+      it 'check that preview content will be returned' do
+        expect(download_file.content('preview')).to not_eq(file_data)
+      end
+    end
+  end
+end
diff --git a/spec/requests/ticket/article_attachments_spec.rb b/spec/requests/ticket/article_attachments_spec.rb
index eb8c1cc04..324cde917 100644
--- a/spec/requests/ticket/article_attachments_spec.rb
+++ b/spec/requests/ticket/article_attachments_spec.rb
@@ -2,7 +2,7 @@
 
 require 'rails_helper'
 
-RSpec.describe 'Ticket Article Attachments', type: :request do
+RSpec.describe 'Ticket Article Attachments', type: :request, authenticated_as: -> { agent } do
 
   let(:group) { create(:group) }
 
@@ -11,107 +11,149 @@ RSpec.describe 'Ticket Article Attachments', type: :request do
   end
 
   describe 'request handling' do
+    context 'with attachment urls' do
+      let(:ticket1) { create(:ticket, group: group) }
+      let(:article1) { create(:ticket_article, ticket: ticket1) }
+      let(:ticket2) { create(:ticket, group: group) }
+      let(:article2) { create(:ticket_article, ticket: ticket2) }
 
-    it 'does test attachment urls' do
-      ticket1  = create(:ticket, group: group)
-      article1 = create(:ticket_article, ticket_id: ticket1.id)
+      let(:store_file_content_type) { 'text/plain' }
+      let!(:store_file) do
+        Store.add(
+          object:        'Ticket::Article',
+          o_id:          article1.id,
+          data:          'some content',
+          filename:      'some_file.txt',
+          preferences:   {
+            'Content-Type' => store_file_content_type,
+          },
+          created_by_id: 1,
+        )
+      end
 
-      store1 = Store.add(
-        object:        'Ticket::Article',
-        o_id:          article1.id,
-        data:          'some content',
-        filename:      'some_file.txt',
-        preferences:   {
-          'Content-Type' => 'text/plain',
-        },
-        created_by_id: 1,
-      )
-      article2 = create(:ticket_article, ticket_id: ticket1.id)
+      context 'with one article attachment' do
+        it 'does test different attachment urls' do
+          get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store_file.id}", params: {}
+          expect(response).to have_http_status(:ok)
+          expect('some content').to eq(response.body)
 
-      authenticated_as(agent)
-      get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}
-      expect(response).to have_http_status(:ok)
-      expect('some content').to eq(@response.body)
+          get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store_file.id}", params: {}
+          expect(response).to have_http_status(:forbidden)
+          expect(response.body).to match(%r{403: Forbidden})
+        end
+      end
 
-      authenticated_as(agent)
-      get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}
-      expect(response).to have_http_status(:forbidden)
-      expect(@response.body).to match(%r{403: Forbidden})
+      context 'with attachment from merged ticket' do
+        before do
+          ticket1.merge_to(
+            ticket_id: ticket2.id,
+            user_id:   1,
+          )
+        end
 
-      ticket2 = create(:ticket, group: group)
-      ticket1.merge_to(
-        ticket_id: ticket2.id,
-        user_id:   1,
-      )
+        it 'does test attachment url after ticket merge' do
+          get "/api/v1/ticket_attachment/#{ticket2.id}/#{article1.id}/#{store_file.id}", params: {}
+          expect(response).to have_http_status(:ok)
+          expect('some content').to eq(response.body)
 
-      authenticated_as(agent)
-      get "/api/v1/ticket_attachment/#{ticket2.id}/#{article1.id}/#{store1.id}", params: {}
-      expect(response).to have_http_status(:ok)
-      expect('some content').to eq(@response.body)
+          get "/api/v1/ticket_attachment/#{ticket2.id}/#{article2.id}/#{store_file.id}", params: {}
+          expect(response).to have_http_status(:forbidden)
+          expect(response.body).to match(%r{403: Forbidden})
 
-      authenticated_as(agent)
-      get "/api/v1/ticket_attachment/#{ticket2.id}/#{article2.id}/#{store1.id}", params: {}
-      expect(response).to have_http_status(:forbidden)
-      expect(@response.body).to match(%r{403: Forbidden})
+          # allow access via merged ticket id also
+          get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store_file.id}", params: {}
+          expect(response).to have_http_status(:ok)
+          expect('some content').to eq(response.body)
 
-      # allow access via merged ticket id also
-      authenticated_as(agent)
-      get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}
-      expect(response).to have_http_status(:ok)
-      expect('some content').to eq(@response.body)
+          get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store_file.id}", params: {}
+          expect(response).to have_http_status(:forbidden)
+          expect(response.body).to match(%r{403: Forbidden})
+        end
+      end
 
-      authenticated_as(agent)
-      get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}
-      expect(response).to have_http_status(:forbidden)
-      expect(@response.body).to match(%r{403: Forbidden})
+      context 'with different file content types' do
+        context 'without allowed inline file content type' do
+          it 'disposition can not be inline' do
+            get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store_file.id}?disposition=inline", params: {}
+            expect(response.headers['Content-Disposition']).to include('attachment')
+          end
 
+          it 'content-type is correct' do
+            get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store_file.id}?disposition=inline", params: {}
+            expect(response.headers['Content-Type']).to include('text/plain')
+          end
+        end
+
+        context 'with binary file content type' do
+          let(:store_file_content_type) { 'image/svg+xml' }
+
+          it 'disposition can not be inline' do
+            get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store_file.id}?disposition=inline", params: {}
+            expect(response.headers['Content-Disposition']).to include('attachment')
+          end
+
+          it 'content-type was forced to active storage binary content type' do
+            get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store_file.id}?disposition=inline", params: {}
+            expect(response.headers['Content-Type']).to include('application/octet-stream')
+          end
+        end
+
+        context 'with allowed inline file content type' do
+          let(:store_file_content_type) { 'application/pdf' }
+
+          it 'disposition is inline' do
+            get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store_file.id}?disposition=inline", params: {}
+            expect(response.headers['Content-Disposition']).to include('inline')
+          end
+        end
+      end
     end
 
-    it 'does test attachments for split' do
-      email_file_path  = Rails.root.join('test/data/mail/mail024.box')
-      email_raw_string = File.read(email_file_path)
-      ticket_p, article_p, _user_p = Channel::EmailParser.new.process({}, email_raw_string)
+    context 'when attachment actions are used' do
+      it 'does test attachments for split' do
+        email_file_path  = Rails.root.join('test/data/mail/mail024.box')
+        email_raw_string = File.read(email_file_path)
+        ticket_p, article_p, _user_p = Channel::EmailParser.new.process({}, email_raw_string)
 
-      authenticated_as(agent)
-      get '/api/v1/ticket_split', params: { form_id: '1234-2', ticket_id: ticket_p.id, article_id: article_p.id }, as: :json
-      expect(response).to have_http_status(:ok)
-      expect(json_response['assets']).to be_truthy
-      expect(json_response['attachments']).to be_a_kind_of(Array)
-      expect(json_response['attachments'].count).to eq(1)
-      expect(json_response['attachments'][0]['filename']).to eq('rulesets-report.csv')
+        get '/api/v1/ticket_split', params: { form_id: '1234-2', ticket_id: ticket_p.id, article_id: article_p.id }, as: :json
+        expect(response).to have_http_status(:ok)
+        expect(json_response['assets']).to be_truthy
+        expect(json_response['attachments']).to be_a_kind_of(Array)
+        expect(json_response['attachments'].count).to eq(1)
+        expect(json_response['attachments'][0]['filename']).to eq('rulesets-report.csv')
 
-    end
+      end
 
-    it 'does test attachments for forward' do
-      email_file_path  = Rails.root.join('test/data/mail/mail008.box')
-      email_raw_string = File.read(email_file_path)
-      _ticket_p, article_p, _user_p = Channel::EmailParser.new.process({}, email_raw_string)
+      it 'does test attachments for forward' do
+        email_file_path  = Rails.root.join('test/data/mail/mail008.box')
+        email_raw_string = File.read(email_file_path)
+        _ticket_p, article_p, _user_p = Channel::EmailParser.new.process({}, email_raw_string)
 
-      authenticated_as(agent)
-      post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: {}, as: :json
-      expect(response).to have_http_status(:unprocessable_entity)
-      expect(json_response).to be_a_kind_of(Hash)
-      expect(json_response['error']).to eq('Need form_id to attach attachments to new form.')
+        post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: {}, as: :json
+        expect(response).to have_http_status(:unprocessable_entity)
+        expect(json_response).to be_a_kind_of(Hash)
+        expect(json_response['error']).to eq('Need form_id to attach attachments to new form.')
 
-      post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-1' }, as: :json
-      expect(response).to have_http_status(:ok)
-      expect(json_response['attachments']).to be_a_kind_of(Array)
-      expect(json_response['attachments']).to be_blank
+        post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-1' }, as: :json
+        expect(response).to have_http_status(:ok)
+        expect(json_response['attachments']).to be_a_kind_of(Array)
+        expect(json_response['attachments']).to be_blank
 
-      email_file_path  = Rails.root.join('test/data/mail/mail024.box')
-      email_raw_string = File.read(email_file_path)
-      _ticket_p, article_p, _user_p = Channel::EmailParser.new.process({}, email_raw_string)
+        email_file_path  = Rails.root.join('test/data/mail/mail024.box')
+        email_raw_string = File.read(email_file_path)
+        _ticket_p, article_p, _user_p = Channel::EmailParser.new.process({}, email_raw_string)
 
-      post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }, as: :json
-      expect(response).to have_http_status(:ok)
-      expect(json_response['attachments']).to be_a_kind_of(Array)
-      expect(json_response['attachments'].count).to eq(1)
-      expect(json_response['attachments'][0]['filename']).to eq('rulesets-report.csv')
+        post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }, as: :json
+        expect(response).to have_http_status(:ok)
+        expect(json_response['attachments']).to be_a_kind_of(Array)
+        expect(json_response['attachments'].count).to eq(1)
+        expect(json_response['attachments'][0]['filename']).to eq('rulesets-report.csv')
 
-      post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }, as: :json
-      expect(response).to have_http_status(:ok)
-      expect(json_response['attachments']).to be_a_kind_of(Array)
-      expect(json_response['attachments']).to be_blank
+        post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }, as: :json
+        expect(response).to have_http_status(:ok)
+        expect(json_response['attachments']).to be_a_kind_of(Array)
+        expect(json_response['attachments']).to be_blank
+      end
     end
   end
 end

From 867b36baa8f0cb0be33d7a8b5f7b804384f5a3d9 Mon Sep 17 00:00:00 2001
From: Rolf Schmidt <rolf.schmidt@zammad.com>
Date: Wed, 22 Sep 2021 16:57:27 +0200
Subject: [PATCH 36/65] Maintenance: Add assets level to have different data
 sets based on permissions

---
 .../application_model/can_associations.rb     |  11 +-
 app/models/group.rb                           |   2 +
 app/models/group/assets.rb                    |  14 ++
 app/models/object_manager/element/backend.rb  |   2 +-
 app/models/organization/assets.rb             |   7 +
 app/models/role/assets.rb                     |   8 +
 app/models/user/assets.rb                     |  15 ++
 lib/session_helper.rb                         |   2 +-
 lib/user_info.rb                              |   5 +
 lib/user_info/assets.rb                       |  52 ++++++
 spec/system/basic/assets_spec.rb              | 172 ++++++++++++++++++
 11 files changed, 284 insertions(+), 6 deletions(-)
 create mode 100644 app/models/group/assets.rb
 create mode 100644 lib/user_info/assets.rb
 create mode 100644 spec/system/basic/assets_spec.rb

diff --git a/app/models/application_model/can_associations.rb b/app/models/application_model/can_associations.rb
index c615ab4d2..41cc0639a 100644
--- a/app/models/application_model/can_associations.rb
+++ b/app/models/application_model/can_associations.rb
@@ -121,7 +121,7 @@ returns
 
     key = "#{self.class}::aws::#{id}"
     cache = Cache.read(key)
-    return cache if cache
+    return filter_unauthorized_attributes(cache) if cache
 
     attributes = self.attributes
     relevant   = %i[has_and_belongs_to_many has_many]
@@ -160,7 +160,7 @@ returns
     filter_attributes(attributes)
 
     Cache.write(key, attributes)
-    attributes
+    filter_unauthorized_attributes(attributes)
   end
 
 =begin
@@ -234,8 +234,7 @@ returns
     end
 
     filter_attributes(attributes)
-
-    attributes
+    filter_unauthorized_attributes(attributes)
   end
 
   def filter_attributes(attributes)
@@ -243,6 +242,10 @@ returns
     attributes.except!('password', 'token', 'tokens', 'token_ids')
   end
 
+  def filter_unauthorized_attributes(attributes)
+    attributes
+  end
+
 =begin
 
 reference if association id check
diff --git a/app/models/group.rb b/app/models/group.rb
index 352722566..a3150d0e3 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -12,6 +12,8 @@ class Group < ApplicationModel
   include HasTicketCreateScreenImpact
   include HasSearchIndexBackend
 
+  include Group::Assets
+
   belongs_to :email_address, optional: true
   belongs_to :signature, optional: true
 
diff --git a/app/models/group/assets.rb b/app/models/group/assets.rb
new file mode 100644
index 000000000..058a9ee70
--- /dev/null
+++ b/app/models/group/assets.rb
@@ -0,0 +1,14 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+class Group
+  module Assets
+    extend ActiveSupport::Concern
+
+    def filter_unauthorized_attributes(attributes)
+      return super if UserInfo.assets.blank? || UserInfo.assets.agent?
+
+      attributes = super
+      attributes.slice('id', 'name', 'active')
+    end
+  end
+end
diff --git a/app/models/object_manager/element/backend.rb b/app/models/object_manager/element/backend.rb
index 9851f14f4..0af905eec 100644
--- a/app/models/object_manager/element/backend.rb
+++ b/app/models/object_manager/element/backend.rb
@@ -43,7 +43,7 @@ class ObjectManager::Element::Backend
   end
 
   def screens
-    attribute.screens.transform_values do |permission_options|
+    @screens ||= attribute.screens.transform_values do |permission_options|
       screen_value(permission_options)
     end
   end
diff --git a/app/models/organization/assets.rb b/app/models/organization/assets.rb
index 10fcb9572..37b2ab700 100644
--- a/app/models/organization/assets.rb
+++ b/app/models/organization/assets.rb
@@ -70,5 +70,12 @@ returns
       end
       data
     end
+
+    def filter_unauthorized_attributes(attributes)
+      return super if UserInfo.assets.blank? || UserInfo.assets.agent?
+
+      attributes = super
+      attributes.slice('id', 'name', 'active')
+    end
   end
 end
diff --git a/app/models/role/assets.rb b/app/models/role/assets.rb
index 6f002cb6a..8780602a6 100644
--- a/app/models/role/assets.rb
+++ b/app/models/role/assets.rb
@@ -60,5 +60,13 @@ returns
       end
       data
     end
+
+    def filter_unauthorized_attributes(attributes)
+      return super if UserInfo.assets.blank? || UserInfo.assets.agent?
+
+      attributes = super
+      attributes['name'] = "Role_#{id}"
+      attributes.slice('id', 'name', 'group_ids', 'permission_ids', 'active')
+    end
   end
 end
diff --git a/app/models/user/assets.rb b/app/models/user/assets.rb
index ec0db2238..ba00c4f91 100644
--- a/app/models/user/assets.rb
+++ b/app/models/user/assets.rb
@@ -110,5 +110,20 @@ returns
       end
       data
     end
+
+    def filter_unauthorized_attributes(attributes)
+      return super if UserInfo.assets.blank? || UserInfo.assets.agent?
+
+      # customer assets for the user session
+      if UserInfo.current_user_id == id
+        attributes = super
+        attributes.except!('web', 'phone', 'mobile', 'fax', 'department', 'street', 'zip', 'city', 'country', 'address', 'note')
+        return attributes
+      end
+
+      # customer assets for other user
+      attributes = super
+      attributes.slice('id', 'firstname', 'lastname', 'image', 'image_source', 'active')
+    end
   end
 end
diff --git a/lib/session_helper.rb b/lib/session_helper.rb
index 9b3f8c826..5fb10ed8e 100644
--- a/lib/session_helper.rb
+++ b/lib/session_helper.rb
@@ -4,7 +4,7 @@ module SessionHelper
   def self.json_hash(user)
     collections, assets = default_collections(user)
     {
-      session:     user.filter_attributes(user.attributes),
+      session:     user.filter_unauthorized_attributes(user.filter_attributes(user.attributes)),
       models:      models(user),
       collections: collections,
       assets:      assets,
diff --git a/lib/user_info.rb b/lib/user_info.rb
index 833177a86..fecdfed7a 100644
--- a/lib/user_info.rb
+++ b/lib/user_info.rb
@@ -7,6 +7,11 @@ module UserInfo
 
   def self.current_user_id=(user_id)
     Thread.current[:user_id] = user_id
+    Thread.current[:assets]  = UserInfo::Assets.new(user_id)
+  end
+
+  def self.assets
+    Thread.current[:assets]
   end
 
   def self.ensure_current_user_id
diff --git a/lib/user_info/assets.rb b/lib/user_info/assets.rb
new file mode 100644
index 000000000..01df38c32
--- /dev/null
+++ b/lib/user_info/assets.rb
@@ -0,0 +1,52 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+class UserInfo::Assets
+  LEVEL_CUSTOMER = 1
+  LEVEL_AGENT    = 2
+  LEVEL_ADMIN    = 3
+
+  attr_accessor :current_user_id, :level, :filter_attributes, :user
+
+  def initialize(current_user_id)
+    @current_user_id = current_user_id
+    @user = User.find_by(id: current_user_id) if current_user_id.present?
+
+    set_level
+  end
+
+  def admin?
+    check_level?(UserInfo::Assets::LEVEL_ADMIN)
+  end
+
+  def agent?
+    check_level?(UserInfo::Assets::LEVEL_AGENT)
+  end
+
+  def customer?
+    check_level?(UserInfo::Assets::LEVEL_CUSTOMER)
+  end
+
+  def set_level
+    if user.blank?
+      self.level = nil
+      return
+    end
+
+    self.level = UserInfo::Assets::LEVEL_CUSTOMER
+    Permission.where(id: user.permissions_with_child_ids).each do |permission|
+      case permission.name
+      when %r{^admin\.}
+        self.level = UserInfo::Assets::LEVEL_ADMIN
+        break
+      when 'ticket.agent'
+        self.level = UserInfo::Assets::LEVEL_AGENT
+      end
+    end
+  end
+
+  def check_level?(check)
+    return true if user.blank?
+
+    level >= check
+  end
+end
diff --git a/spec/system/basic/assets_spec.rb b/spec/system/basic/assets_spec.rb
new file mode 100644
index 000000000..e273ca74b
--- /dev/null
+++ b/spec/system/basic/assets_spec.rb
@@ -0,0 +1,172 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+require 'rails_helper'
+
+RSpec.describe 'Assets', type: :system, db_strategy: :reset do
+  let(:organization) { create(:organization, note: 'hello') }
+  let(:customer) { create(:customer, organization: organization, note: 'hello', last_login: Time.zone.now, login_failed: 1) }
+  let(:agent) { create(:agent, groups: [Group.find_by(name: 'Users')], note: 'hello', last_login: Time.zone.now, login_failed: 1) }
+  let(:admin) { create(:admin, groups: [Group.find_by(name: 'Users')], note: 'hello', last_login: Time.zone.now, login_failed: 1) }
+  let(:ticket) { create(:ticket, owner: agent, group: Group.find_by(name: 'Users'), customer: customer, created_by: admin) }
+
+  context 'groups' do
+    def group_note
+      page.execute_script('return App.Group.first().note')
+    end
+
+    describe 'when customer', authenticated_as: :customer do
+      it 'can not access group details' do
+        expect(group_note).to be nil
+      end
+    end
+
+    describe 'when agent', authenticated_as: :agent do
+      it 'can access group details' do
+        expect(group_note).not_to be nil
+      end
+    end
+
+    describe 'when admin', authenticated_as: :admin do
+      it 'can access group details' do
+        expect(group_note).not_to be nil
+      end
+    end
+  end
+
+  context 'organizations' do
+    def organization_note
+      page.execute_script("return App.Organization.find(#{organization.id}).note")
+    end
+
+    before do
+      visit "#ticket/zoom/#{ticket.id}"
+    end
+
+    describe 'when customer', authenticated_as: :customer do
+      it 'can not access organization details' do
+        expect(organization_note).to be nil
+      end
+    end
+
+    describe 'when agent', authenticated_as: :agent do
+      it 'can access organization details' do
+        expect(organization_note).not_to be nil
+      end
+    end
+
+    describe 'when admin', authenticated_as: :admin do
+      it 'can access organization details' do
+        expect(organization_note).not_to be nil
+      end
+    end
+  end
+
+  context 'roles' do
+    def role_name
+      page.execute_script('return App.Role.first().name')
+    end
+
+    before do
+      visit "#ticket/zoom/#{ticket.id}"
+    end
+
+    describe 'when customer', authenticated_as: :customer do
+      it 'can not access role details' do
+        expect(role_name).to eq('Role_1')
+      end
+    end
+
+    describe 'when agent', authenticated_as: :agent do
+      it 'can access role details' do
+        expect(role_name).not_to eq('Role_1')
+      end
+    end
+
+    describe 'when admin', authenticated_as: :admin do
+      it 'can access role details' do
+        expect(role_name).not_to eq('Role_1')
+      end
+    end
+  end
+
+  context 'users' do
+    def customer_email
+      page.execute_script("return App.User.find(#{customer.id}).email")
+    end
+
+    def customer_note
+      page.execute_script("return App.User.find(#{customer.id}).note")
+    end
+
+    def owner_firstname
+      page.execute_script("return App.User.find(#{agent.id}).firstname")
+    end
+
+    def owner_details
+      [
+        page.execute_script("return App.User.find(#{agent.id}).last_login"),
+        page.execute_script("return App.User.find(#{agent.id}).login_failed"),
+        page.execute_script("return App.User.find(#{agent.id}).email"),
+        page.execute_script("return App.User.find(#{agent.id}).note"),
+      ].compact
+    end
+
+    before do
+      visit "#ticket/zoom/#{ticket.id}"
+    end
+
+    describe 'when customer', authenticated_as: :customer do
+      it 'can access customer email' do
+        expect(customer_email).not_to be nil
+      end
+
+      it 'can not access customer note' do
+        expect(customer_note).to be nil
+      end
+
+      it 'can not access owner details' do
+        expect(owner_details).to be_empty
+      end
+
+      it 'can access owner firstname' do
+        expect(owner_firstname).not_to be nil
+      end
+    end
+
+    describe 'when agent', authenticated_as: :agent do
+      it 'can access customer email' do
+        expect(customer_email).not_to be nil
+      end
+
+      it 'can access customer note' do
+        expect(customer_note).not_to be nil
+      end
+
+      it 'can access owner details' do
+        expect(owner_details).not_to be_empty
+      end
+
+      it 'can access owner firstname' do
+        expect(owner_firstname).not_to be nil
+      end
+    end
+
+    describe 'when admin', authenticated_as: :admin do
+      it 'can access customer email' do
+        expect(customer_email).not_to be nil
+      end
+
+      it 'can access customer note' do
+        expect(customer_note).not_to be nil
+      end
+
+      it 'can access owner details' do
+        expect(owner_details).not_to be_empty
+      end
+
+      it 'can access owner firstname' do
+        expect(owner_firstname).not_to be nil
+      end
+    end
+  end
+end

From 7f178484c734c1d962026bb3cfd81223f1551250 Mon Sep 17 00:00:00 2001
From: Dominik Klein <dk@zammad.com>
Date: Wed, 22 Sep 2021 13:19:28 +0200
Subject: [PATCH 37/65] Maintenance: Refactoring of Avatar storage logic.

---
 app/controllers/users_controller.rb | 33 ++++++++++++------
 app/models/avatar.rb                |  1 -
 spec/requests/user_spec.rb          | 54 +++++++++++++++++++++++++++++
 3 files changed, 77 insertions(+), 11 deletions(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index d69bea299..6dde9b568 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -722,31 +722,28 @@ curl http://localhost/api/v1/users/image/8d6cca1c6bdc226cf2ba131e264ca2c7 -v -u
 =end
 
   def image
-
     # cache image
     response.headers['Expires']       = 1.year.from_now.httpdate
     response.headers['Cache-Control'] = 'cache, store, max-age=31536000, must-revalidate'
     response.headers['Pragma']        = 'cache'
 
     file = Avatar.get_by_hash(params[:hash])
+
     if file
+      file_content_type = file.preferences['Content-Type'] || file.preferences['Mime-Type']
+
+      return serve_default_image if ActiveStorage.content_types_allowed_inline.exclude?(file_content_type)
+
       send_data(
         file.content,
         filename:    file.filename,
-        type:        file.preferences['Content-Type'] || file.preferences['Mime-Type'],
+        type:        file_content_type,
         disposition: 'inline'
       )
       return
     end
 
-    # serve default image
-    image = 'R0lGODdhMAAwAOMAAMzMzJaWlr6+vqqqqqOjo8XFxbe3t7GxsZycnAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAMAAwAAAEcxDISau9OOvNu/9gKI5kaZ5oqq5s675wLM90bd94ru98TwuAA+KQAQqJK8EAgBAgMEqmkzUgBIeSwWGZtR5XhSqAULACCoGCJGwlm1MGQrq9RqgB8fm4ZTUgDBIEcRR9fz6HiImKi4yNjo+QkZKTlJWWkBEAOw=='
-    send_data(
-      Base64.decode64(image),
-      filename:    'image.gif',
-      type:        'image/gif',
-      disposition: 'inline'
-    )
+    serve_default_image
   end
 
 =begin
@@ -778,6 +775,11 @@ curl http://localhost/api/v1/users/avatar -v -u #{login}:#{password} -H "Content
       return
     end
 
+    if ActiveStorage::Variant::WEB_IMAGE_CONTENT_TYPES.exclude?(file_full[:mime_type])
+      render json: { error: 'Mime type is invalid' }, status: :unprocessable_entity
+      return
+    end
+
     begin
       file_resize = StaticAssets.data_url_attributes(params[:avatar_resize])
     rescue
@@ -1061,4 +1063,15 @@ curl http://localhost/api/v1/users/avatar -v -u #{login}:#{password} -H "Content
 
     render json: { message: 'ok' }, status: :created
   end
+
+  def serve_default_image
+    image = 'R0lGODdhMAAwAOMAAMzMzJaWlr6+vqqqqqOjo8XFxbe3t7GxsZycnAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAMAAwAAAEcxDISau9OOvNu/9gKI5kaZ5oqq5s675wLM90bd94ru98TwuAA+KQAQqJK8EAgBAgMEqmkzUgBIeSwWGZtR5XhSqAULACCoGCJGwlm1MGQrq9RqgB8fm4ZTUgDBIEcRR9fz6HiImKi4yNjo+QkZKTlJWWkBEAOw=='
+
+    send_data(
+      Base64.decode64(image),
+      filename:    'image.gif',
+      type:        'image/gif',
+      disposition: 'inline'
+    )
+  end
 end
diff --git a/app/models/avatar.rb b/app/models/avatar.rb
index 0c7858ca5..5aa8be1f9 100644
--- a/app/models/avatar.rb
+++ b/app/models/avatar.rb
@@ -72,7 +72,6 @@ add avatar by url
 =end
 
   def self.add(data)
-
     # lookups
     if data[:object]
       object_id = ObjectLookup.by_name(data[:object])
diff --git a/spec/requests/user_spec.rb b/spec/requests/user_spec.rb
index 3d807086c..964d3b4f7 100644
--- a/spec/requests/user_spec.rb
+++ b/spec/requests/user_spec.rb
@@ -1517,6 +1517,60 @@ RSpec.describe 'User', type: :request do
       expect { make_request(avatar_full: base64, avatar_resize: base64) }
         .to change { Avatar.list('User', user.id) }
     end
+
+    context 'with a not allowed mime-type' do
+      let(:base64) { 'data:image/svg+xml;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==' }
+
+      it 'returns verbose error for a not allowed mime-type' do
+        make_request(avatar_full: base64)
+        expect(json_response).to include('error' => 'Mime type is invalid')
+      end
+    end
+  end
+
+  describe 'GET /api/v1/users/image/:hash', authenticated_as: :user do
+    let(:user) { create(:user) }
+    let(:avatar_mime_type) { 'image/png' }
+    let(:avatar) do
+      file = File.open('test/data/image/1000x1000.png', 'rb')
+      contents = file.read
+      Avatar.add(
+        object:        'User',
+        o_id:          user.id,
+        default:       true,
+        resize:        {
+          content:   contents,
+          mime_type: avatar_mime_type,
+        },
+        source:        'web',
+        deletable:     true,
+        updated_by_id: 1,
+        created_by_id: 1,
+      )
+    end
+    let(:avatar_content) { Avatar.get_by_hash(avatar.store_hash).content }
+
+    before do
+      user.update!(image: avatar.store_hash)
+    end
+
+    def make_request(image_hash, params: {})
+      get "/api/v1/users/image/#{image_hash}", params: params, as: :json
+    end
+
+    it 'returns verbose error when full image is missing' do
+      make_request(avatar.store_hash)
+      expect(response.body).to eq(avatar_content)
+    end
+
+    context 'with a not allowed inline mime-type' do
+      let(:avatar_mime_type) { 'image/svg+xml' }
+
+      it 'returns the default image' do
+        make_request(avatar.store_hash)
+        expect(response.headers['Content-Type']).to include('image/gif')
+      end
+    end
   end
 
   describe 'GET /api/v1/users/search, checks usage of the ids parameter', authenticated_as: :agent do

From de30a5c1b1e8dbbc794c5ff616f97bb1bc3073ff Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Thu, 23 Sep 2021 12:04:18 +0200
Subject: [PATCH 38/65] Maintenance: Improve template rendering.

---
 lib/notification_factory/mailer.rb            |  9 ++++---
 lib/notification_factory/renderer.rb          |  7 ++---
 lib/notification_factory/slack.rb             |  9 ++++---
 lib/notification_factory/template.rb          | 10 ++++---
 .../notification_factory/renderer.rb          |  5 ++--
 .../lib/notification_factory/renderer_spec.rb | 21 ++++++++++++---
 .../lib/notification_factory/template_spec.rb | 26 ++++++++++++++++++-
 7 files changed, 69 insertions(+), 18 deletions(-)

diff --git a/lib/notification_factory/mailer.rb b/lib/notification_factory/mailer.rb
index 3d0ee633d..b9e0154ac 100644
--- a/lib/notification_factory/mailer.rb
+++ b/lib/notification_factory/mailer.rb
@@ -324,7 +324,8 @@ returns
       locale:   data[:locale],
       timezone: data[:timezone],
       template: template[:subject],
-      escape:   false
+      escape:   false,
+      trusted:  true,
     ).render
 
     # strip off the extra newline at the end of the subject to avoid =0A suffixes (see #2726)
@@ -334,7 +335,8 @@ returns
       objects:  data[:objects],
       locale:   data[:locale],
       timezone: data[:timezone],
-      template: template[:body]
+      template: template[:body],
+      trusted:  true,
     ).render
 
     if !data[:raw]
@@ -348,7 +350,8 @@ returns
         objects:  data[:objects],
         locale:   data[:locale],
         timezone: data[:timezone],
-        template: application_template
+        template: application_template,
+        trusted:  true,
       ).render
     end
     {
diff --git a/lib/notification_factory/renderer.rb b/lib/notification_factory/renderer.rb
index 669279bd9..bc6e96f6e 100644
--- a/lib/notification_factory/renderer.rb
+++ b/lib/notification_factory/renderer.rb
@@ -13,7 +13,8 @@ examples how to use
       locale: 'de-de',
       timezone: 'America/Port-au-Prince',
       template: 'some template <b>#{ticket.title}</b> {config.fqdn}',
-      escape: false
+      escape: false,
+      trusted: false, # Allow ERB tags in the template?
     ).render
 
     message_body = NotificationFactory::Renderer.new(
@@ -27,11 +28,11 @@ examples how to use
 
 =end
 
-  def initialize(objects:, template:, locale: nil, timezone: nil, escape: true)
+  def initialize(objects:, template:, locale: nil, timezone: nil, escape: true, trusted: false) # rubocop:disable Metrics/ParameterLists
     @objects  = objects
     @locale   = locale || Locale.default
     @timezone = timezone || Setting.get('timezone_default')
-    @template = NotificationFactory::Template.new(template, escape)
+    @template = NotificationFactory::Template.new(template, escape, trusted)
     @escape = escape
   end
 
diff --git a/lib/notification_factory/slack.rb b/lib/notification_factory/slack.rb
index f490da42e..e7a12a190 100644
--- a/lib/notification_factory/slack.rb
+++ b/lib/notification_factory/slack.rb
@@ -46,14 +46,16 @@ returns
       locale:   data[:locale],
       timezone: data[:timezone],
       template: template[:subject],
-      escape:   false
+      escape:   false,
+      trusted:  true
     ).render
     message_body = NotificationFactory::Renderer.new(
       objects:  data[:objects],
       locale:   data[:locale],
       timezone: data[:timezone],
       template: template[:body],
-      escape:   false
+      escape:   false,
+      trusted:  true
     ).render
 
     if !data[:raw]
@@ -68,7 +70,8 @@ returns
         locale:   data[:locale],
         timezone: data[:timezone],
         template: application_template,
-        escape:   false
+        escape:   false,
+        trusted:  true
       ).render
     end
     {
diff --git a/lib/notification_factory/template.rb b/lib/notification_factory/template.rb
index b7919e6c2..19e93835f 100644
--- a/lib/notification_factory/template.rb
+++ b/lib/notification_factory/template.rb
@@ -9,17 +9,21 @@ examples how to use
     cleaned_template = NotificationFactory::Template.new(
       'some template <b>#{ticket.title}</b> #{config.fqdn}',
       true,
+      false,  # Allow ERB tags in the template?
     ).to_s
 
 =end
 
-  def initialize(template, escape)
+  def initialize(template, escape, trusted)
     @template = template
-    @escape = escape
+    @escape   = escape
+    @trusted  = trusted
   end
 
   def to_s
-    @template.gsub(%r{\#{\s*(.*?)\s*}}m) do
+    result = @template
+    result.gsub!(%r{<%(?!%)}, '<%%') if !@trusted
+    result.gsub(%r{\#{\s*(.*?)\s*}}m) do
       # some browsers start adding HTML tags
       # fixes https://github.com/zammad/zammad/issues/385
       input_template = $1.gsub(%r{\A<.+?>\s*|\s*<.+?>\z}, '')
diff --git a/spec/factories/notification_factory/renderer.rb b/spec/factories/notification_factory/renderer.rb
index c1f86ea47..244503265 100644
--- a/spec/factories/notification_factory/renderer.rb
+++ b/spec/factories/notification_factory/renderer.rb
@@ -2,11 +2,12 @@
 
 FactoryBot.define do
   factory :notification_factory_renderer, class: 'NotificationFactory::Renderer' do
-    objects  { nil }
+    objects { nil }
     locale   { 'en-en' }
     template { '' }
     escape   { true }
+    trusted  { false }
 
-    initialize_with { new(objects: objects, locale: locale, template: template, escape: escape) }
+    initialize_with { new(objects: objects, locale: locale, template: template, escape: escape, trusted: trusted) }
   end
 end
diff --git a/spec/lib/notification_factory/renderer_spec.rb b/spec/lib/notification_factory/renderer_spec.rb
index 1785ba2a0..3fe093fec 100644
--- a/spec/lib/notification_factory/renderer_spec.rb
+++ b/spec/lib/notification_factory/renderer_spec.rb
@@ -12,6 +12,21 @@ RSpec.describe NotificationFactory::Renderer do
       expect(renderer.render).to eq ''
     end
 
+    context 'when rendering templates with ERB tags' do
+
+      let(:template) { '<%% <%= "<%" %> %%>' }
+
+      it 'ignores pre-existing ERB tags in an untrusted template' do
+        renderer = build :notification_factory_renderer, template: template
+        expect(renderer.render).to eq '<% <%= "<%" %> %%>'
+      end
+
+      it 'executes pre-existing ERB tags in a trusted template' do
+        renderer = build :notification_factory_renderer, template: template, trusted: true
+        expect(renderer.render).to eq '<% <% %%>'
+      end
+    end
+
     it 'correctly renders chained object references' do
       user = User.where(firstname: 'Nicole').first
       ticket = create :ticket, customer: user
@@ -30,17 +45,17 @@ RSpec.describe NotificationFactory::Renderer do
     end
 
     it 'raises a StandardError when rendering a template with a broken syntax' do
-      renderer = build :notification_factory_renderer, template: 'test <% if %>', objects: {}
+      renderer = build :notification_factory_renderer, template: 'test <% if %>', objects: {}, trusted: true
       expect { renderer.render }.to raise_error(StandardError)
     end
 
     it 'raises a StandardError when rendering a template calling a non existant method' do
-      renderer = build :notification_factory_renderer, template: 'test <% Ticket.non_existant_method %>', objects: {}
+      renderer = build :notification_factory_renderer, template: 'test <% Ticket.non_existant_method %>', objects: {}, trusted: true
       expect { renderer.render }.to raise_error(StandardError)
     end
 
     it 'raises a StandardError when rendering a template referencing a non existant object' do
-      renderer = build :notification_factory_renderer, template: 'test <% NonExistantObject.first %>', objects: {}
+      renderer = build :notification_factory_renderer, template: 'test <% NonExistantObject.first %>', objects: {}, trusted: true
       expect { renderer.render }.to raise_error(StandardError)
     end
 
diff --git a/spec/lib/notification_factory/template_spec.rb b/spec/lib/notification_factory/template_spec.rb
index b8257c443..a8edc0219 100644
--- a/spec/lib/notification_factory/template_spec.rb
+++ b/spec/lib/notification_factory/template_spec.rb
@@ -4,9 +4,11 @@ require 'rails_helper'
 
 RSpec.describe NotificationFactory::Template do
   subject(:template) do
-    described_class.new(template_string, escape)
+    described_class.new(template_string, escape, trusted)
   end
 
+  let(:trusted) { false }
+
   describe '#to_s' do
     context 'for empty input template (incl. whitespace-only)' do
       let(:template_string) { "\#{ }" }
@@ -28,6 +30,28 @@ RSpec.describe NotificationFactory::Template do
       end
     end
 
+    context 'for sanitizing the template string' do
+      let(:escape) { false }
+
+      context 'for strings containing ERB' do
+        let(:template_string) { '<%% <% "<%" %> <%# comment %> <%= "<%" %> <%- "" %> %%>' }
+
+        context 'for untrusted templates' do
+          it 'mutes all pre-existing ERB tags' do
+            expect(template.to_s).to eq('<%% <%% "<%%" %> <%%# comment %> <%%= "<%%" %> <%%- "" %> %%>')
+          end
+        end
+
+        context 'for trusted templates' do
+          let(:trusted) { true }
+
+          it 'keeps all pre-existing ERB tags' do
+            expect(template.to_s).to eq(template_string)
+          end
+        end
+      end
+    end
+
     context 'for input template using #t helper' do
       let(:template_string) { "\#{t('some text')}" }
       let(:escape) { false }

From 9df0aaed7c3525538a2f1bb6adcd77c64b5c629e Mon Sep 17 00:00:00 2001
From: Martin Edenhofer <me@zammad.com>
Date: Tue, 5 Oct 2021 11:10:44 +0200
Subject: [PATCH 39/65] Prepared 5.1.

---
 CHANGELOG.md | 4 ++--
 VERSION      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8e98c7b8a..1fe3332c6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,7 @@
 # Change Log
 
-## [5.0.0](https://github.com/zammad/zammad/tree/5.0.0) (2021-xx-xx)
-[Full Changelog](https://github.com/zammad/zammad/compare/4.1.0...5.0.0)
+## [5.1.0](https://github.com/zammad/zammad/tree/5.1.0) (2021-xx-xx)
+[Full Changelog](https://github.com/zammad/zammad/compare/5.0.0...5.1.0)
 
 **Implemented enhancements:**
 
diff --git a/VERSION b/VERSION
index 660b079cf..fed0ee9e4 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-5.0.x
+5.1.x

From b33bca9910451303480292730934f095f762f323 Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Tue, 5 Oct 2021 14:00:33 +0200
Subject: [PATCH 40/65] Fixes: #3788 - lib/fill_db.rb fails to work in
 production environments.

---
 lib/fill_db.rb | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/lib/fill_db.rb b/lib/fill_db.rb
index 53df6acf3..48572cbc7 100644
--- a/lib/fill_db.rb
+++ b/lib/fill_db.rb
@@ -1,7 +1,5 @@
 # Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
 
-require 'faker'
-
 # rubocop:disable Rails/Output
 module FillDb
 
@@ -55,7 +53,7 @@ or if you only want to create 100 tickets
     else
       (1..organizations).each do
         ActiveRecord::Base.transaction do
-          organization = Organization.create!(name: "FillOrganization::#{Faker::Number.number(digits: 6)}", active: true)
+          organization = Organization.create!(name: "FillOrganization::#{counter}", active: true)
           organization_pool.push organization
         end
       end
@@ -72,7 +70,7 @@ or if you only want to create 100 tickets
 
       (1..agents).each do
         ActiveRecord::Base.transaction do
-          suffix = Faker::Number.number(digits: 5).to_s
+          suffix = counter.to_s
           user = User.create_or_update(
             login:     "filldb-agent-#{suffix}",
             firstname: "agent #{suffix}",
@@ -102,7 +100,7 @@ or if you only want to create 100 tickets
 
       (1..customers).each do
         ActiveRecord::Base.transaction do
-          suffix = Faker::Number.number(digits: 5).to_s
+          suffix = counter.to_s
           organization = nil
           if organization_pool.present? && true_or_false.sample
             organization = organization_pool.sample
@@ -132,7 +130,7 @@ or if you only want to create 100 tickets
     else
       (1..groups).each do
         ActiveRecord::Base.transaction do
-          group = Group.create!(name: "FillGroup::#{Faker::Number.number(digits: 6)}", active: true)
+          group = Group.create!(name: "FillGroup::#{counter}", active: true)
           group_pool.push group
           Role.where(name: 'Agent').first.users.where(active: true).each do |user|
             user_groups = user.groups
@@ -150,7 +148,7 @@ or if you only want to create 100 tickets
       (1..overviews).each do
         ActiveRecord::Base.transaction do
           Overview.create!(
-            name:      "Filloverview::#{Faker::Number.number(digits: 6)}",
+            name:      "Filloverview::#{counter}",
             role_ids:  [Role.find_by(name: 'Agent').id],
             condition: {
               'ticket.state_id' => {
@@ -185,7 +183,7 @@ or if you only want to create 100 tickets
         customer = customer_pool.sample
         agent    = agent_pool.sample
         ticket = Ticket.create!(
-          title:         "some title äöüß#{Faker::Number.number(digits: 6)}",
+          title:         "some title äöüß#{counter}",
           group:         group_pool.sample,
           customer:      customer,
           owner:         agent,
@@ -200,8 +198,8 @@ or if you only want to create 100 tickets
           ticket_id:     ticket.id,
           from:          customer.email,
           to:            'some_recipient@example.com',
-          subject:       "some subject#{Faker::Number.number(digits: 6)}",
-          message_id:    "some@id-#{Faker::Number.number(digits: 6)}",
+          subject:       "some subject#{counter}",
+          message_id:    "some@id-#{counter}",
           body:          'some message ...',
           internal:      false,
           sender:        Ticket::Article::Sender.where(name: 'Customer').first,
@@ -214,5 +212,10 @@ or if you only want to create 100 tickets
       end
     end
   end
+
+  def self.counter
+    @counter ||= SecureRandom.random_number(1_000_000)
+    @counter += 1
+  end
 end
 # rubocop:enable Rails/Output

From 3df384c7587630965cba181b4bc270ce560df6d0 Mon Sep 17 00:00:00 2001
From: Rolf Schmidt <rolf.schmidt@zammad.com>
Date: Tue, 5 Oct 2021 17:18:31 +0200
Subject: [PATCH 41/65] Fixes #3787 - UploadCacheCleanupJob does not execute.

---
 app/jobs/upload_cache_cleanup_job.rb          |  3 +-
 .../20211005110047_issue3787_fix_job.rb       | 11 ++++
 spec/jobs/upload_cache_cleanup_job_spec.rb    | 66 +++++++++++--------
 3 files changed, 50 insertions(+), 30 deletions(-)
 create mode 100644 db/migrate/20211005110047_issue3787_fix_job.rb

diff --git a/app/jobs/upload_cache_cleanup_job.rb b/app/jobs/upload_cache_cleanup_job.rb
index b4c9431b7..819432c9a 100644
--- a/app/jobs/upload_cache_cleanup_job.rb
+++ b/app/jobs/upload_cache_cleanup_job.rb
@@ -3,6 +3,7 @@
 class UploadCacheCleanupJob < ApplicationJob
   def perform
     taskbar_form_ids = Taskbar.with_form_id.filter_map(&:persisted_form_id)
+    return if store_object_id.blank?
 
     Store.where(store_object_id: store_object_id).where('created_at < ?', 1.month.ago).where.not(o_id: taskbar_form_ids).find_each do |store|
       Store.remove_item(store.id)
@@ -12,6 +13,6 @@ class UploadCacheCleanupJob < ApplicationJob
   private
 
   def store_object_id
-    Store::Object.lookup(name: 'UploadCache').id
+    Store::Object.lookup(name: 'UploadCache')&.id
   end
 end
diff --git a/db/migrate/20211005110047_issue3787_fix_job.rb b/db/migrate/20211005110047_issue3787_fix_job.rb
new file mode 100644
index 000000000..6f4897915
--- /dev/null
+++ b/db/migrate/20211005110047_issue3787_fix_job.rb
@@ -0,0 +1,11 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+class Issue3787FixJob < ActiveRecord::Migration[6.0]
+  def change
+
+    # return if it's a new setup
+    return if !Setting.exists?(name: 'system_init_done')
+
+    Scheduler.find_by(name: 'Delete old upload cache entries.').update(error_message: nil, status: nil, active: true)
+  end
+end
diff --git a/spec/jobs/upload_cache_cleanup_job_spec.rb b/spec/jobs/upload_cache_cleanup_job_spec.rb
index 5b701e8e7..95512472b 100644
--- a/spec/jobs/upload_cache_cleanup_job_spec.rb
+++ b/spec/jobs/upload_cache_cleanup_job_spec.rb
@@ -3,45 +3,53 @@
 require 'rails_helper'
 
 RSpec.describe UploadCacheCleanupJob, type: :job do
-  let(:upload_cache) { UploadCache.new(1337) }
+  context 'when upload cache exists' do
+    let(:upload_cache) { UploadCache.new(1337) }
 
-  before do
-    UserInfo.current_user_id = 1
+    before do
+      UserInfo.current_user_id = 1
 
-    upload_cache.add(
-      data:        'current example',
-      filename:    'current.txt',
-      preferences: {
-        'Content-Type' => 'text/plain',
-      },
-    )
-
-    travel_to 1.month.ago
-
-    # create one taskbar and related upload cache entry, which should not be deleted
-    create(:taskbar, state: { form_id: 9999 })
-    UploadCache.new(9999).add(
-      data:        'Some Example with related Taskbar',
-      filename:    'another_example_with_taskbar.txt',
-      preferences: {
-        'Content-Type' => 'text/plain',
-      }
-    )
-
-    3.times do
       upload_cache.add(
-        data:        'hello world',
-        filename:    'some.txt',
+        data:        'current example',
+        filename:    'current.txt',
         preferences: {
           'Content-Type' => 'text/plain',
         },
       )
+
+      travel_to 1.month.ago
+
+      # create one taskbar and related upload cache entry, which should not be deleted
+      create(:taskbar, state: { form_id: 9999 })
+      UploadCache.new(9999).add(
+        data:        'Some Example with related Taskbar',
+        filename:    'another_example_with_taskbar.txt',
+        preferences: {
+          'Content-Type' => 'text/plain',
+        }
+      )
+
+      3.times do
+        upload_cache.add(
+          data:        'hello world',
+          filename:    'some.txt',
+          preferences: {
+            'Content-Type' => 'text/plain',
+          },
+        )
+      end
+
+      travel_back
     end
 
-    travel_back
+    it 'cleanup the store items which are expired with job' do
+      expect { described_class.perform_now }.to change(Store, :count).by(-3)
+    end
   end
 
-  it 'cleanup the store items which are expired with job' do
-    expect { described_class.perform_now }.to change(Store, :count).by(-3)
+  context 'when upload cache does not exist' do
+    it 'does not crash' do
+      expect { described_class.perform_now }.not_to raise_error
+    end
   end
 end

From 45cbbde2be9cecd9604a6cb6b527a5434507e452 Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Wed, 6 Oct 2021 07:44:50 +0200
Subject: [PATCH 42/65] Maintenance: Updated argon2 and doorkeeper gems.

---
 Gemfile.lock | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index f776bcd79..71730cdc5 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -90,7 +90,7 @@ GEM
       activerecord (>= 4.2)
     addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
-    argon2 (2.1.0)
+    argon2 (2.1.1)
       ffi (~> 1.14)
       ffi-compiler (~> 1.0)
     ast (2.4.2)
@@ -181,7 +181,7 @@ GEM
     docile (1.4.0)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
-    doorkeeper (5.5.3)
+    doorkeeper (5.5.4)
       railties (>= 5)
     dotenv (2.7.6)
     eco (1.0.0)

From c1cb4fdd43844434b85f741705905f55151a3ceb Mon Sep 17 00:00:00 2001
From: Dominik Klein <dk@zammad.com>
Date: Wed, 6 Oct 2021 10:34:15 +0200
Subject: [PATCH 43/65] Maintenance: Port maintenance app version test to
 capybara.

---
 script/build/test_slice_tests.sh             |  6 ----
 spec/system/maintenance_app_version_spec.rb  | 15 ++++++++
 test/browser/maintenance_app_version_test.rb | 38 --------------------
 3 files changed, 15 insertions(+), 44 deletions(-)
 create mode 100644 spec/system/maintenance_app_version_spec.rb
 delete mode 100644 test/browser/maintenance_app_version_test.rb

diff --git a/script/build/test_slice_tests.sh b/script/build/test_slice_tests.sh
index dd79296ab..11e68e141 100755
--- a/script/build/test_slice_tests.sh
+++ b/script/build/test_slice_tests.sh
@@ -50,7 +50,6 @@ if [ "$LEVEL" == '1' ]; then
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
-  # test/browser/maintenance_app_version_test.rb
   # test/browser/maintenance_session_message_test.rb
   # test/browser/manage_test.rb
   # test/browser/monitoring_test.rb
@@ -108,7 +107,6 @@ elif [ "$LEVEL" == '2' ]; then
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
-  rm test/browser/maintenance_app_version_test.rb
   rm test/browser/maintenance_session_message_test.rb
   rm test/browser/manage_test.rb
   rm test/browser/monitoring_test.rb
@@ -166,7 +164,6 @@ elif [ "$LEVEL" == '3' ]; then
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
-  rm test/browser/maintenance_app_version_test.rb
   rm test/browser/maintenance_session_message_test.rb
   rm test/browser/manage_test.rb
   rm test/browser/monitoring_test.rb
@@ -224,7 +221,6 @@ elif [ "$LEVEL" == '4' ]; then
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
-  rm test/browser/maintenance_app_version_test.rb
   rm test/browser/maintenance_session_message_test.rb
   rm test/browser/manage_test.rb
   rm test/browser/monitoring_test.rb
@@ -281,7 +277,6 @@ elif [ "$LEVEL" == '5' ]; then
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
-  rm test/browser/maintenance_app_version_test.rb
   rm test/browser/maintenance_session_message_test.rb
   rm test/browser/manage_test.rb
   rm test/browser/monitoring_test.rb
@@ -341,7 +336,6 @@ elif [ "$LEVEL" == '6' ]; then
   # test/browser/first_steps_test.rb
   # test/browser/integration_test.rb
   # test/browser/keyboard_shortcuts_test.rb
-  rm test/browser/maintenance_app_version_test.rb
   rm test/browser/maintenance_session_message_test.rb
   rm test/browser/manage_test.rb
   rm test/browser/monitoring_test.rb
diff --git a/spec/system/maintenance_app_version_spec.rb b/spec/system/maintenance_app_version_spec.rb
new file mode 100644
index 000000000..35561f4e0
--- /dev/null
+++ b/spec/system/maintenance_app_version_spec.rb
@@ -0,0 +1,15 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+require 'rails_helper'
+
+RSpec.describe 'Maintenance App Version', type: :system do
+  it 'check that new version is present' do
+    page.execute_script 'App.Event.trigger("maintenance", {type:"app_version", app_version:"1234:false"} )'
+
+    expect(page).to have_no_text('new version')
+
+    page.execute_script 'App.Event.trigger("maintenance", {type:"app_version", app_version:"1234:true"} )'
+
+    expect(page).to have_text('new version')
+  end
+end
diff --git a/test/browser/maintenance_app_version_test.rb b/test/browser/maintenance_app_version_test.rb
deleted file mode 100644
index d745681b3..000000000
--- a/test/browser/maintenance_app_version_test.rb
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
-
-require 'browser_test_helper'
-
-class MaintenanceAppVersionTest < TestCase
-
-  def test_app_version
-    @browser = browser_instance
-    login(
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-
-    sleep 8
-
-    execute(
-      js: 'App.Event.trigger("maintenance", {type:"app_version", app_version:"1234:false"} )',
-    )
-    sleep 8
-
-    match_not(
-      css:   'body',
-      value: 'new version',
-    )
-
-    execute(
-      js: 'App.Event.trigger("maintenance", {type:"app_version", app_version:"1235:true"}) ',
-    )
-    sleep 5
-
-    match(
-      css:   'body',
-      value: 'new version',
-    )
-  end
-
-end

From 3c2cea9a224b61e1b43a4ec05bc87274ee977086 Mon Sep 17 00:00:00 2001
From: Dominik Klein <dk@zammad.com>
Date: Wed, 6 Oct 2021 15:06:49 +0200
Subject: [PATCH 44/65] Fixes #3000 - Login site wording could be better.

---
 app/assets/javascripts/app/views/login.jst.eco |  2 +-
 spec/system/import/freshdesk_spec.rb           |  2 +-
 spec/system/import/zendesk_spec.rb             |  2 +-
 spec/system/login_spec.rb                      | 13 +++++++++++++
 test/browser/keyboard_shortcuts_test.rb        |  5 ++---
 test/integration/otrs_import_browser_test.rb   |  4 ++--
 6 files changed, 20 insertions(+), 8 deletions(-)
 create mode 100644 spec/system/login_spec.rb

diff --git a/app/assets/javascripts/app/views/login.jst.eco b/app/assets/javascripts/app/views/login.jst.eco
index 3b1506dc9..865ba4d13 100644
--- a/app/assets/javascripts/app/views/login.jst.eco
+++ b/app/assets/javascripts/app/views/login.jst.eco
@@ -1,7 +1,7 @@
 <div class="login fullscreen">
   <div class="fullscreen-center">
     <div class="fullscreen-body">
-      <p><%- @T('Login with %s', @C('fqdn')) %></p>
+      <p><%- @T('Log in to %s', @C('fqdn')) %></p>
 
       <% if @C('maintenance_mode'): %>
         <div class="hero-unit alert alert--danger js-maintenanceMode"><%- @T('Zammad is currently in maintenance mode. Only administrators can login. Please wait until the maintenance window is over.') %></div>
diff --git a/spec/system/import/freshdesk_spec.rb b/spec/system/import/freshdesk_spec.rb
index e5fc58ba6..55966e752 100644
--- a/spec/system/import/freshdesk_spec.rb
+++ b/spec/system/import/freshdesk_spec.rb
@@ -112,7 +112,7 @@ RSpec.describe 'Import Freshdesk', type: :system, set_up: false, authenticated_a
 
       Rake::Task['zammad:setup:auto_wizard'].execute
 
-      expect(page).to have_text('Login')
+      expect(page).to have_text(Setting.get('fqdn'))
     end
   end
 end
diff --git a/spec/system/import/zendesk_spec.rb b/spec/system/import/zendesk_spec.rb
index 40058452e..e446b0872 100644
--- a/spec/system/import/zendesk_spec.rb
+++ b/spec/system/import/zendesk_spec.rb
@@ -121,7 +121,7 @@ RSpec.describe 'Import Zendesk', type: :system, set_up: false, authenticated_as:
 
       Rake::Task['zammad:setup:auto_wizard'].execute
 
-      expect(page).to have_text('Login')
+      expect(page).to have_text(Setting.get('fqdn'))
     end
   end
 end
diff --git a/spec/system/login_spec.rb b/spec/system/login_spec.rb
new file mode 100644
index 000000000..f7a57b3b1
--- /dev/null
+++ b/spec/system/login_spec.rb
@@ -0,0 +1,13 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+require 'rails_helper'
+
+RSpec.describe 'Login', type: :system, authenticated_as: false do
+  before do
+    visit '/'
+  end
+
+  it 'fqdn is visible on login page' do
+    expect(page).to have_css('.login p', text: Setting.get('fqdn'))
+  end
+end
diff --git a/test/browser/keyboard_shortcuts_test.rb b/test/browser/keyboard_shortcuts_test.rb
index ae7aa5f65..dc166b1ea 100644
--- a/test/browser/keyboard_shortcuts_test.rb
+++ b/test/browser/keyboard_shortcuts_test.rb
@@ -221,10 +221,9 @@ class KeyboardShortcutsTest < TestCase
 
     shortcut(key: 'e')
     watch_for(
-      css:     'body',
-      value:   'login',
+      css:     '#login',
+      value:   'username',
       timeout: 4,
     )
-
   end
 end
diff --git a/test/integration/otrs_import_browser_test.rb b/test/integration/otrs_import_browser_test.rb
index f8f581c38..62e3534a1 100644
--- a/test/integration/otrs_import_browser_test.rb
+++ b/test/integration/otrs_import_browser_test.rb
@@ -55,8 +55,8 @@ class OtrsImportBrowserTest < TestCase
     click(css: '.js-migration-start')
 
     watch_for(
-      css:     'body',
-      value:   'login',
+      css:     '#login',
+      value:   'username',
       timeout: 600,
     )
 

From 9f9ec582305a63fbc53043ed15c82826dc07c0e8 Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Thu, 7 Oct 2021 03:05:18 +0200
Subject: [PATCH 45/65] Maintenance: Bump twilio-ruby from 5.58.3 to 5.59.0

Bumps [twilio-ruby](https://github.com/twilio/twilio-ruby) from 5.58.3 to 5.59.0.
- [Release notes](https://github.com/twilio/twilio-ruby/releases)
- [Changelog](https://github.com/twilio/twilio-ruby/blob/main/CHANGES.md)
- [Commits](https://github.com/twilio/twilio-ruby/compare/5.58.3...5.59.0)
---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 71730cdc5..90b34d077 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -593,7 +593,7 @@ GEM
     timers (4.3.3)
     tins (1.29.1)
       sync
-    twilio-ruby (5.58.3)
+    twilio-ruby (5.59.0)
       faraday (>= 0.9, < 2.0)
       jwt (>= 1.5, <= 2.5)
       nokogiri (>= 1.6, < 2.0)

From a7e0d460aa91e2481aa44481d2c1df80af23e159 Mon Sep 17 00:00:00 2001
From: Rolf Schmidt <rolf.schmidt@zammad.com>
Date: Thu, 7 Oct 2021 09:01:07 +0200
Subject: [PATCH 46/65] Fixes #3789 - Article box opening on tickets with no
 changes.

---
 .../ticket_zoom/article_new.coffee            |  4 +--
 spec/system/ticket/zoom_spec.rb               | 35 +++++++++++++++++++
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/app/assets/javascripts/app/controllers/ticket_zoom/article_new.coffee b/app/assets/javascripts/app/controllers/ticket_zoom/article_new.coffee
index 82411fe48..e8802b8e3 100644
--- a/app/assets/javascripts/app/controllers/ticket_zoom/article_new.coffee
+++ b/app/assets/javascripts/app/controllers/ticket_zoom/article_new.coffee
@@ -98,7 +98,7 @@ class App.TicketZoomArticleNew extends App.Controller
     @controllerBind('ui:rerender', =>
       @adjustedTextarea = false
       @defaults         = @ui.taskGet('article')
-      @attachments      = @defaults.attachments
+      @attachments      = @defaults.attachments || []
       @render()
     )
 
@@ -117,7 +117,7 @@ class App.TicketZoomArticleNew extends App.Controller
 
     @tokanice(@type)
 
-    if @defaults.body or @attachments or @isIE10()
+    if @defaults.body or @attachments.length > 0 or @isIE10()
       @openTextarea(null, true)
 
   tokanice: (type = 'email') ->
diff --git a/spec/system/ticket/zoom_spec.rb b/spec/system/ticket/zoom_spec.rb
index 8a63fba43..07b57b31d 100644
--- a/spec/system/ticket/zoom_spec.rb
+++ b/spec/system/ticket/zoom_spec.rb
@@ -2193,4 +2193,39 @@ RSpec.describe 'Ticket zoom', type: :system do
       end
     end
   end
+
+  context 'Article box opening on tickets with no changes #3789' do
+    let(:ticket) { create(:ticket, group: Group.find_by(name: 'Users')) }
+
+    before do
+      visit "#ticket/zoom/#{ticket.id}"
+    end
+
+    it 'does not expand the article box without changes' do
+      refresh
+      sleep 3
+      expect(page).to have_no_selector('form.article-add.is-open')
+    end
+
+    it 'does open and close by usage' do
+      find('.js-textarea').send_keys(' ')
+      expect(page).to have_selector('form.article-add.is-open')
+      find('input#global-search').click
+      expect(page).to have_no_selector('form.article-add.is-open')
+    end
+
+    it 'does open automatically when body is given from sidebar' do
+      find('.js-textarea').send_keys('test')
+      wait(5).until { Taskbar.find_by(key: "Ticket-#{ticket.id}").state.dig('article', 'body').present? }
+      refresh
+      expect(page).to have_selector('form.article-add.is-open')
+    end
+
+    it 'does open automatically when attachment is given from sidebar' do
+      page.find('input#fileUpload_1', visible: :all).set(Rails.root.join('test/data/mail/mail001.box'))
+      wait(5).until { Taskbar.find_by(key: "Ticket-#{ticket.id}").attributes_with_association_ids['attachments'].present? }
+      refresh
+      expect(page).to have_selector('form.article-add.is-open')
+    end
+  end
 end

From 73cb552846d66162471f1591b3763f07696f84c4 Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Thu, 7 Oct 2021 03:05:23 +0200
Subject: [PATCH 47/65] Maintenance: Bump rubocop-rails from 2.12.2 to 2.12.3

Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails) from 2.12.2 to 2.12.3.
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.12.2...v2.12.3)
---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 90b34d077..e95bab86a 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -519,7 +519,7 @@ GEM
     rubocop-performance (1.11.5)
       rubocop (>= 1.7.0, < 2.0)
       rubocop-ast (>= 0.4.0)
-    rubocop-rails (2.12.2)
+    rubocop-rails (2.12.3)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.7.0, < 2.0)

From 4a2c8dd2342d4c6f32c86c6cba3b3560ffbdd6da Mon Sep 17 00:00:00 2001
From: Dominik Klein <dk@zammad.com>
Date: Thu, 7 Oct 2021 13:20:51 +0200
Subject: [PATCH 48/65] Maintenance: Try to improve the stabilzation of the
 ticket create selenium test.

---
 spec/support/capybara/common_actions.rb | 2 ++
 spec/system/ticket/create_spec.rb       | 3 +--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/spec/support/capybara/common_actions.rb b/spec/support/capybara/common_actions.rb
index d9e640221..309b422c5 100644
--- a/spec/support/capybara/common_actions.rb
+++ b/spec/support/capybara/common_actions.rb
@@ -92,6 +92,8 @@ module CommonActions
   #
   def logout
     visit('logout')
+
+    wait.until_disappears { find('.user-menu .user a', wait: false) }
   end
 
   # Overwrites the Capybara::Session#visit method to allow SPA navigation
diff --git a/spec/system/ticket/create_spec.rb b/spec/system/ticket/create_spec.rb
index 2988643d3..f4776874b 100644
--- a/spec/system/ticket/create_spec.rb
+++ b/spec/system/ticket/create_spec.rb
@@ -535,8 +535,7 @@ RSpec.describe 'Ticket Create', type: :system do
     let(:customer) { create(:customer, password: 'test') }
 
     it 'customer user should not have agent object attributes', authenticated_as: :agent do
-      visit 'ticket/create'
-
+      # Log out again, so that we can execute the next login.
       logout
 
       # Re-create agent session and fetch object attributes.

From c5ba0563a5fa21b8851cf8c27df1965685fd8483 Mon Sep 17 00:00:00 2001
From: Romit Choudhary <rc@zammad.com>
Date: Thu, 7 Oct 2021 15:43:44 +0200
Subject: [PATCH 49/65] Fixes #3737 - Bug Report 4.1.x Overview Sort - Grouped
 by user

---
 .../_application_controller/table.coffee      | 21 +++++-
 public/assets/tests/table.js                  |  4 +-
 spec/system/overview_spec.rb                  | 67 +++++++++++++++++++
 3 files changed, 88 insertions(+), 4 deletions(-)

diff --git a/app/assets/javascripts/app/controllers/_application_controller/table.coffee b/app/assets/javascripts/app/controllers/_application_controller/table.coffee
index 64e809fe3..7304710a0 100644
--- a/app/assets/javascripts/app/controllers/_application_controller/table.coffee
+++ b/app/assets/javascripts/app/controllers/_application_controller/table.coffee
@@ -493,6 +493,23 @@ class App.ControllerTable extends App.Controller
       sortable:   @dndCallback
     ))
 
+  getGroupByKeyName: (object, groupBy) ->
+    reference_key = groupBy + '_id'
+
+    if reference_key of object
+      return reference_key
+
+    groupBy
+
+  sortObjectKeys: (objects, direction) ->
+    sorted = Object.keys(objects).sort()
+
+    switch direction
+      when 'DESC'
+        sorted.reverse()
+      else
+        sorted
+
   renderTableRows: (sort = false) =>
     if sort is true
       @sortList()
@@ -506,11 +523,11 @@ class App.ControllerTable extends App.Controller
     objectsToShow = @objectsOfPage(@pagerShownPage)
     if @groupBy
       # group by raw (and not printable) value so dates work also
-      objectsGrouped = _.groupBy(objectsToShow, (object) => object[@groupBy])
+      objectsGrouped = _.groupBy(objectsToShow, (object) => object[@getGroupByKeyName(object, @groupBy)])
     else
       objectsGrouped = { '': objectsToShow }
 
-    for groupValue in Object.keys(objectsGrouped).sort()
+    for groupValue in @sortObjectKeys(objectsGrouped, @groupDirection)
       groupObjects = objectsGrouped[groupValue]
 
       for object in groupObjects
diff --git a/public/assets/tests/table.js b/public/assets/tests/table.js
index 02ca59876..b7eac8557 100644
--- a/public/assets/tests/table.js
+++ b/public/assets/tests/table.js
@@ -370,8 +370,8 @@ test('table test', function() {
     groupBy:        'priority',
     groupDirection: 'DESC',
   })
-  equal(el.find('tbody > tr:nth-child(1) > td:nth-child(1)').text().trim(), '1 niedrig', 'check row 1')
-  equal(el.find('tbody > tr:nth-child(4) > td:nth-child(1)').text().trim(), '2 normal', 'check row 3')
+  equal(el.find('tbody > tr:nth-child(1) > td:nth-child(1)').text().trim(), '2 normal', 'check row 1')
+  equal(el.find('tbody > tr:nth-child(3) > td:nth-child(1)').text().trim(), '1 niedrig', 'check row 3')
 
   $('#table').append('<hr><h1>table Group By Direction ASC</h1><div id="table7"></div>')
   el = $('#table7')
diff --git a/spec/system/overview_spec.rb b/spec/system/overview_spec.rb
index 50402cfe8..763619ec2 100644
--- a/spec/system/overview_spec.rb
+++ b/spec/system/overview_spec.rb
@@ -65,4 +65,71 @@ RSpec.describe 'Overview', type: :system do
       end
     end
   end
+
+  context 'sorting when group by is set' do
+    let(:user) { create(:customer) }
+    let(:ticket1) { create(:ticket, group: Group.find_by(name: 'Users'), priority_id: 1, customer: user) }
+    let(:ticket2) { create(:ticket, group: Group.find_by(name: 'Users'), priority_id: 2, customer: user) }
+    let(:ticket3) { create(:ticket, group: Group.find_by(name: 'Users'), priority_id: 3, customer: user) }
+    let(:overview) do
+      create(:overview, group_by: 'priority', group_direction: group_direction, condition: {
+               'ticket.customer_id' => {
+                 operator: 'is',
+                 value:    user.id
+               }
+             })
+    end
+
+    before do
+      ticket1 && ticket2 && ticket3
+
+      visit "ticket/view/#{overview.link}"
+    end
+
+    context 'when group direction is default' do
+      let(:group_direction) { nil }
+
+      it 'sorts groups 1 > 3' do
+        within :active_content do
+          expect(find('.table-overview table tbody tr:first-child td:nth-child(1)').text).to match('1 low')
+          expect(find('.table-overview table tbody tr:nth-child(5) td:nth-child(1)').text).to match('3 high')
+        end
+      end
+
+      it 'does not show duplicates when any ticket attribute is updated using bulk update' do
+        find("tr[data-id='#{ticket3.id}']").check('bulk', allow_label_click: true)
+        select '2 normal', from: 'priority_id'
+
+        click '.js-confirm'
+        find('.js-confirm-step textarea').fill_in with: 'test tickets ordering'
+        click '.js-submit'
+
+        within :active_content do
+          expect(page).to have_css("tr[data-id='#{ticket3.id}']", count: 1)
+        end
+      end
+    end
+
+    context 'when group direction is ASC' do
+      let(:group_direction) { 'ASC' }
+
+      it 'sorts groups 1 > 3' do
+        within :active_content do
+          expect(find('.table-overview table tbody tr:first-child td:nth-child(1)').text).to match('1 low')
+          expect(find('.table-overview table tbody tr:nth-child(5) td:nth-child(1)').text).to match('3 high')
+        end
+      end
+    end
+
+    context 'when group direction is DESC' do
+      let(:group_direction) { 'DESC' }
+
+      it 'sorts groups 3 > 1' do
+        within :active_content do
+          expect(find('.table-overview table tbody tr:first-child td:nth-child(1)').text).to match('3 high')
+          expect(find('.table-overview table tbody tr:nth-child(5) td:nth-child(1)').text).to match('1 low')
+        end
+      end
+    end
+  end
 end

From 445700d0aa4555ea7beaacdbec54e8270c92a535 Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Thu, 7 Oct 2021 16:37:57 +0200
Subject: [PATCH 50/65] Follow-up: 276c45b2e9 - Improved ticket policy scope
 handling.

---
 app/policies/ticket_policy/base_scope.rb      | 21 ++--
 .../policies/ticket_policy/shared_examples.rb | 97 ++++++++++++++++++-
 2 files changed, 107 insertions(+), 11 deletions(-)

diff --git a/app/policies/ticket_policy/base_scope.rb b/app/policies/ticket_policy/base_scope.rb
index 9f4e9eaa3..4d43608f1 100644
--- a/app/policies/ticket_policy/base_scope.rb
+++ b/app/policies/ticket_policy/base_scope.rb
@@ -13,7 +13,7 @@ class TicketPolicy < ApplicationPolicy
       super
     end
 
-    def resolve # rubocop:disable Metrics/AbcSize
+    def resolve # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
       raise NoMethodError, <<~ERR.chomp if instance_of?(TicketPolicy::BaseScope)
         specify an access type using a subclass of TicketPolicy::BaseScope
       ERR
@@ -26,12 +26,19 @@ class TicketPolicy < ApplicationPolicy
         bind.push(user.group_ids_access(self.class::ACCESS_TYPE))
       end
 
-      if user.organization&.shared
-        sql.push('(tickets.customer_id = ? OR tickets.organization_id = ?)')
-        bind.push(user.id, user.organization.id)
-      else
-        sql.push('tickets.customer_id = ?')
-        bind.push(user.id)
+      if user.permissions?('ticket.customer')
+        if user.organization&.shared
+          sql.push('(tickets.customer_id = ? OR tickets.organization_id = ?)')
+          bind.push(user.id, user.organization.id)
+        else
+          sql.push('tickets.customer_id = ?')
+          bind.push(user.id)
+        end
+      end
+
+      # The report permission can access all tickets.
+      if sql.empty? && !user.permissions?('report')
+        sql.push '0 = 1' # Forbid unlimited access for all other permissions.
       end
 
       scope.where sql.join(' OR '), *bind
diff --git a/spec/policies/ticket_policy/shared_examples.rb b/spec/policies/ticket_policy/shared_examples.rb
index 03c06d94a..27b878ab6 100644
--- a/spec/policies/ticket_policy/shared_examples.rb
+++ b/spec/policies/ticket_policy/shared_examples.rb
@@ -12,15 +12,13 @@ RSpec.shared_examples 'for agent user' do |access_type|
 
   shared_examples 'shown' do
     it 'returns its groups’ tickets' do
-      expect(scope.resolve)
-        .to match_array(Ticket.where(group: member_groups))
+      expect(scope.resolve).to match_array(Ticket.where(group: member_groups))
     end
   end
 
   shared_examples 'hidden' do
     it 'does not return its groups’ tickets' do
-      expect(scope.resolve)
-        .to be_empty
+      expect(scope.resolve).to be_empty
     end
   end
 
@@ -47,6 +45,62 @@ RSpec.shared_examples 'for agent user' do |access_type|
     end
   end
 
+  context 'without any role permission' do
+
+    let(:role_without_rights) { create(:role) }
+    let(:user) { create(:agent, groups: member_groups, role_ids: [ role_without_rights.id ]) }
+
+    context 'when checking for "full" access' do
+      # this is already true by default, but it doesn't hurt to be explicit
+      before { user.user_groups.each { |ug| ug.update_columns(access: 'full') } }
+
+      include_examples 'hidden'
+    end
+
+    context 'when limited to "read" access' do
+      before { user.user_groups.each { |ug| ug.update_columns(access: 'read') } }
+
+      include_examples 'hidden'
+    end
+
+    context 'when limited to "overview" access' do
+      before { user.user_groups.each { |ug| ug.update_columns(access: 'overview') } }
+
+      include_examples 'hidden'
+    end
+  end
+
+  context 'with report permission' do
+
+    let(:report_role) { create(:role).tap { |role| role.permission_grant('report') } }
+    let(:user) { create(:agent, groups: member_groups, role_ids: [ report_role.id ]) }
+
+    context 'when checking for "full" access' do
+      # this is already true by default, but it doesn't hurt to be explicit
+      before { user.user_groups.each { |ug| ug.update_columns(access: 'full') } }
+
+      it 'grants access to all tickets' do
+        expect(scope.resolve).to match_array(Ticket.all)
+      end
+    end
+
+    context 'when limited to "read" access' do
+      before { user.user_groups.each { |ug| ug.update_columns(access: 'read') } }
+
+      it 'grants access to all tickets' do
+        expect(scope.resolve).to match_array(Ticket.all)
+      end
+    end
+
+    context 'when limited to "overview" access' do
+      before { user.user_groups.each { |ug| ug.update_columns(access: 'overview') } }
+
+      it 'grants access to all tickets' do
+        expect(scope.resolve).to match_array(Ticket.all)
+      end
+    end
+  end
+
   context 'with indirect access via Role#groups' do
     let(:user) { create(:agent).tap { |u| u.roles << role } }
     let(:role) { create(:role, groups: member_groups) }
@@ -70,6 +124,41 @@ RSpec.shared_examples 'for agent user' do |access_type|
       include_examples access_type == 'overview' ? 'shown' : 'hidden'
     end
   end
+
+  context 'when checking access via customer organization but no customer permissions' do
+    let(:user) { create(:agent, organization: organization) }
+
+    let(:teammate) { create(:agent, organization: organization) }
+
+    before do
+      create_list(:ticket, 2, customer: user)
+      create_list(:ticket, 2, customer: teammate)
+    end
+
+    context 'with no #organization' do
+      let(:organization) { nil }
+
+      it 'returns no tickets' do
+        expect(scope.resolve).to be_empty
+      end
+    end
+
+    context 'with a non-shared #organization' do
+      let(:organization) { create(:organization, shared: false) }
+
+      it 'returns no tickets' do
+        expect(scope.resolve).to be_empty
+      end
+    end
+
+    context 'with a shared #organization (default)' do
+      let(:organization) { create(:organization, shared: true) }
+
+      it 'returns no tickets' do
+        expect(scope.resolve).to be_empty
+      end
+    end
+  end
 end
 
 RSpec.shared_examples 'for agent user with predefined but impossible context' do

From da22f4b1bdf4859bfdc026897f53c7efb4dfc743 Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Fri, 8 Oct 2021 08:41:05 +0200
Subject: [PATCH 51/65] Maintenance: Ported Manage > Channels > Email test to
 capybara.

---
 app/models/channel/driver/imap.rb        |   7 +-
 script/build/test_slice_tests.sh         |   6 -
 spec/system/channels/email_spec.rb       | 107 ++++++++++++++
 test/browser/admin_channel_email_test.rb | 180 -----------------------
 4 files changed, 110 insertions(+), 190 deletions(-)
 delete mode 100644 test/browser/admin_channel_email_test.rb

diff --git a/app/models/channel/driver/imap.rb b/app/models/channel/driver/imap.rb
index 174608f55..b875db600 100644
--- a/app/models/channel/driver/imap.rb
+++ b/app/models/channel/driver/imap.rb
@@ -7,6 +7,8 @@ class Channel::Driver::Imap < Channel::EmailParser
   FETCH_METADATA_TIMEOUT = 2.minutes
   FETCH_MSG_TIMEOUT = 4.minutes
   EXPUNGE_TIMEOUT = 16.minutes
+  DEFAULT_TIMEOUT = 45.seconds
+  CHECK_ONLY_TIMEOUT = 6.seconds
 
   def fetchable?(_channel)
     true
@@ -110,10 +112,7 @@ example
     Rails.logger.info "fetching imap (#{options[:host]}/#{options[:user]} port=#{port},ssl=#{ssl},starttls=#{starttls},folder=#{folder},keep_on_server=#{keep_on_server},auth_type=#{options.fetch(:auth_type, 'LOGIN')})"
 
     # on check, reduce open_timeout to have faster probing
-    check_type_timeout = 45
-    if check_type == 'check'
-      check_type_timeout = 6
-    end
+    check_type_timeout = check_type == 'check' ? CHECK_ONLY_TIMEOUT : DEFAULT_TIMEOUT
 
     timeout(check_type_timeout) do
       @imap = ::Net::IMAP.new(options[:host], port, ssl, nil, false)
diff --git a/script/build/test_slice_tests.sh b/script/build/test_slice_tests.sh
index 11e68e141..369764c5e 100755
--- a/script/build/test_slice_tests.sh
+++ b/script/build/test_slice_tests.sh
@@ -11,7 +11,6 @@ if [ "$LEVEL" == '1' ]; then
   cp contrib/auto_wizard_test.json auto_wizard.json
   cp test/integration/aaa_auto_wizard_base_setup_test.rb test/browser/aaa_auto_wizard_base_setup_test.rb
   rm test/browser/abb_one_group_test.rb
-  rm test/browser/admin_channel_email_test.rb
   rm test/browser/admin_drag_drop_to_new_group_test.rb
   rm test/browser/admin_overview_test.rb
   rm test/browser/admin_permissions_granular_vs_full_test.rb
@@ -68,7 +67,6 @@ elif [ "$LEVEL" == '2' ]; then
   # only ticket action 2/3
   # test/browser/aaa_getting_started_test.rb
   # test/browser/abb_one_group_test.rb
-  rm test/browser/admin_channel_email_test.rb
   rm test/browser/admin_drag_drop_to_new_group_test.rb
   rm test/browser/admin_overview_test.rb
   rm test/browser/admin_permissions_granular_vs_full_test.rb
@@ -125,7 +123,6 @@ elif [ "$LEVEL" == '3' ]; then
   # only ticket action 2/3
   # test/browser/aaa_getting_started_test.rb
   # test/browser/abb_one_group_test.rb
-  rm test/browser/admin_channel_email_test.rb
   rm test/browser/admin_drag_drop_to_new_group_test.rb
   rm test/browser/admin_overview_test.rb
   rm test/browser/admin_permissions_granular_vs_full_test.rb
@@ -182,7 +179,6 @@ elif [ "$LEVEL" == '4' ]; then
   # only ticket action 3/3
   # test/browser/aaa_getting_started_test.rb
   # test/browser/abb_one_group_test.rb
-  rm test/browser/admin_channel_email_test.rb
   rm test/browser/admin_drag_drop_to_new_group_test.rb
   rm test/browser/admin_overview_test.rb
   rm test/browser/admin_permissions_granular_vs_full_test.rb
@@ -238,7 +234,6 @@ elif [ "$LEVEL" == '5' ]; then
 
   # only profile action & admin
   # test/browser/abb_one_group_test.rb
-  # test/browser/admin_channel_email_test.rb
   # rm test/browser/admin_drag_drop_to_new_group_test.rb
   # test/browser/admin_overview_test.rb
   # rm test/browser/admin_permissions_granular_vs_full_test.rb
@@ -297,7 +292,6 @@ elif [ "$LEVEL" == '6' ]; then
   cp contrib/auto_wizard_test.json auto_wizard.json
   cp test/integration/aaa_auto_wizard_base_setup_test.rb test/browser/aaa_auto_wizard_base_setup_test.rb
   rm test/browser/abb_one_group_test.rb
-  rm test/browser/admin_channel_email_test.rb
   rm test/browser/admin_drag_drop_to_new_group_test.rb
   rm test/browser/admin_overview_test.rb
   rm test/browser/admin_permissions_granular_vs_full_test.rb
diff --git a/spec/system/channels/email_spec.rb b/spec/system/channels/email_spec.rb
index c17662b37..7aa1e8b3f 100644
--- a/spec/system/channels/email_spec.rb
+++ b/spec/system/channels/email_spec.rb
@@ -4,6 +4,113 @@ require 'rails_helper'
 
 RSpec.describe 'Manage > Channels > Email', type: :system do
 
+  context 'when managing email channels', required_envs: %w[MAILBOX_INIT] do
+
+    before do
+      visit '/#channels/email'
+    end
+
+    context 'when looking at the default screen' do
+
+      it 'has correct default settings' do
+
+        within :active_content do
+          # check if postmaster filters are shown
+          click 'a[href="#c-filter"]'
+          expect(find('#c-filter .overview')).to have_text 'NO ENTRIES'
+
+          # check if signatures are shown
+          click 'a[href="#c-signature"]'
+          expect(find('#c-signature .overview')).to have_text 'default'
+
+        end
+      end
+    end
+
+    context 'when creating new channels' do
+      let(:mailbox_user)     { ENV['MAILBOX_INIT'].split(':')[0] }
+      let(:mailbox_password) { ENV['MAILBOX_INIT'].split(':')[1] }
+
+      before do
+        # Make sure the channel is loaded
+        'Channel::Driver::Imap'.constantize
+        # The normal timeout may be too low in slow CI environments.
+        stub_const 'Channel::Driver::Imap::CHECK_ONLY_TIMEOUT', 1.minute
+      end
+
+      it 'refuses wrong credentials' do
+
+        click 'a[href="#c-account"]'
+        click '.js-channelNew'
+        modal_ready
+
+        within '.modal' do
+          fill_in 'realname', with: 'My System'
+          fill_in 'email',    with: "unknown_user.#{mailbox_user}"
+          fill_in 'password', with: mailbox_password
+          select 'Users', from: 'group_id'
+          click '.js-submit'
+          expect(page).to have_text('Unable to detect your server settings. Manual configuration needed.')
+        end
+
+      end
+
+      it 'accepts correct credentials' do
+
+        click 'a[href="#c-account"]'
+        click '.js-channelNew'
+        modal_ready
+
+        within '.modal' do
+          fill_in 'realname', with: 'My System'
+          fill_in 'email',    with: mailbox_user
+          fill_in 'password', with: mailbox_password
+          select 'Users', from: 'group_id'
+          click '.js-submit'
+        end
+
+        modal_disappear timeout: 2.minutes
+
+        within :active_content do
+          expect(page).to have_text(mailbox_user)
+          all('.js-editInbound').last.click
+          fill_in 'options::folder', with: 'nonexisting_folder'
+          click '.js-submit'
+          expect(page).to have_text("Mailbox doesn\'t exist")
+        end
+      end
+    end
+
+    context 'when managing filters' do
+      let(:filter_name) { "Test Filter #{SecureRandom.uuid}" }
+
+      it 'works as expected' do
+
+        click 'a[href="#c-filter"]'
+        click '.content.active a[data-type="new"]'
+
+        modal_ready
+        within '.modal' do
+          fill_in 'name', with: filter_name
+          fill_in 'match::from::value', with: 'target'
+          click '.js-submit'
+        end
+        modal_disappear
+
+        expect(page).to have_text(filter_name)
+        click '.content.active .table .dropdown .btn--table'
+        click '.content.active .table .dropdown .js-clone'
+
+        modal_ready
+        click '.modal .js-submit'
+        modal_disappear
+
+        expect(page).to have_text("Clone: #{filter_name}")
+      end
+
+    end
+  end
+
   context 'non editable' do
 
     it 'hides "Edit" links' do
diff --git a/test/browser/admin_channel_email_test.rb b/test/browser/admin_channel_email_test.rb
deleted file mode 100644
index 1d6be9f09..000000000
--- a/test/browser/admin_channel_email_test.rb
+++ /dev/null
@@ -1,180 +0,0 @@
-# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
-
-require 'browser_test_helper'
-
-class AdminChannelEmailTest < TestCase
-  def test_account_add
-
-    if !ENV['MAILBOX_INIT']
-      # raise "Need MAILBOX_INIT as ENV variable like export MAILBOX_INIT='unittest01@znuny.com:somepass'"
-      puts "NOTICE: Need MAILBOX_INIT as ENV variable like export MAILBOX_INIT='unittest01@znuny.com:somepass'"
-      return
-    end
-    mailbox_user     = ENV['MAILBOX_INIT'].split(':')[0]
-    mailbox_password = ENV['MAILBOX_INIT'].split(':')[1]
-
-    @browser = browser_instance
-    login(
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-    tasks_close_all
-
-    click(css: 'a[href="#manage"]')
-    click(css: '.content.active a[href="#channels/email"]')
-
-    # check if postmaster filter are shown
-    click(css: '.content.active a[href="#c-filter"]')
-    match(
-      css:   '.content.active #c-filter .overview',
-      value: 'No Entries',
-    )
-
-    # check if signatures are shown
-    click(css: '.content.active a[href="#c-signature"]')
-    match(
-      css:   '.content.active #c-signature .overview',
-      value: 'default',
-    )
-
-    click(css: '.content.active a[href="#c-account"]')
-    click(css: '.content.active .js-channelNew')
-
-    modal_ready
-    set(
-      css:   '.modal input[name="realname"]',
-      value: 'My System',
-    )
-    set(
-      css:   '.modal input[name="email"]',
-      value: mailbox_user,
-    )
-    set(
-      css:   '.modal input[name="password"]',
-      value: mailbox_password,
-    )
-    select(
-      css:   '.modal select[name="group_id"]',
-      value: 'Users',
-    )
-    click(css: '.modal button.js-submit')
-    sleep 4
-
-    watch_for(
-      css:   '.modal',
-      value: '(already exists|unknown mailbox)',
-    )
-
-    click(css: '.modal .js-close')
-
-    # delete all channels
-    loop do
-      break if !@browser.find_elements(css: '.content.active .js-channelDelete')[0]
-
-      click(css: '.content.active .js-channelDelete')
-      sleep 2
-      # flanky
-      click(css: '.modal .js-submit')
-      sleep 2
-    end
-
-    # re-create
-    click(css: '.content.active .js-channelNew')
-
-    modal_ready
-
-    set(
-      css:   '.modal input[name="realname"]',
-      value: 'My System',
-    )
-    set(
-      css:   '.modal input[name="email"]',
-      value: mailbox_user,
-    )
-    set(
-      css:   '.modal input[name="password"]',
-      value: mailbox_password,
-    )
-    select(
-      css:   '.modal select[name="group_id"]',
-      value: 'Users',
-    )
-    click(css: '.modal button.js-submit')
-    modal_disappear(timeout: 20)
-
-    watch_for(
-      css:   '.content.active',
-      value: mailbox_user,
-    )
-
-    # set invalid folder
-    click(css: '.content.active .js-editInbound')
-
-    modal_ready
-
-    set(
-      css:   '.modal input[name="options::folder"]',
-      value: 'not_existing_folder',
-    )
-    click(css: '.modal .js-inbound button.js-submit')
-    watch_for(
-      css:   '.modal',
-      value: 'Mailbox doesn\'t exist',
-    )
-
-  end
-
-  # test the creation and cloning of Postmaster filters
-  # confirm fix for issue #2170 - Cannot clone PostmasterFilter
-  def test_filter_clone
-    filter_name = "Test Filter #{SecureRandom.uuid}"
-
-    @browser = browser_instance
-    login(
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-    tasks_close_all
-
-    click(css: 'a[href="#manage"]')
-    click(css: '.content.active a[href="#channels/email"]')
-
-    click(css: '.content.active a[href="#c-filter"]')
-
-    # create a new email filter
-    click(css: '.content.active a[data-type="new"]')
-
-    modal_ready
-    set(
-      css:   '.modal input[name="name"]',
-      value: filter_name,
-    )
-    set(
-      css:   '.modal input[name="match::from::value"]',
-      value: 'target',
-    )
-    click(css: '.modal .js-submit')
-    modal_disappear
-
-    watch_for(
-      css:   '.content.active .table',
-      value: filter_name,
-    )
-
-    # now clone filter that we just created
-    click(css: '.content.active .table .dropdown .btn--table')
-    click(css: '.content.active .table .dropdown .js-clone')
-
-    modal_ready
-    click(css: '.modal .js-submit')
-    modal_disappear
-
-    # confirm the clone exists in the table
-    watch_for(
-      css:   '.content.active .table',
-      value: "Clone: #{filter_name}",
-    )
-  end
-end

From df6fe54b6643f06e446ea67b00d8f93ce13c0378 Mon Sep 17 00:00:00 2001
From: Martin Edenhofer <me@zammad.com>
Date: Fri, 8 Oct 2021 09:30:34 +0200
Subject: [PATCH 52/65] Fixes #3797 - OS package upgrade fails
 (activity_stream_object_id)

---
 contrib/packager.io/functions | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/contrib/packager.io/functions b/contrib/packager.io/functions
index 362d065d9..a8d9dcae2 100644
--- a/contrib/packager.io/functions
+++ b/contrib/packager.io/functions
@@ -273,6 +273,9 @@ function elasticsearch_searchindex_rebuild () {
 
 function update_or_install () {
 
+  echo "# Clear cache..."
+  zammad run rails r Cache.clear
+
   if [ -f ${ZAMMAD_DIR}/config/database.yml ]; then
     update_database
 

From 22cd8f33769453cb325b7971cf3a7f651a96e730 Mon Sep 17 00:00:00 2001
From: Dominik Klein <dk@zammad.com>
Date: Fri, 8 Oct 2021 12:34:31 +0200
Subject: [PATCH 53/65] Maintenance: Port maintenance session message test to
 capybara.

---
 script/build/test_slice_tests.sh              |   6 -
 .../maintenance/app_version_spec.rb}          |  10 +-
 .../maintenance/session_message_spec.rb       |  78 ++++++++
 .../maintenance_session_message_test.rb       | 181 ------------------
 4 files changed, 85 insertions(+), 190 deletions(-)
 rename spec/system/{maintenance_app_version_spec.rb => system/maintenance/app_version_spec.rb} (60%)
 create mode 100644 spec/system/system/maintenance/session_message_spec.rb
 delete mode 100644 test/browser/maintenance_session_message_test.rb

diff --git a/script/build/test_slice_tests.sh b/script/build/test_slice_tests.sh
index 369764c5e..6b05ecd91 100755
--- a/script/build/test_slice_tests.sh
+++ b/script/build/test_slice_tests.sh
@@ -49,7 +49,6 @@ if [ "$LEVEL" == '1' ]; then
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
-  # test/browser/maintenance_session_message_test.rb
   # test/browser/manage_test.rb
   # test/browser/monitoring_test.rb
   rm test/browser/integration_sipgate_test.rb
@@ -105,7 +104,6 @@ elif [ "$LEVEL" == '2' ]; then
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
-  rm test/browser/maintenance_session_message_test.rb
   rm test/browser/manage_test.rb
   rm test/browser/monitoring_test.rb
   rm test/browser/integration_sipgate_test.rb
@@ -161,7 +159,6 @@ elif [ "$LEVEL" == '3' ]; then
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
-  rm test/browser/maintenance_session_message_test.rb
   rm test/browser/manage_test.rb
   rm test/browser/monitoring_test.rb
   rm test/browser/integration_sipgate_test.rb
@@ -217,7 +214,6 @@ elif [ "$LEVEL" == '4' ]; then
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
-  rm test/browser/maintenance_session_message_test.rb
   rm test/browser/manage_test.rb
   rm test/browser/monitoring_test.rb
   rm test/browser/integration_sipgate_test.rb
@@ -272,7 +268,6 @@ elif [ "$LEVEL" == '5' ]; then
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
-  rm test/browser/maintenance_session_message_test.rb
   rm test/browser/manage_test.rb
   rm test/browser/monitoring_test.rb
   rm test/browser/integration_sipgate_test.rb
@@ -330,7 +325,6 @@ elif [ "$LEVEL" == '6' ]; then
   # test/browser/first_steps_test.rb
   # test/browser/integration_test.rb
   # test/browser/keyboard_shortcuts_test.rb
-  rm test/browser/maintenance_session_message_test.rb
   rm test/browser/manage_test.rb
   rm test/browser/monitoring_test.rb
   # rm test/browser/integration_sipgate_test.rb
diff --git a/spec/system/maintenance_app_version_spec.rb b/spec/system/system/maintenance/app_version_spec.rb
similarity index 60%
rename from spec/system/maintenance_app_version_spec.rb
rename to spec/system/system/maintenance/app_version_spec.rb
index 35561f4e0..7cba49e35 100644
--- a/spec/system/maintenance_app_version_spec.rb
+++ b/spec/system/system/maintenance/app_version_spec.rb
@@ -2,14 +2,18 @@
 
 require 'rails_helper'
 
-RSpec.describe 'Maintenance App Version', type: :system do
-  it 'check that new version is present' do
+RSpec.describe 'System > Maintenance - App Version', type: :system do
+  it 'check that new version modal dialog is present' do
     page.execute_script 'App.Event.trigger("maintenance", {type:"app_version", app_version:"1234:false"} )'
 
     expect(page).to have_no_text('new version')
 
     page.execute_script 'App.Event.trigger("maintenance", {type:"app_version", app_version:"1234:true"} )'
 
-    expect(page).to have_text('new version')
+    modal_ready(timeout: 10)
+
+    within '.modal-dialog' do
+      expect(page).to have_text('new version')
+    end
   end
 end
diff --git a/spec/system/system/maintenance/session_message_spec.rb b/spec/system/system/maintenance/session_message_spec.rb
new file mode 100644
index 000000000..3e6747580
--- /dev/null
+++ b/spec/system/system/maintenance/session_message_spec.rb
@@ -0,0 +1,78 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+require 'rails_helper'
+
+RSpec.describe 'System > Maintenance - Session Message', type: :system do
+  let(:agent) { User.find_by(login: 'agent1@example.com') }
+  let(:session_message_title) { 'Testing <b>Session Message Title</b>' }
+  let(:session_message_text) { "message <b>1äöüß</b> Session Message Title\n\n\nhttps://zammad.org" }
+
+  def check_sesion_message_content(title, text)
+    expect(page).to have_text(title)
+    expect(page).to have_text(text)
+  end
+
+  context 'when maintenance session message is used and a open session exists' do
+    before do
+      using_session(:second_browser) do
+        login(
+          username: agent.login,
+          password: 'test',
+        )
+      end
+    end
+
+    it 'check that the maintenance session message appears' do
+      visit 'system/maintenance'
+
+      within :active_content do
+        fill_in 'head', with: session_message_title
+        find('.js-Message .js-textarea[data-name="message"]').send_keys(session_message_text)
+
+        click '.js-Message button.js-submit'
+      end
+
+      using_session(:second_browser) do
+        modal_ready
+
+        within '.modal-dialog' do
+          check_sesion_message_content(session_message_title, session_message_text)
+
+          click 'div.modal-header .js-close'
+        end
+
+        modal_disappear
+      end
+
+      within :active_content do
+        expect(page).to have_no_text(session_message_title)
+        expect(page).to have_no_text(session_message_text)
+      end
+    end
+
+    it 'check that the maintenance session message appears with browser reload' do
+      message_title = "#{session_message_title} #2"
+      message_text = "#{session_message_text} #2"
+
+      visit 'system/maintenance'
+
+      within :active_content do
+        fill_in 'head', with: "#{message_title} #2"
+        find('.js-Message .js-textarea[data-name="message"]').send_keys("#{message_text} #2")
+        check 'reload', { allow_label_click: true }
+
+        click '.js-Message button.js-submit'
+      end
+
+      using_session(:second_browser) do
+        modal_ready
+
+        within '.modal-dialog' do
+          check_sesion_message_content(message_title, message_text)
+
+          expect(page).to have_text('Continue session')
+        end
+      end
+    end
+  end
+end
diff --git a/test/browser/maintenance_session_message_test.rb b/test/browser/maintenance_session_message_test.rb
deleted file mode 100644
index 3363823a6..000000000
--- a/test/browser/maintenance_session_message_test.rb
+++ /dev/null
@@ -1,181 +0,0 @@
-# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
-
-require 'browser_test_helper'
-
-class MaintenanceSessionMessageTest < TestCase
-  def test_message
-    string       = SecureRandom.uuid
-    title_html   = "test <b>#{string}</b>"
-    title_text   = "test <b>#{string}<\/b>"
-    message_html = "message <b>1äöüß</b> #{string}\n\n\nhttps://zammad.org"
-    message_text = "message <b>1äöüß</b> #{string}\n\n\nhttps://zammad.org"
-
-    # check #1
-    browser1 = browser_instance
-    login(
-      browser:  browser1,
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-
-    browser2 = browser_instance
-    login(
-      browser:  browser2,
-      username: 'agent1@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-    click(
-      browser: browser1,
-      css:     'a[href="#manage"]',
-    )
-    click(
-      browser: browser1,
-      css:     'a[href="#system/maintenance"]',
-    )
-
-    set(
-      browser: browser1,
-      css:     '.content.active .js-Message input[name="head"]',
-      value:   title_html,
-    )
-    set(
-      browser: browser1,
-      css:     '.content.active .js-Message .js-textarea[data-name="message"]',
-      value:   message_html,
-    )
-
-    click(
-      browser: browser1,
-      css:     '.content.active .js-Message button.js-submit',
-    )
-
-    modal_ready(browser: browser2)
-    watch_for(
-      browser: browser2,
-      css:     '.modal',
-      value:   title_text,
-    )
-    watch_for(
-      browser: browser2,
-      css:     '.modal',
-      value:   message_text,
-    )
-
-    match_not(
-      browser: browser1,
-      css:     'body',
-      value:   message_text,
-    )
-
-    click(
-      browser: browser2,
-      css:     'div.modal-header .js-close',
-    )
-    modal_disappear(browser: browser2)
-
-    # check #2
-    click(
-      browser: browser1,
-      css:     'a[href="#manage"]',
-    )
-    click(
-      browser: browser1,
-      css:     'a[href="#system/maintenance"]',
-    )
-
-    set(
-      browser: browser1,
-      css:     '.content.active .js-Message input[name="head"]',
-      value:   "#{title_html} #2",
-    )
-    set(
-      browser: browser1,
-      css:     '.content.active .js-Message .js-textarea[data-name="message"]',
-      value:   "#{message_html} #2",
-    )
-
-    click(
-      browser: browser1,
-      css:     '.content.active .js-Message button.js-submit',
-    )
-
-    modal_ready(browser: browser2)
-    watch_for(
-      browser: browser2,
-      css:     '.modal',
-      value:   "#{title_text} #2",
-    )
-    watch_for(
-      browser: browser2,
-      css:     '.modal',
-      value:   "#{message_text} #2",
-    )
-
-    match_not(
-      browser: browser1,
-      css:     'body',
-      value:   message_text,
-    )
-
-    click(
-      browser: browser2,
-      css:     'div.modal-header .js-close',
-    )
-    modal_disappear(browser: browser2)
-
-    # check #3
-    click(
-      browser: browser1,
-      css:     'a[href="#manage"]',
-    )
-    click(
-      browser: browser1,
-      css:     'a[href="#system/maintenance"]',
-    )
-
-    set(
-      browser: browser1,
-      css:     '.content.active .js-Message input[name="head"]',
-      value:   "#{title_html} #3",
-    )
-    set(
-      browser: browser1,
-      css:     '.content.active .js-Message .js-textarea[data-name="message"]',
-      value:   "#{message_html} #3",
-    )
-    click(
-      browser: browser1,
-      css:     '.content.active .js-Message input[name="reload"]',
-    )
-    click(
-      browser: browser1,
-      css:     '.content.active .js-Message button.js-submit',
-    )
-
-    modal_ready(browser: browser2)
-    watch_for(
-      browser: browser2,
-      css:     '.modal',
-      value:   "#{title_text} #3",
-    )
-    watch_for(
-      browser: browser2,
-      css:     '.modal',
-      value:   "#{message_text} #3",
-    )
-    watch_for(
-      browser: browser2,
-      css:     '.modal',
-      value:   'Continue session',
-    )
-
-    match_not(
-      browser: browser1,
-      css:     'body',
-      value:   message_text,
-    )
-  end
-
-end

From 1de9c8d803c889005753a6ff7119a68d0059a7c8 Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Fri, 8 Oct 2021 11:49:10 +0200
Subject: [PATCH 54/65] Maintenance: Ported
 admin_permissions_granular_vs_full_test.rb to Capybara.

---
 .rubocop/todo.yml                             |  4 --
 script/build/test_slice_tests.sh              |  6 --
 spec/system/manage/users_spec.rb              | 27 ++++++++
 ...admin_permissions_granular_vs_full_test.rb | 68 -------------------
 4 files changed, 27 insertions(+), 78 deletions(-)
 delete mode 100644 test/browser/admin_permissions_granular_vs_full_test.rb

diff --git a/.rubocop/todo.yml b/.rubocop/todo.yml
index c841e288d..419601015 100644
--- a/.rubocop/todo.yml
+++ b/.rubocop/todo.yml
@@ -887,10 +887,6 @@ Metrics/PerceivedComplexity:
     - 'test/browser_test_helper.rb'
     - 'test/integration/slack_test.rb'
 
-Rails/AssertNot:
-  Exclude:
-    - 'test/browser/admin_permissions_granular_vs_full_test.rb'
-
 Rails/CreateTableWithTimestamps:
   Exclude:
     - 'db/migrate/20120101000001_create_base.rb'
diff --git a/script/build/test_slice_tests.sh b/script/build/test_slice_tests.sh
index 6b05ecd91..ca7dab0d9 100755
--- a/script/build/test_slice_tests.sh
+++ b/script/build/test_slice_tests.sh
@@ -13,7 +13,6 @@ if [ "$LEVEL" == '1' ]; then
   rm test/browser/abb_one_group_test.rb
   rm test/browser/admin_drag_drop_to_new_group_test.rb
   rm test/browser/admin_overview_test.rb
-  rm test/browser/admin_permissions_granular_vs_full_test.rb
   rm test/browser/admin_role_test.rb
   # test/browser/agent_navigation_and_title_test.rb
   # test/browser/agent_organization_profile_test.rb
@@ -68,7 +67,6 @@ elif [ "$LEVEL" == '2' ]; then
   # test/browser/abb_one_group_test.rb
   rm test/browser/admin_drag_drop_to_new_group_test.rb
   rm test/browser/admin_overview_test.rb
-  rm test/browser/admin_permissions_granular_vs_full_test.rb
   #rm test/browser/admin_role_test.rb
   rm test/browser/agent_navigation_and_title_test.rb
   rm test/browser/agent_organization_profile_test.rb
@@ -123,7 +121,6 @@ elif [ "$LEVEL" == '3' ]; then
   # test/browser/abb_one_group_test.rb
   rm test/browser/admin_drag_drop_to_new_group_test.rb
   rm test/browser/admin_overview_test.rb
-  rm test/browser/admin_permissions_granular_vs_full_test.rb
   rm test/browser/admin_role_test.rb
   rm test/browser/agent_navigation_and_title_test.rb
   rm test/browser/agent_organization_profile_test.rb
@@ -178,7 +175,6 @@ elif [ "$LEVEL" == '4' ]; then
   # test/browser/abb_one_group_test.rb
   rm test/browser/admin_drag_drop_to_new_group_test.rb
   rm test/browser/admin_overview_test.rb
-  rm test/browser/admin_permissions_granular_vs_full_test.rb
   rm test/browser/admin_role_test.rb
   rm test/browser/agent_navigation_and_title_test.rb
   rm test/browser/agent_organization_profile_test.rb
@@ -232,7 +228,6 @@ elif [ "$LEVEL" == '5' ]; then
   # test/browser/abb_one_group_test.rb
   # rm test/browser/admin_drag_drop_to_new_group_test.rb
   # test/browser/admin_overview_test.rb
-  # rm test/browser/admin_permissions_granular_vs_full_test.rb
   rm test/browser/admin_role_test.rb
   rm test/browser/agent_navigation_and_title_test.rb
   rm test/browser/agent_organization_profile_test.rb
@@ -289,7 +284,6 @@ elif [ "$LEVEL" == '6' ]; then
   rm test/browser/abb_one_group_test.rb
   rm test/browser/admin_drag_drop_to_new_group_test.rb
   rm test/browser/admin_overview_test.rb
-  rm test/browser/admin_permissions_granular_vs_full_test.rb
   rm test/browser/admin_role_test.rb
   rm test/browser/agent_navigation_and_title_test.rb
   rm test/browser/agent_organization_profile_test.rb
diff --git a/spec/system/manage/users_spec.rb b/spec/system/manage/users_spec.rb
index fe10293a9..bb3324f0d 100644
--- a/spec/system/manage/users_spec.rb
+++ b/spec/system/manage/users_spec.rb
@@ -111,6 +111,33 @@ RSpec.describe 'Manage > Users', type: :system do
     end
   end
 
+  context 'updating a user' do
+    before do
+      create(:admin)
+    end
+
+    it 'handles permission checkboxes correctly' do
+      visit '#manage/users'
+
+      within(:active_content) do
+        click 'table.user-list tbody tr:first-child'
+      end
+      in_modal disappears: false do
+        scroll_into_view 'table.settings-list'
+        within 'table.settings-list tbody tr:first-child' do
+          click 'input[value="full"]', visible: :all
+          expect(find('input[value="full"]', visible: :all).checked?).to be true
+          click 'input[value="read"]', visible: :all
+          expect(find('input[value="full"]', visible: :all).checked?).to be false
+          expect(find('input[value="read"]', visible: :all).checked?).to be true
+          click 'input[value="full"]', visible: :all
+          expect(find('input[value="full"]', visible: :all).checked?).to be true
+          expect(find('input[value="read"]', visible: :all).checked?).to be false
+        end
+      end
+    end
+  end
+
   describe 'check user edit permissions', authenticated_as: -> { user } do
 
     shared_examples 'user permission' do |allow|
diff --git a/test/browser/admin_permissions_granular_vs_full_test.rb b/test/browser/admin_permissions_granular_vs_full_test.rb
deleted file mode 100644
index fd0e131a7..000000000
--- a/test/browser/admin_permissions_granular_vs_full_test.rb
+++ /dev/null
@@ -1,68 +0,0 @@
-# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
-
-require 'browser_test_helper'
-
-class AdminPermissionsGranularVsFullTest < TestCase
-  def test_permissions_selecting
-    new_group_name = "permissions_test_group#{SecureRandom.uuid}"
-    @browser = browser_instance
-    login(
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-    tasks_close_all
-
-    click(css: 'a[href="#manage"]')
-    click(css: '.content.active a[href="#manage/groups"]')
-    click(css: '.content.active a[data-type="new"]')
-
-    modal_ready
-
-    element = @browser.find_element(css: '.modal input[name=name]')
-    element.clear
-    element.send_keys(new_group_name)
-    click(css: '.modal button.js-submit')
-    modal_disappear
-
-    click(css: '.content.active a[href="#manage/users"]')
-
-    user_css = '.user-list .js-tableBody tr td'
-    watch_for(css: user_css)
-    @browser.find_elements(css: '.content.active .user-list td:first-child').each do |entry|
-      next if entry.text.strip != 'admin@example.com'
-
-      entry.click
-      break
-    end
-
-    modal_ready
-
-    scroll_script = "var el = document.getElementsByClassName('modal')[0];"
-    scroll_script += 'el.scrollTo(0, el.scrollHeight);'
-    @browser.execute_script scroll_script
-
-    group = @browser.find_elements(css: '.modal .settings-list tbody tr').find do |el|
-      el.find_element(css: 'td').text == new_group_name
-    end
-
-    if !group
-      screenshot(comment: 'group_not_found')
-      raise "Can't find group #{new_group_name}"
-    end
-
-    toggle_checkbox(group, 'full')
-    sleep(1)
-    assert(checkbox_is_selected(group, 'full'))
-
-    toggle_checkbox(group, 'read')
-    sleep(1)
-    assert(!checkbox_is_selected(group, 'full'))
-    assert(checkbox_is_selected(group, 'read'))
-
-    toggle_checkbox(group, 'full')
-    sleep(1)
-    assert(checkbox_is_selected(group, 'full'))
-    assert(!checkbox_is_selected(group, 'read'))
-  end
-end

From 52587ca9e2bb241e0159cad1d8156251ec95b144 Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Fri, 8 Oct 2021 12:13:05 +0200
Subject: [PATCH 55/65] Maintenance: Port System > Monitoring test to capybara.

---
 script/build/test_slice_tests.sh      |  6 ----
 spec/system/system/monitoring_spec.rb | 24 +++++++++++++++
 test/browser/monitoring_test.rb       | 44 ---------------------------
 3 files changed, 24 insertions(+), 50 deletions(-)
 create mode 100644 spec/system/system/monitoring_spec.rb
 delete mode 100644 test/browser/monitoring_test.rb

diff --git a/script/build/test_slice_tests.sh b/script/build/test_slice_tests.sh
index ca7dab0d9..2e93cfe5c 100755
--- a/script/build/test_slice_tests.sh
+++ b/script/build/test_slice_tests.sh
@@ -49,7 +49,6 @@ if [ "$LEVEL" == '1' ]; then
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
   # test/browser/manage_test.rb
-  # test/browser/monitoring_test.rb
   rm test/browser/integration_sipgate_test.rb
   rm test/browser/integration_cti_test.rb
   rm test/browser/preferences_language_test.rb
@@ -103,7 +102,6 @@ elif [ "$LEVEL" == '2' ]; then
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
   rm test/browser/manage_test.rb
-  rm test/browser/monitoring_test.rb
   rm test/browser/integration_sipgate_test.rb
   rm test/browser/integration_cti_test.rb
   rm test/browser/preferences_language_test.rb
@@ -157,7 +155,6 @@ elif [ "$LEVEL" == '3' ]; then
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
   rm test/browser/manage_test.rb
-  rm test/browser/monitoring_test.rb
   rm test/browser/integration_sipgate_test.rb
   rm test/browser/integration_cti_test.rb
   rm test/browser/preferences_language_test.rb
@@ -211,7 +208,6 @@ elif [ "$LEVEL" == '4' ]; then
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
   rm test/browser/manage_test.rb
-  rm test/browser/monitoring_test.rb
   rm test/browser/integration_sipgate_test.rb
   rm test/browser/integration_cti_test.rb
   rm test/browser/preferences_language_test.rb
@@ -264,7 +260,6 @@ elif [ "$LEVEL" == '5' ]; then
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
   rm test/browser/manage_test.rb
-  rm test/browser/monitoring_test.rb
   rm test/browser/integration_sipgate_test.rb
   rm test/browser/integration_cti_test.rb
   rm test/browser/preferences_language_test.rb
@@ -320,7 +315,6 @@ elif [ "$LEVEL" == '6' ]; then
   # test/browser/integration_test.rb
   # test/browser/keyboard_shortcuts_test.rb
   rm test/browser/manage_test.rb
-  rm test/browser/monitoring_test.rb
   # rm test/browser/integration_sipgate_test.rb
   # rm test/browser/integration_cti_test.rb
   # test/browser/preferences_language_test.rb
diff --git a/spec/system/system/monitoring_spec.rb b/spec/system/system/monitoring_spec.rb
new file mode 100644
index 000000000..458564fab
--- /dev/null
+++ b/spec/system/system/monitoring_spec.rb
@@ -0,0 +1,24 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+require 'rails_helper'
+
+RSpec.describe 'System > Monitoring', type: :system do
+
+  context 'when showing the token' do
+    it 'works correctly' do
+      visit 'system/monitoring'
+
+      within :active_content do
+        token = find('.js-token').value
+        url   = find('.js-url').value
+        expect(url).to include(token)
+
+        click '.js-resetToken'
+        new_token = find('.js-token').value
+        new_url   = find('.js-url').value
+        expect(new_url).to include(new_token)
+        expect(token).not_to eq(new_token)
+      end
+    end
+  end
+end
diff --git a/test/browser/monitoring_test.rb b/test/browser/monitoring_test.rb
deleted file mode 100644
index c752a5de1..000000000
--- a/test/browser/monitoring_test.rb
+++ /dev/null
@@ -1,44 +0,0 @@
-# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
-
-require 'browser_test_helper'
-
-class MonitoringTest < TestCase
-
-  def test_mode
-    browser1 = browser_instance
-    login(
-      browser:  browser1,
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-    click(
-      browser: browser1,
-      css:     'a[href="#manage"]',
-    )
-    click(
-      browser: browser1,
-      css:     'a[href="#system/monitoring"]',
-    )
-
-    token = browser1.find_elements(css: '.active.content .js-token')[0].attribute('value')
-    url = browser1.find_elements(css: '.active.content .js-url')[0].attribute('value')
-
-    assert_match(token.to_s, url)
-
-    click(
-      browser: browser1,
-      css:     '.active.content .js-resetToken',
-    )
-    sleep 3
-
-    token_new = browser1.find_elements(css: '.active.content .js-token')[0].attribute('value')
-    url_new = browser1.find_elements(css: '.active.content .js-url')[0].attribute('value')
-
-    assert_not_equal(token, token_new)
-    assert_not_equal(url, url_new)
-    assert_match(token_new.to_s, url_new)
-
-  end
-
-end

From 587f36d220290371b37ec32399adbe99e8007045 Mon Sep 17 00:00:00 2001
From: Dominik Klein <dk@zammad.com>
Date: Fri, 8 Oct 2021 18:48:08 +0200
Subject: [PATCH 56/65] Maintenance: Try to improve the stabilzation of the
 maintenance app version selenium test.

---
 spec/system/system/maintenance/app_version_spec.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/spec/system/system/maintenance/app_version_spec.rb b/spec/system/system/maintenance/app_version_spec.rb
index 7cba49e35..50714c0c1 100644
--- a/spec/system/system/maintenance/app_version_spec.rb
+++ b/spec/system/system/maintenance/app_version_spec.rb
@@ -4,13 +4,15 @@ require 'rails_helper'
 
 RSpec.describe 'System > Maintenance - App Version', type: :system do
   it 'check that new version modal dialog is present' do
+    visit 'ticket/zoom/1'
+
     page.execute_script 'App.Event.trigger("maintenance", {type:"app_version", app_version:"1234:false"} )'
 
-    expect(page).to have_no_text('new version')
+    expect(page).to have_no_text('new version', wait: 10)
 
     page.execute_script 'App.Event.trigger("maintenance", {type:"app_version", app_version:"1234:true"} )'
 
-    modal_ready(timeout: 10)
+    modal_ready timeout: 10
 
     within '.modal-dialog' do
       expect(page).to have_text('new version')

From 61996989b0be20389a389ac948ca239ab1c463d3 Mon Sep 17 00:00:00 2001
From: Dominik Klein <dk@zammad.com>
Date: Mon, 11 Oct 2021 10:57:50 +0200
Subject: [PATCH 57/65] Maintenance: Deleted already ported switch to user
 test.

---
 script/build/test_slice_tests.sh    |  5 ---
 test/browser/switch_to_user_test.rb | 53 -----------------------------
 2 files changed, 58 deletions(-)
 delete mode 100644 test/browser/switch_to_user_test.rb

diff --git a/script/build/test_slice_tests.sh b/script/build/test_slice_tests.sh
index 2e93cfe5c..b66c3f074 100755
--- a/script/build/test_slice_tests.sh
+++ b/script/build/test_slice_tests.sh
@@ -105,7 +105,6 @@ elif [ "$LEVEL" == '2' ]; then
   rm test/browser/integration_sipgate_test.rb
   rm test/browser/integration_cti_test.rb
   rm test/browser/preferences_language_test.rb
-  rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
   # test/browser/user_access_permissions_test.rb
@@ -158,7 +157,6 @@ elif [ "$LEVEL" == '3' ]; then
   rm test/browser/integration_sipgate_test.rb
   rm test/browser/integration_cti_test.rb
   rm test/browser/preferences_language_test.rb
-  rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
   rm test/browser/user_access_permissions_test.rb
@@ -211,7 +209,6 @@ elif [ "$LEVEL" == '4' ]; then
   rm test/browser/integration_sipgate_test.rb
   rm test/browser/integration_cti_test.rb
   rm test/browser/preferences_language_test.rb
-  rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
   rm test/browser/user_access_permissions_test.rb
@@ -263,7 +260,6 @@ elif [ "$LEVEL" == '5' ]; then
   rm test/browser/integration_sipgate_test.rb
   rm test/browser/integration_cti_test.rb
   rm test/browser/preferences_language_test.rb
-  rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
   rm test/browser/user_access_permissions_test.rb
@@ -318,7 +314,6 @@ elif [ "$LEVEL" == '6' ]; then
   # rm test/browser/integration_sipgate_test.rb
   # rm test/browser/integration_cti_test.rb
   # test/browser/preferences_language_test.rb
-  rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
   rm test/browser/user_access_permissions_test.rb
diff --git a/test/browser/switch_to_user_test.rb b/test/browser/switch_to_user_test.rb
deleted file mode 100644
index 56a24343d..000000000
--- a/test/browser/switch_to_user_test.rb
+++ /dev/null
@@ -1,53 +0,0 @@
-# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
-
-require 'browser_test_helper'
-
-class SwitchToUserTest < TestCase
-  def test_agent_user
-    @browser = browser_instance
-    login(
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-    tasks_close_all
-
-    click(css: 'a[href="#manage"]')
-    click(css: '.content.active a[href="#manage/users"]')
-
-    set(
-      css:   '.content.active .js-search',
-      value: 'nicole',
-    )
-    sleep 3
-
-    @browser.action.move_to(@browser.find_elements({ css: '.content.active .table-overview tbody tr:first-child' })[0]).release.perform
-
-    sleep 0.5
-    click(
-      css: '.content.active .dropdown--actions',
-    )
-    click(
-      css:  '.content.active .icon-switchView',
-      ajax: false
-    )
-    sleep 3
-
-    watch_for(
-      css:   '.switchBackToUser',
-      value: 'zammad looks like',
-    )
-    watch_for(
-      css:   '.switchBackToUser',
-      value: 'Nicole',
-    )
-    login = @browser.find_elements({ css: '.user-menu .user a' })[0].attribute('title')
-    assert_equal(login, 'nicole.braun@zammad.org')
-    click(css: '.switchBackToUser .js-close', ajax: false)
-
-    sleep 5
-    login = @browser.find_elements({ css: '.user-menu .user a' })[0].attribute('title')
-    assert_equal(login, 'admin@example.com')
-
-  end
-end

From 55e99d7aa8aa953e5ad260da6dcfcbc09964b022 Mon Sep 17 00:00:00 2001
From: Mantas Masalskis <mm@zammad.com>
Date: Tue, 12 Oct 2021 15:46:46 +0200
Subject: [PATCH 58/65] Fixes #3800 - Sort order group_by broken (alphabetical)

---
 .../_application_controller/table.coffee      |  4 +-
 spec/system/overview_spec.rb                  | 88 +++++++++++--------
 2 files changed, 56 insertions(+), 36 deletions(-)

diff --git a/app/assets/javascripts/app/controllers/_application_controller/table.coffee b/app/assets/javascripts/app/controllers/_application_controller/table.coffee
index 7304710a0..3056a6a32 100644
--- a/app/assets/javascripts/app/controllers/_application_controller/table.coffee
+++ b/app/assets/javascripts/app/controllers/_application_controller/table.coffee
@@ -497,7 +497,9 @@ class App.ControllerTable extends App.Controller
     reference_key = groupBy + '_id'
 
     if reference_key of object
-      return reference_key
+      attribute = _.findWhere(object.constructor.configure_attributes, { name: reference_key })
+
+      return App[attribute.relation]?.find(object[reference_key])?.displayName() || reference_key
 
     groupBy
 
diff --git a/spec/system/overview_spec.rb b/spec/system/overview_spec.rb
index 763619ec2..b255844c1 100644
--- a/spec/system/overview_spec.rb
+++ b/spec/system/overview_spec.rb
@@ -66,13 +66,19 @@ RSpec.describe 'Overview', type: :system do
     end
   end
 
-  context 'sorting when group by is set' do
-    let(:user) { create(:customer) }
-    let(:ticket1) { create(:ticket, group: Group.find_by(name: 'Users'), priority_id: 1, customer: user) }
-    let(:ticket2) { create(:ticket, group: Group.find_by(name: 'Users'), priority_id: 2, customer: user) }
-    let(:ticket3) { create(:ticket, group: Group.find_by(name: 'Users'), priority_id: 3, customer: user) }
+  context 'sorting when group by is set', authenticated_as: :user do
+    let(:user) { create(:agent, groups: [group_c, group_a, group_b]) }
+
+    let(:group_a) { create(:group, name: 'aaa') }
+    let(:group_b) { create(:group, name: 'bbb') }
+    let(:group_c) { create(:group, name: 'ccc') }
+
+    let(:ticket1) { create(:ticket, group: group_a, priority_id: 1, customer: user) }
+    let(:ticket2) { create(:ticket, group: group_c, priority_id: 2, customer: user) }
+    let(:ticket3) { create(:ticket, group: group_b, priority_id: 3, customer: user) }
+
     let(:overview) do
-      create(:overview, group_by: 'priority', group_direction: group_direction, condition: {
+      create(:overview, group_by: group_key, group_direction: group_direction, condition: {
                'ticket.customer_id' => {
                  operator: 'is',
                  value:    user.id
@@ -86,48 +92,60 @@ RSpec.describe 'Overview', type: :system do
       visit "ticket/view/#{overview.link}"
     end
 
-    context 'when group direction is default' do
-      let(:group_direction) { nil }
+    context 'when grouping by priority' do
+      let(:group_key) { 'priority' }
 
-      it 'sorts groups 1 > 3' do
-        within :active_content do
-          expect(find('.table-overview table tbody tr:first-child td:nth-child(1)').text).to match('1 low')
-          expect(find('.table-overview table tbody tr:nth-child(5) td:nth-child(1)').text).to match('3 high')
+      context 'when group direction is default' do
+        let(:group_direction) { nil }
+
+        it 'sorts groups 1 > 3' do
+          within :active_content do
+            expect(all('.table-overview table b').map(&:text)).to eq ['1 low', '2 normal', '3 high']
+          end
+        end
+
+        it 'does not show duplicates when any ticket attribute is updated using bulk update' do
+          find("tr[data-id='#{ticket3.id}']").check('bulk', allow_label_click: true)
+          select '2 normal', from: 'priority_id'
+
+          click '.js-confirm'
+          find('.js-confirm-step textarea').fill_in with: 'test tickets ordering'
+          click '.js-submit'
+
+          within :active_content do
+            expect(page).to have_css("tr[data-id='#{ticket3.id}']", count: 1)
+          end
         end
       end
 
-      it 'does not show duplicates when any ticket attribute is updated using bulk update' do
-        find("tr[data-id='#{ticket3.id}']").check('bulk', allow_label_click: true)
-        select '2 normal', from: 'priority_id'
+      context 'when group direction is ASC' do
+        let(:group_direction) { 'ASC' }
 
-        click '.js-confirm'
-        find('.js-confirm-step textarea').fill_in with: 'test tickets ordering'
-        click '.js-submit'
+        it 'sorts groups 1 > 3' do
+          within :active_content do
+            expect(all('.table-overview table b').map(&:text)).to eq ['1 low', '2 normal', '3 high']
+          end
+        end
+      end
 
-        within :active_content do
-          expect(page).to have_css("tr[data-id='#{ticket3.id}']", count: 1)
+      context 'when group direction is DESC' do
+        let(:group_direction) { 'DESC' }
+
+        it 'sorts groups 3 > 1' do
+          within :active_content do
+            expect(all('.table-overview table b').map(&:text)).to eq ['3 high', '2 normal', '1 low']
+          end
         end
       end
     end
 
-    context 'when group direction is ASC' do
+    context 'when grouping by groups' do
+      let(:group_key) { 'group' }
       let(:group_direction) { 'ASC' }
 
-      it 'sorts groups 1 > 3' do
+      it 'sorts groups a > b > c' do
         within :active_content do
-          expect(find('.table-overview table tbody tr:first-child td:nth-child(1)').text).to match('1 low')
-          expect(find('.table-overview table tbody tr:nth-child(5) td:nth-child(1)').text).to match('3 high')
-        end
-      end
-    end
-
-    context 'when group direction is DESC' do
-      let(:group_direction) { 'DESC' }
-
-      it 'sorts groups 3 > 1' do
-        within :active_content do
-          expect(find('.table-overview table tbody tr:first-child td:nth-child(1)').text).to match('3 high')
-          expect(find('.table-overview table tbody tr:nth-child(5) td:nth-child(1)').text).to match('1 low')
+          expect(all('.table-overview table b').map(&:text)).to eq %w[aaa bbb ccc]
         end
       end
     end

From 3036453a0f8ddd40b4221ff4494ee1fc0624aceb Mon Sep 17 00:00:00 2001
From: Dominik Klein <dk@zammad.com>
Date: Tue, 12 Oct 2021 16:02:34 +0200
Subject: [PATCH 59/65] Maintenance: Ported auth test to capybara.

---
 script/build/test_slice_tests.sh             |  6 --
 spec/support/capybara/browser_test_helper.rb | 15 ++++
 spec/system/basic/authentication_spec.rb     | 30 ++++++-
 spec/system/login_spec.rb                    | 11 +++
 test/browser/auth_test.rb                    | 89 --------------------
 5 files changed, 55 insertions(+), 96 deletions(-)
 delete mode 100644 test/browser/auth_test.rb

diff --git a/script/build/test_slice_tests.sh b/script/build/test_slice_tests.sh
index b66c3f074..b6b0f9d7d 100755
--- a/script/build/test_slice_tests.sh
+++ b/script/build/test_slice_tests.sh
@@ -43,7 +43,6 @@ if [ "$LEVEL" == '1' ]; then
   rm test/browser/agent_ticket_zoom_hide_test.rb
   rm test/browser/agent_user_manage_test.rb
   rm test/browser/agent_user_profile_test.rb
-  # test/browser/auth_test.rb
   rm test/browser/customer_ticket_create_test.rb
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
@@ -96,7 +95,6 @@ elif [ "$LEVEL" == '2' ]; then
   # test/browser/agent_ticket_zoom_hide_test.rb
   rm test/browser/agent_user_manage_test.rb
   rm test/browser/agent_user_profile_test.rb
-  rm test/browser/auth_test.rb
   rm test/browser/customer_ticket_create_test.rb
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
@@ -148,7 +146,6 @@ elif [ "$LEVEL" == '3' ]; then
   rm test/browser/agent_ticket_zoom_hide_test.rb
   rm test/browser/agent_user_manage_test.rb
   rm test/browser/agent_user_profile_test.rb
-  rm test/browser/auth_test.rb
   rm test/browser/customer_ticket_create_test.rb
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
@@ -200,7 +197,6 @@ elif [ "$LEVEL" == '4' ]; then
   rm test/browser/agent_ticket_zoom_hide_test.rb
   rm test/browser/agent_user_manage_test.rb
   rm test/browser/agent_user_profile_test.rb
-  rm test/browser/auth_test.rb
   # test/browser/customer_ticket_create_test.rb
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
@@ -251,7 +247,6 @@ elif [ "$LEVEL" == '5' ]; then
   rm test/browser/agent_ticket_zoom_hide_test.rb
   # test/browser/agent_user_manage_test.rb
   # test/browser/agent_user_profile_test.rb
-  rm test/browser/auth_test.rb
   rm test/browser/customer_ticket_create_test.rb
   rm test/browser/first_steps_test.rb
   rm test/browser/integration_test.rb
@@ -305,7 +300,6 @@ elif [ "$LEVEL" == '6' ]; then
   rm test/browser/agent_ticket_zoom_hide_test.rb
   rm test/browser/agent_user_manage_test.rb
   rm test/browser/agent_user_profile_test.rb
-  rm test/browser/auth_test.rb
   rm test/browser/customer_ticket_create_test.rb
   # test/browser/first_steps_test.rb
   # test/browser/integration_test.rb
diff --git a/spec/support/capybara/browser_test_helper.rb b/spec/support/capybara/browser_test_helper.rb
index 241662591..44dd973c7 100644
--- a/spec/support/capybara/browser_test_helper.rb
+++ b/spec/support/capybara/browser_test_helper.rb
@@ -32,6 +32,21 @@ module BrowserTestHelper
     sleep wait_time
   end
 
+  # Get the current cookies from the browser with the driver object.
+  #
+  def cookies
+    page.driver.browser.manage.all_cookies
+  end
+
+  # Get a single cookie by the given name (regex possible)
+  #
+  # @example
+  #  cookie('cookie-name')
+  #
+  def cookie(name)
+    cookies.find { |cookie| cookie[:name].match?(name) }
+  end
+
   # Finds an element and clicks it - wrapped in one method.
   #
   # @example
diff --git a/spec/system/basic/authentication_spec.rb b/spec/system/basic/authentication_spec.rb
index 84cd94839..be9044336 100644
--- a/spec/system/basic/authentication_spec.rb
+++ b/spec/system/basic/authentication_spec.rb
@@ -3,7 +3,6 @@
 require 'rails_helper'
 
 RSpec.describe 'Authentication', type: :system do
-
   it 'Login', authenticated_as: false do
     login(
       username: 'admin@example.com',
@@ -11,6 +10,35 @@ RSpec.describe 'Authentication', type: :system do
     )
 
     expect_current_route 'dashboard'
+
+    refresh
+
+    # Check that cookies is temporary.
+    cookie = cookie('^_zammad.+?')
+    expect(cookie[:expires]).to eq(nil)
+  end
+
+  it 'Login with remember me', authenticated_as: false do
+    login(
+      username:    'admin@example.com',
+      password:    'test',
+      remember_me: true
+    )
+
+    expect_current_route 'dashboard'
+
+    refresh
+
+    # Check that cookies has a  expire date.
+    cookie = cookie('^_zammad.+?')
+    expect(cookie[:expires]).to be_truthy
+
+    logout
+    expect_current_route 'login', wait: 10
+
+    # Check that cookies has no longer a expire date after logout.
+    cookie = cookie('^_zammad.+?')
+    expect(cookie[:expires]).to eq(nil)
   end
 
   it 'Logout' do
diff --git a/spec/system/login_spec.rb b/spec/system/login_spec.rb
index f7a57b3b1..5309a052d 100644
--- a/spec/system/login_spec.rb
+++ b/spec/system/login_spec.rb
@@ -10,4 +10,15 @@ RSpec.describe 'Login', type: :system, authenticated_as: false do
   it 'fqdn is visible on login page' do
     expect(page).to have_css('.login p', text: Setting.get('fqdn'))
   end
+
+  it 'Login with wrong credentials' do
+    within('#login') do
+      fill_in 'username', with: 'admin@example.com'
+      fill_in 'password', with: 'wrong'
+
+      click_button
+    end
+
+    expect(page).to have_css('#login .alert')
+  end
 end
diff --git a/test/browser/auth_test.rb b/test/browser/auth_test.rb
deleted file mode 100644
index 27213a1be..000000000
--- a/test/browser/auth_test.rb
+++ /dev/null
@@ -1,89 +0,0 @@
-# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
-
-require 'browser_test_helper'
-
-class AuthTest < TestCase
-  def test_authentication
-    @browser = browser_instance
-    location(url: browser_url)
-    match(
-      css:   '#login',
-      value: 'username',
-    )
-    click(css: '#login button')
-
-    sleep 4
-    match(
-      css:   '#login',
-      value: 'username',
-    )
-
-    # login with username/password
-    login(
-      username: 'nicole.braun@zammad.org',
-      password: 'test',
-    )
-    tasks_close_all
-
-    # reload page
-    reload
-
-    # check if cookie is temporarily
-    watch_for(
-      css:   'body',
-      value: 'Overviews',
-    )
-
-    # verify session cookie
-    cookie(
-      name:    '^_zammad.+?',
-      value:   '.+?',
-      expires: '',
-    )
-  end
-
-  def test_authentication_new_browser_without_permanent_cookie_no_session_should_be
-    @browser = browser_instance
-    location(url: browser_url)
-    match(
-      css:   '#login',
-      value: 'username',
-    )
-  end
-
-  def test_new_browser_with_permanent_cookie_login
-    @browser = browser_instance
-    location(url: browser_url)
-
-    # login with username/password
-    login(
-      username:    'nicole.braun@zammad.org',
-      password:    'test',
-      remember_me: true,
-    )
-
-    # check if cookie is temporarily
-    watch_for(
-      css:   'body',
-      value: 'Overviews',
-    )
-
-    # verify session cookie
-    cookie(
-      name:    '^_zammad.+?',
-      value:   '.+?',
-      expires: '\d{4}-\d{1,2}-\d{1,2}.+?',
-    )
-
-    logout
-
-    # verify session cookie
-    sleep 2
-    cookie(
-      name:    '^_zammad.+?',
-      value:   '.+?',
-      expires: '',
-    )
-  end
-
-end

From d7cdb308dd21e0ac22ea72d22868fe4c4c9b15d6 Mon Sep 17 00:00:00 2001
From: Bola Ahmed Buari <bb@zammad.com>
Date: Tue, 12 Oct 2021 16:11:47 +0200
Subject: [PATCH 60/65] Maintenance: Port old preferences permission language
 tests to capybara.

---
 script/build/test_slice_tests.sh              |  11 +-
 .../profile/preferences_language_spec.rb      | 236 ++++++++++++
 test/browser/preferences_language_test.rb     | 337 ------------------
 3 files changed, 241 insertions(+), 343 deletions(-)
 create mode 100644 spec/system/profile/preferences_language_spec.rb
 delete mode 100644 test/browser/preferences_language_test.rb

diff --git a/script/build/test_slice_tests.sh b/script/build/test_slice_tests.sh
index b6b0f9d7d..113b67233 100755
--- a/script/build/test_slice_tests.sh
+++ b/script/build/test_slice_tests.sh
@@ -50,7 +50,6 @@ if [ "$LEVEL" == '1' ]; then
   # test/browser/manage_test.rb
   rm test/browser/integration_sipgate_test.rb
   rm test/browser/integration_cti_test.rb
-  rm test/browser/preferences_language_test.rb
   # test/browser/swich_to_user_test.rb
   # test/browser/taskbar_session_test.rb
   # test/browser/taskbar_task_test.rb
@@ -102,7 +101,7 @@ elif [ "$LEVEL" == '2' ]; then
   rm test/browser/manage_test.rb
   rm test/browser/integration_sipgate_test.rb
   rm test/browser/integration_cti_test.rb
-  rm test/browser/preferences_language_test.rb
+  rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
   # test/browser/user_access_permissions_test.rb
@@ -153,7 +152,7 @@ elif [ "$LEVEL" == '3' ]; then
   rm test/browser/manage_test.rb
   rm test/browser/integration_sipgate_test.rb
   rm test/browser/integration_cti_test.rb
-  rm test/browser/preferences_language_test.rb
+  rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
   rm test/browser/user_access_permissions_test.rb
@@ -204,7 +203,7 @@ elif [ "$LEVEL" == '4' ]; then
   rm test/browser/manage_test.rb
   rm test/browser/integration_sipgate_test.rb
   rm test/browser/integration_cti_test.rb
-  rm test/browser/preferences_language_test.rb
+  rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
   rm test/browser/user_access_permissions_test.rb
@@ -254,7 +253,7 @@ elif [ "$LEVEL" == '5' ]; then
   rm test/browser/manage_test.rb
   rm test/browser/integration_sipgate_test.rb
   rm test/browser/integration_cti_test.rb
-  rm test/browser/preferences_language_test.rb
+  rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
   rm test/browser/user_access_permissions_test.rb
@@ -307,7 +306,7 @@ elif [ "$LEVEL" == '6' ]; then
   rm test/browser/manage_test.rb
   # rm test/browser/integration_sipgate_test.rb
   # rm test/browser/integration_cti_test.rb
-  # test/browser/preferences_language_test.rb
+  rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
   rm test/browser/user_access_permissions_test.rb
diff --git a/spec/system/profile/preferences_language_spec.rb b/spec/system/profile/preferences_language_spec.rb
new file mode 100644
index 000000000..90f5be791
--- /dev/null
+++ b/spec/system/profile/preferences_language_spec.rb
@@ -0,0 +1,236 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+require 'rails_helper'
+
+RSpec.describe 'Profile > Language', type: :system do
+  let(:group) { create(:group) }
+  let(:session_user) { create(:admin, preferences: { locale: locale }, groups: Group.all) }
+  let(:path) { 'profile/language' }
+
+  shared_examples 'having translated content in' do |current_element|
+    it "the '#{current_element}' element" do
+      within current_element do
+        expect(page).to have_text(translated_content)
+      end
+    end
+  end
+
+  shared_examples 'having translated content in the page title' do
+    it 'shows the translated content' do
+      expect(page).to have_title(translated_content)
+    end
+  end
+
+  shared_examples 'displaying the current language' do
+    it 'shows the current language' do
+      within :active_content do
+        within '.page-content' do
+          expect(page).to have_field(with: full_current_locale)
+        end
+      end
+    end
+  end
+
+  shared_examples 'have translations in ticket page' do |translated_element|
+    it_behaves_like 'having translated content in the page title'
+
+    context 'when translated content is ticket priority' do
+      let(:translated_content) { priority }
+
+      it_behaves_like 'having translated content in', translated_element
+    end
+
+    context 'when translated content is ticket owner' do
+      let(:translated_content) { owner }
+
+      it_behaves_like 'having translated content in', translated_element
+    end
+
+    context 'when translated content is ticket title' do
+      let(:translated_content) { title }
+
+      it_behaves_like 'having translated content in', :active_content
+    end
+  end
+
+  context 'when user locale is English (en-gb)', authenticated_as: :session_user do
+    let(:locale) { 'en-gb' }
+    let(:translated_content) { 'Overview' }
+    let(:full_current_locale) { 'English (Great Britain)' }
+    let(:priority) { 'PRIORITY' }
+    let(:owner) { 'OWNER' }
+
+    before { visit path }
+
+    it_behaves_like 'displaying the current language'
+
+    it_behaves_like 'having translated content in', '.js-menu'
+
+    context 'when profile language is changed' do
+      let(:new_locale) { 'de-de' }
+      let(:full_current_locale) { 'Deutsch' }
+
+      before do
+        within :active_content do
+          within '.page-content' do
+            find('input.searchableSelect-main.js-input').click
+            find("[data-value=#{new_locale}].js-option").click
+
+            click_button
+            session_user.reload
+          end
+        end
+      end
+
+      it 'changes the user preference language' do
+        expect(session_user.preferences[:locale]).to eq(new_locale)
+      end
+
+      it_behaves_like 'displaying the current language'
+    end
+
+    context 'with language page visited' do
+      let(:translated_content) { 'Language' }
+
+      it_behaves_like 'having translated content in', '.page-header'
+      it_behaves_like 'having translated content in', '.sidebar.NavBarProfile'
+    end
+
+    context 'with dashboard page visited' do
+      let(:path) { 'dashboard' }
+      let(:translated_content) { 'My Stats' }
+
+      it_behaves_like 'having translated content in', :active_content
+    end
+
+    context 'with overview page visited' do
+      let(:path) { 'ticket/view' }
+      let(:translated_content) { 'My assigned Tickets' }
+
+      it_behaves_like 'having translated content in the page title'
+      it_behaves_like 'having translated content in', :active_content
+    end
+
+    context 'with drafted ticket create' do
+      let(:path) { 'ticket/create' }
+      let(:title) { 'preferences lang check #1' }
+      let(:customer) { 'nicole' }
+      let(:translated_content) { "Call Inbound: #{title}" }
+
+      translated_element = '.newTicket .ticket-create'
+
+      before do
+        fill_in 'title', with: title
+        fill_in 'customer_id_completion', with: customer
+        send_keys(:enter, :tab)
+        find('[data-name="body"]').set(title)
+        select 'Users', from: 'group_id'
+      end
+
+      include_examples 'have translations in ticket page', translated_element
+    end
+
+    context 'with ticket zoom page' do
+      let(:path) { "ticket/zoom/#{ticket.id}" }
+      let(:title) { 'preferences lang check #2' }
+      let(:translated_content) { title }
+      let(:user_group) { Group.lookup(name: 'Users') }
+      let(:ticket) { create(:ticket, group: user_group, title: title) }
+
+      translated_element = '.content.active .sidebar-content'
+
+      include_examples 'have translations in ticket page', translated_element
+    end
+  end
+
+  context 'when user locale is Deutsch', authenticated_as: :session_user do
+    let(:locale) { 'de-de' }
+    let(:translated_content) { 'Übersichten' }
+    let(:full_current_locale) { 'Deutsch' }
+    let(:priority) { 'PRIORITÄT' }
+    let(:owner) { 'BESITZER' }
+
+    before { visit path }
+
+    it_behaves_like 'displaying the current language'
+
+    it_behaves_like 'having translated content in', '.js-menu'
+
+    context 'when profile language is changed' do
+      let(:new_locale) { 'en-gb' }
+      let(:full_current_locale) { 'English (Great Britain)' }
+      let(:translated_content) { 'Übersichten' }
+
+      before do
+        within :active_content do
+          within '.page-content' do
+            find('input.searchableSelect-main.js-input').click
+            find("[data-value=#{new_locale}].js-option").click
+
+            click_button
+            session_user.reload
+          end
+        end
+      end
+
+      it 'changes the user preference language' do
+        expect(session_user.preferences[:locale]).to eq(new_locale)
+      end
+
+      it_behaves_like 'displaying the current language'
+    end
+
+    context 'with language page visited' do
+      let(:translated_content) { 'Sprache' }
+
+      it_behaves_like 'having translated content in', '.page-header'
+      it_behaves_like 'having translated content in', '.sidebar.NavBarProfile'
+    end
+
+    context 'with dashboard page visited' do
+      let(:path) { 'dashboard' }
+      let(:translated_content) { 'Meine Statistik' }
+
+      it_behaves_like 'having translated content in', :active_content
+    end
+
+    context 'with overview page visited' do
+      let(:path) { 'ticket/view' }
+      let(:translated_content) { 'Meine zugewiesenen Tickets' }
+
+      it_behaves_like 'having translated content in the page title'
+      it_behaves_like 'having translated content in', :active_content
+    end
+
+    context 'with drafted ticket create' do
+      let(:path) { 'ticket/create' }
+      let(:title) { 'preferences lang check #1' }
+      let(:customer) { 'nicole' }
+      let(:translated_content) { "Anruf eingehend: #{title}" }
+
+      translated_element = '.newTicket .ticket-create'
+
+      before do
+        fill_in 'title', with: title
+        fill_in 'customer_id_completion', with: customer
+        send_keys(:enter, :tab)
+        find('[data-name="body"]').set(title)
+        select 'Users', from: 'group_id'
+      end
+
+      include_examples 'have translations in ticket page', translated_element
+    end
+
+    context 'with ticket zoom page' do
+      let(:path) { "ticket/zoom/#{ticket.id}" }
+      let(:title) { 'preferences lang check #2' }
+      let(:translated_content) { title }
+      let(:user_group) { Group.lookup(name: 'Users') }
+      let(:ticket) { create(:ticket, group: user_group, title: title) }
+
+      translated_element = '.content.active .sidebar-content'
+
+      include_examples 'have translations in ticket page', translated_element
+    end
+  end
+end
diff --git a/test/browser/preferences_language_test.rb b/test/browser/preferences_language_test.rb
deleted file mode 100644
index 708ce3177..000000000
--- a/test/browser/preferences_language_test.rb
+++ /dev/null
@@ -1,337 +0,0 @@
-# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
-
-require 'browser_test_helper'
-
-class PreferencesLanguageTest < TestCase
-
-  def test_lang_change
-    @browser = browser_instance
-    login(
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-    tasks_close_all
-
-    # start ticket create
-    ticket_create(
-      data:          {
-        customer: 'nicole',
-        group:    'Users',
-        title:    'preferences lang check #1',
-        body:     'preferences lang check #1',
-      },
-      do_not_submit: true,
-    )
-
-    # start ticket zoom
-    ticket_create(
-      data: {
-        customer: 'nicole',
-        group:    'Users',
-        title:    'preferences lang check #2',
-        body:     'preferences lang check #2',
-      },
-    )
-
-    # start user profile
-    user_open_by_search(
-      value: 'Nicole',
-    )
-
-    # start organization profile
-    organization_open_by_search(
-      value: 'Zammad Foundation',
-    )
-
-    click(css: 'a[href="#current_user"]')
-    click(css: 'a[href="#profile"]')
-    click(css: 'a[href="#profile/language"]')
-    select(
-      css:   '.js-language [name="locale"]',
-      value: 'Deutsch',
-    )
-    click(css: '.content.active button[type="submit"]')
-    watch_for(
-      css:   'body',
-      value: 'Sprache',
-    )
-
-    # check language in navbar
-    watch_for(
-      css:   '.js-menu',
-      value: 'Übersicht'
-    )
-
-    # check language in dashboard
-    click(css: '.js-menu a[href="#dashboard"]')
-    watch_for(
-      css:   '.content.active',
-      value: 'Meine Statistik'
-    )
-
-    # check language in overview
-    click(css: '.js-menu a[href="#ticket/view"]')
-    watch_for(
-      css:   '.content.active',
-      value: 'Meine'
-    )
-    verify_title(
-      value: 'Meine zugewiesenen',
-    )
-
-    # check language in ticket create
-    open_task(
-      data: {
-        title: 'Anruf',
-      }
-    )
-    verify_task(
-      data: {
-        title: 'Anruf',
-      }
-    )
-    open_task(
-      data: {
-        title: 'preferences lang check #1',
-      }
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'kunde'
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'priorität'
-    )
-    watch_for(
-      css:   '.content.active [data-name="body"]',
-      value: 'preferences lang check #1'
-    )
-    verify_title(
-      value: 'anruf',
-    )
-
-    # check language in ticket zoom
-    open_task(
-      data: {
-        title: 'preferences lang check #2',
-      }
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'erstellt'
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'priorität'
-    )
-
-    # check language in user profile
-    open_task(
-      data: {
-        title: 'Nicole',
-      }
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'notiz'
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'e-mail'
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'aktion'
-    )
-
-    # check language in organization profile
-    open_task(
-      data: {
-        title: 'Zammad',
-      }
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'notiz'
-    )
-
-    click(css: 'a[href="#current_user"]')
-    click(css: 'a[href="#profile"]')
-    click(css: 'a[href="#profile/language"]')
-    select(
-      css:   '.js-language [name="locale"]',
-      value: 'English (United States)',
-    )
-    click(css: '.content.active button[type="submit"]')
-    sleep 2
-    watch_for(
-      css:   'body',
-      value: 'Language',
-    )
-
-    # check language in navbar
-    watch_for(
-      css:   '.js-menu',
-      value: 'Overview'
-    )
-
-    # check language in dashboard
-    click(css: '.js-menu a[href="#dashboard"]')
-    watch_for(
-      css:   '.content.active',
-      value: 'My Stats'
-    )
-
-    # check language in overview
-    click(css: '.js-menu a[href="#ticket/view"]')
-    watch_for(
-      css:   '.content.active',
-      value: 'My'
-    )
-    verify_title(
-      value: 'My assig',
-    )
-
-    # check language in ticket create
-    open_task(
-      data: {
-        title: 'Call',
-      }
-    )
-    verify_task(
-      data: {
-        title: 'Call',
-      }
-    )
-    open_task(
-      data: {
-        title: 'preferences lang check #1',
-      }
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'customer'
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'priority'
-    )
-    watch_for(
-      css:   '.content.active [data-name="body"]',
-      value: 'preferences lang check #1'
-    )
-    verify_title(
-      value: 'call',
-    )
-
-    # check language in ticket zoom
-    open_task(
-      data: {
-        title: 'preferences lang check #2',
-      }
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'create'
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'priority'
-    )
-
-    # check language in user profile
-    open_task(
-      data: {
-        title: 'Nicole',
-      }
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'note'
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'email'
-    )
-
-    # check language in organization profile
-    open_task(
-      data: {
-        title: 'Zammad',
-      }
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'note'
-    )
-    watch_for(
-      css:   '.content.active',
-      value: 'action'
-    )
-
-    # switch to de again
-    click(css: 'a[href="#current_user"]')
-    click(css: 'a[href="#profile"]')
-    click(css: 'a[href="#profile/language"]')
-    sleep 4
-    select(
-      css:   '.js-language [name="locale"]',
-      value: 'Deutsch',
-    )
-    click(css: '.content.active button[type="submit"]')
-    sleep 4
-    watch_for(
-      css:   'body',
-      value: 'Sprache',
-    )
-    sleep 6
-
-    # check if language is still used after reload
-    reload
-    sleep 2
-
-    watch_for(
-      css:   'body',
-      value: 'Sprache',
-    )
-
-    # check language in navbar
-    watch_for(
-      css:   '.js-menu',
-      value: 'Übersicht'
-    )
-
-    # check language in dashboard
-    click(css: '.js-menu a[href="#dashboard"]')
-    watch_for(
-      css:   '.content.active',
-      value: 'Meine Statistik'
-    )
-
-    # check language in overview
-    click(css: '.js-menu a[href="#ticket/view"]')
-    watch_for(
-      css:   '.content.active',
-      value: 'Meine'
-    )
-
-    # switch to en again
-    click(css: 'a[href="#current_user"]')
-    click(css: 'a[href="#profile"]')
-    click(css: 'a[href="#profile/language"]')
-    select(
-      css:   '.js-language [name="locale"]',
-      value: 'English (United States)',
-    )
-    click(css: '.content.active button[type="submit"]')
-    sleep 2
-    watch_for(
-      css:   'body',
-      value: 'Language',
-    )
-
-  end
-
-end

From e6c3b07b0df59731819b8501282dd70122912e82 Mon Sep 17 00:00:00 2001
From: Bola Ahmed Buari <bb@zammad.com>
Date: Tue, 12 Oct 2021 16:16:59 +0200
Subject: [PATCH 61/65] Maintenance: Port old cti integration tests to
 capybara.

---
 script/build/test_slice_tests.sh         |  12 -
 spec/system/cti_spec.rb                  | 244 ++++++++++++++++---
 spec/system/sipgate_spec.rb              |  86 +++++++
 test/browser/integration_cti_test.rb     | 293 -----------------------
 test/browser/integration_sipgate_test.rb |  71 ------
 5 files changed, 294 insertions(+), 412 deletions(-)
 create mode 100644 spec/system/sipgate_spec.rb
 delete mode 100644 test/browser/integration_cti_test.rb
 delete mode 100644 test/browser/integration_sipgate_test.rb

diff --git a/script/build/test_slice_tests.sh b/script/build/test_slice_tests.sh
index 113b67233..a09020993 100755
--- a/script/build/test_slice_tests.sh
+++ b/script/build/test_slice_tests.sh
@@ -48,8 +48,6 @@ if [ "$LEVEL" == '1' ]; then
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
   # test/browser/manage_test.rb
-  rm test/browser/integration_sipgate_test.rb
-  rm test/browser/integration_cti_test.rb
   # test/browser/swich_to_user_test.rb
   # test/browser/taskbar_session_test.rb
   # test/browser/taskbar_task_test.rb
@@ -99,8 +97,6 @@ elif [ "$LEVEL" == '2' ]; then
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
   rm test/browser/manage_test.rb
-  rm test/browser/integration_sipgate_test.rb
-  rm test/browser/integration_cti_test.rb
   rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
@@ -150,8 +146,6 @@ elif [ "$LEVEL" == '3' ]; then
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
   rm test/browser/manage_test.rb
-  rm test/browser/integration_sipgate_test.rb
-  rm test/browser/integration_cti_test.rb
   rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
@@ -201,8 +195,6 @@ elif [ "$LEVEL" == '4' ]; then
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
   rm test/browser/manage_test.rb
-  rm test/browser/integration_sipgate_test.rb
-  rm test/browser/integration_cti_test.rb
   rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
@@ -251,8 +243,6 @@ elif [ "$LEVEL" == '5' ]; then
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
   rm test/browser/manage_test.rb
-  rm test/browser/integration_sipgate_test.rb
-  rm test/browser/integration_cti_test.rb
   rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
@@ -304,8 +294,6 @@ elif [ "$LEVEL" == '6' ]; then
   # test/browser/integration_test.rb
   # test/browser/keyboard_shortcuts_test.rb
   rm test/browser/manage_test.rb
-  # rm test/browser/integration_sipgate_test.rb
-  # rm test/browser/integration_cti_test.rb
   rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
diff --git a/spec/system/cti_spec.rb b/spec/system/cti_spec.rb
index c28f751de..7248d0abc 100644
--- a/spec/system/cti_spec.rb
+++ b/spec/system/cti_spec.rb
@@ -2,62 +2,234 @@
 
 require 'rails_helper'
 
-RSpec.describe 'Caller log', type: %i[system request] do
-  let(:admin) do
-    create(:admin, groups: Group.all)
-  end
-
-  let!(:customer) { create(:customer, phone: '0190333') }
+RSpec.describe 'Caller log', type: :system, authenticated_as: :agent do
+  let(:agent_phone) { '0190111' }
+  let(:customer_phone) { '0190333' }
+  let(:cti_token) { 'token1234' }
+  let(:agent) { create(:agent, phone: agent_phone) }
+  let(:customer) { create(:customer, phone: customer_phone) }
+  let(:cti_on) { true }
 
   let(:params) do
     {
       direction: 'in',
-      from:      '0190333',
-      to:        '0190111',
+      from:      customer.phone,
+      to:        agent_phone,
       callId:    '111',
-      cause:     'busy'
+      cause:     'busy',
     }
   end
 
-  def prepare
-    Setting.set('cti_integration', true)
-    Setting.set('cti_token', 'token1234')
-    current_user.update(phone: '0190111')
+  let(:first_params) { params.merge(event: 'newCall')  }
+  let(:second_params) { params.merge(event: 'hangup')  }
+
+  let(:place_call) do
+    post "#{Capybara.app_host}/api/v1/cti/#{cti_token}", params: first_params
+    post "#{Capybara.app_host}/api/v1/cti/#{cti_token}", params: second_params
   end
 
-  context 'without active tickets' do
-    it 'checks opening of the ticket creation screen after phone call inbound' do
-      prepare
+  let(:prepare) do
+    Setting.set('cti_integration', cti_on)
+    Setting.set('cti_token', cti_token)
+  end
 
-      travel(-2.months)
-      create(:ticket, customer: customer)
-      travel_back
+  before { prepare }
 
-      visit 'cti'
+  context 'when cti integration is on' do
+    it 'shows the phone menu in nav bar' do
 
-      post "#{Capybara.app_host}/api/v1/cti/token1234", params: params.merge(event: 'newCall'), as: :json
-      post "#{Capybara.app_host}/api/v1/cti/token1234", params: params.merge(event: 'answer', answeringNumber: '0190111'), as: :json
-
-      within(:active_content) do
-        expect(page).to have_text('New Ticket', wait: 5)
+      within '#navigation .menu' do
+        expect(page).to have_link('Phone', href: '#cti')
       end
     end
   end
 
-  context 'with active tickets' do
-    it 'checks opening of the user profile screen after phone call inbound with tickets in the last month' do
-      prepare
+  context 'when cti integration is not on' do
+    let(:cti_on) { false }
 
-      create(:ticket, customer: customer)
+    it 'does not show the phone menu in nav bar' do
 
-      visit 'cti'
-
-      post "#{Capybara.app_host}/api/v1/cti/token1234", params: params.merge(event: 'newCall'), as: :json
-      post "#{Capybara.app_host}/api/v1/cti/token1234", params: params.merge(event: 'answer', answeringNumber: '0190111'), as: :json
-
-      within(:active_content) do
-        expect(page).to have_text(customer.fullname, wait: 5)
+      within '#navigation .menu' do
+        expect(page).to have_no_link('Phone', href: '#cti')
       end
     end
   end
+
+  context 'when a customer call is answered' do
+    let(:second_params) { params.merge(event: 'answer', answeringNumber: agent_phone) }
+
+    context 'without active tickets' do
+      before do
+        travel(-2.months)
+        create(:ticket, customer: customer)
+        travel_back
+
+        visit 'cti'
+
+        place_call
+      end
+
+      it 'opens a new ticket after phone call inbound' do
+        within(:active_content) do
+          expect(page).to have_text('New Ticket')
+        end
+      end
+    end
+
+    context 'with active tickets' do
+      before do
+        create(:ticket, customer: customer)
+
+        visit 'cti'
+
+        place_call
+      end
+
+      it 'opens the customer profile screen after phone call inbound with tickets in the last month' do
+        within(:active_content) do
+          expect(page).to have_text(customer.fullname)
+        end
+      end
+    end
+  end
+
+  context 'with incoming call' do
+    before do
+      visit 'cti'
+      place_call
+    end
+
+    it 'increments the call counter notification badge' do
+      within '[href="#cti"].js-phoneMenuItem' do
+        counter = find('.counter')
+        expect(counter).to have_content 1
+      end
+    end
+  end
+
+  context 'when incoming call is checked' do
+    before do
+      visit 'cti'
+      place_call
+    end
+
+    it 'clears the call counter notification badge' do
+      within :active_content do
+        find('.table-checkbox input.js-check', visible: :all).check allow_label_click: true
+      end
+
+      within '[href="#cti"].js-phoneMenuItem' do
+        expect(page).to have_no_selector('.counter')
+      end
+    end
+  end
+
+  # Regression test for #2018
+  context 'phone numbers format' do
+    before do
+      visit 'cti'
+      place_call
+    end
+
+    context 'with private number' do
+      let(:customer_phone) { '007' }
+      let(:agent_phone) { '008' }
+
+      it 'appears verbatim' do
+
+        within :active_content do
+          expect(page).to have_selector('.js-callerLog', text: customer_phone)
+            .and have_selector('.js-callerLog', text: agent_phone)
+        end
+      end
+    end
+
+    context 'with e164 number' do
+      let(:customer_phone) { '4930609854180' }
+      let(:agent_phone) { '4930609811111' }
+      let(:prettified_customer_phone) { '+49 30 609854180' }
+      let(:prettified_current_user_phone) { '+49 30 609811111' }
+
+      it 'appears prettified' do
+        within :active_content do
+          expect(page).to have_selector('.js-callerLog', text: prettified_customer_phone)
+            .and have_selector('.js-callerLog', text: prettified_current_user_phone)
+        end
+      end
+
+      it 'done not appear verbatim' do
+        within :active_content do
+          expect(page).to have_no_selector('.js-callerLog', text: customer_phone)
+        end
+      end
+    end
+  end
+
+  # Regression test for #2096
+  context 'with inactive user' do
+    before do
+      visit 'cti'
+      place_call
+    end
+
+    let(:customer) do
+      create(:customer,
+             phone:     customer_phone,
+             active:    false,
+             firstname: 'John',
+             lastname:  'Doe')
+    end
+
+    it 'appears inactive' do
+      within :active_content do
+        expect(page).to have_selector('span.avatar--inactive', text: 'JD')
+      end
+    end
+  end
+
+  # Regression test for #2075
+  context 'when user is with organization name' do
+    before do
+      visit 'cti'
+      place_call
+    end
+
+    let(:firstname) { 'John' }
+    let(:lastname) { 'Doe' }
+    let(:organization_name) { 'Test Organization' }
+    let(:organization) { create(:organization, name: organization_name) }
+    let(:full_name) { "#{firstname} #{lastname}" }
+    let(:customer) do
+      create(:customer,
+             phone:        customer_phone,
+             firstname:    firstname,
+             lastname:     lastname,
+             organization: organization)
+    end
+
+    shared_examples 'showing user with thier organization name' do
+      it 'shows user with thier organization name' do
+        within :active_content do
+          expect(page).to have_selector(
+            '.js-callerLog tr div.user-popover',
+            text: "#{full_name} (#{organization_name})"
+          )
+        end
+      end
+    end
+
+    context 'with call direction out' do
+      let(:first_params) { params.merge(event: 'newCall', direction: 'out', from: agent_phone, to: customer.phone) }
+      let(:second_params) { params.merge(event: 'hangup', direction: 'out', from: agent_phone, to: customer.phone) }
+
+      it_behaves_like 'showing user with thier organization name'
+    end
+
+    context 'with call direction in' do
+      let(:first_params) { params.merge(event: 'newCall', direction: 'in') }
+      let(:second_params) { params.merge(event: 'hangup', direction: 'in') }
+
+      it_behaves_like 'showing user with thier organization name'
+    end
+  end
 end
diff --git a/spec/system/sipgate_spec.rb b/spec/system/sipgate_spec.rb
new file mode 100644
index 000000000..89abc9a83
--- /dev/null
+++ b/spec/system/sipgate_spec.rb
@@ -0,0 +1,86 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+require 'rails_helper'
+
+RSpec.describe 'Caller log', type: :system, authenticated_as: :agent do
+  let(:agent_phone) { '0190111' }
+  let(:customer_phone) { '0190333' }
+  let(:agent) { create(:agent, phone: agent_phone) }
+  let(:customer) { create(:customer, phone: customer_phone) }
+  let(:sipgate_on) { true }
+
+  let(:params) do
+    {
+      direction: 'in',
+      from:      customer.phone,
+      to:        agent_phone,
+      callId:    '111',
+      cause:     'busy',
+    }
+  end
+
+  let(:first_params) { params.merge(event: 'newCall')  }
+  let(:second_params) { params.merge(event: 'hangup')  }
+
+  let(:place_call) do
+    post "#{Capybara.app_host}/api/v1/sipgate/in", params: first_params
+    post "#{Capybara.app_host}/api/v1/sipgate/in", params: second_params
+  end
+
+  let(:prepare) do
+    Setting.set('sipgate_integration', sipgate_on)
+  end
+
+  before { prepare }
+
+  context 'when sipgate integration is on' do
+    it 'shows the phone menu in nav bar' do
+
+      within '#navigation .menu' do
+        expect(page).to have_link('Phone', href: '#cti')
+      end
+    end
+  end
+
+  context 'when sipgate integration is not on' do
+    let(:sipgate_on) { false }
+
+    it 'does not show the phone menu in nav bar' do
+
+      within '#navigation .menu' do
+        expect(page).to have_no_link('Phone', href: '#cti')
+      end
+    end
+  end
+
+  context 'with incoming call' do
+    before do
+      visit 'cti'
+      place_call
+    end
+
+    it 'increments the call counter notification badge' do
+      within '[href="#cti"].js-phoneMenuItem' do
+        counter = find('.counter')
+        expect(counter).to have_content 1
+      end
+    end
+  end
+
+  context 'when incoming call is checked' do
+    before do
+      visit 'cti'
+      place_call
+    end
+
+    it 'clears the call counter notification badge' do
+      within :active_content do
+        find('.table-checkbox input.js-check', visible: :all).check allow_label_click: true
+      end
+
+      within '[href="#cti"].js-phoneMenuItem' do
+        expect(page).to have_no_selector('.counter')
+      end
+    end
+  end
+end
diff --git a/test/browser/integration_cti_test.rb b/test/browser/integration_cti_test.rb
deleted file mode 100644
index 7340d85d6..000000000
--- a/test/browser/integration_cti_test.rb
+++ /dev/null
@@ -1,293 +0,0 @@
-# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
-
-require 'browser_test_helper'
-
-class IntegrationCtiTest < TestCase
-  setup do
-    if !ENV['CTI_TOKEN']
-      raise "ERROR: Need CTI_TOKEN - hint CTI_TOKEN='some_token'"
-    end
-
-  end
-
-  # Regression test for #2017
-  def test_nav_menu_notification_badge_clears
-    id = SecureRandom.uuid
-
-    @browser = browser_instance
-    login(
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-
-    click(css: 'a[href="#manage"]')
-    click(css: 'a[href="#system/integration"]')
-    click(css: 'a[href="#system/integration/cti"]')
-
-    switch(
-      css:  '.content.active .js-switch',
-      type: 'on'
-    )
-
-    watch_for(
-      css:     'a[href="#cti"]',
-      timeout: 4,
-    )
-
-    click(css: 'a[href="#cti"]')
-
-    call_counter = @browser.find_elements(css: '.js-phoneMenuItem .counter')
-                           .first&.text.to_i
-
-    # simulate cti callbacks
-    url = URI.join(browser_url, "api/v1/cti/#{ENV['CTI_TOKEN']}")
-    params = {
-      direction: 'in',
-      from:      '491715000002',
-      to:        '4930600000000',
-      callId:    "4991155921769858278-#{id}",
-      cause:     'busy'
-    }
-    Net::HTTP.post_form(url, params.merge(event: 'newCall'))
-    Net::HTTP.post_form(url, params.merge(event: 'hangup'))
-
-    # flanky
-    watch_for(
-      css:     '.js-phoneMenuItem .counter',
-      value:   (call_counter + 1).to_s,
-      timeout: 4,
-    )
-
-    check(css: '.content.active .table-checkbox input')
-
-    watch_for_disappear(
-      css:     '.js-phoneMenuItem .counter',
-      timeout: 15,
-    )
-
-    click(css: 'a[href="#manage"]')
-    click(css: 'a[href="#system/integration"]')
-    click(css: 'a[href="#system/integration/cti"]')
-
-    switch(
-      css:  '.content.active .js-switch',
-      type: 'off'
-    )
-  end
-
-  # Regression test for #2018
-  def test_e164_numbers_displayed_in_prettified_format
-    id = SecureRandom.uuid
-
-    @browser = browser_instance
-    login(
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-
-    click(css: 'a[href="#manage"]')
-    click(css: 'a[href="#system/integration"]')
-    click(css: 'a[href="#system/integration/cti"]')
-
-    switch(
-      css:  '.content.active .js-switch',
-      type: 'on'
-    )
-
-    watch_for(
-      css: 'a[href="#cti"]'
-    )
-
-    click(css: 'a[href="#cti"]')
-
-    # simulate cti callbacks...
-    url = URI.join(browser_url, "api/v1/cti/#{ENV['CTI_TOKEN']}")
-
-    # ...for private network number
-    params = {
-      direction: 'in',
-      from:      '007',
-      to:        '008',
-      callId:    "4991155921769858278-#{id}",
-      cause:     'busy'
-    }
-    Net::HTTP.post_form(url, params.merge(event: 'newCall'))
-    Net::HTTP.post_form(url, params.merge(event: 'hangup'))
-
-    # ...for e164 number
-    params = {
-      direction: 'in',
-      from:      '4930609854180',
-      to:        '4930609811111',
-      callId:    "4991155921769858278-#{id.next}",
-      cause:     'busy'
-    }
-    Net::HTTP.post_form(url, params.merge(event: 'newCall'))
-    Net::HTTP.post_form(url, params.merge(event: 'hangup'))
-
-    # view caller log
-    click(css: 'a[href="#cti"]')
-
-    # assertion: private network numbers appear verbatim
-    watch_for(
-      css:     '.content.active .js-callerLog',
-      value:   '007',
-      timeout: 3,
-    )
-
-    match(
-      css:   '.content.active .js-callerLog',
-      value: '008',
-    )
-
-    # assertion: E164 numbers appear prettified
-    match(
-      css:   '.content.active .js-callerLog',
-      value: '+49 30 609854180',
-    )
-
-    match(
-      css:   '.content.active .js-callerLog',
-      value: '+49 30 609811111',
-    )
-  end
-
-  # Regression test for #2096
-  def test_inactive_users_displayed_inactive_in_caller_log
-    id = SecureRandom.uuid
-
-    @browser = browser_instance
-    login(
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-
-    # create inactive user with phone number (via API)
-    user_create(
-      data: {
-        login:     'test_user',
-        firstname: 'John',
-        lastname:  'Doe',
-        phone:     '1234567890',
-        active:    false,
-      },
-    )
-
-    # enable CTI
-    click(css: 'a[href="#manage"]')
-    click(css: 'a[href="#system/integration"]')
-    click(css: 'a[href="#system/integration/cti"]')
-
-    switch(
-      css:  '.content.active .js-switch',
-      type: 'on'
-    )
-
-    watch_for(
-      css: 'a[href="#cti"]'
-    )
-
-    click(css: 'a[href="#cti"]')
-
-    # simulate CTI callback to/from inactive user
-    url = URI.join(browser_url, "api/v1/cti/#{ENV['CTI_TOKEN']}")
-    params = {
-      direction: 'in',
-      from:      '1234567890',
-      to:        '1234567890',
-      callId:    "4991155921769858278-#{id}",
-      cause:     'busy'
-    }
-    Net::HTTP.post_form(url, params.merge(event: 'newCall'))
-    Net::HTTP.post_form(url, params.merge(event: 'hangup'))
-
-    # view caller log
-    click(css: 'a[href="#cti"]')
-
-    # assertion: names appear in inactive
-    match(
-      css:   'span.avatar--inactive',
-      value: 'JD',
-    )
-  end
-
-  # Regression test for #2075
-  def test_caller_ids_include_organization_names
-    id = SecureRandom.uuid
-
-    @browser = browser_instance
-    login(
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-
-    # create user with organization (via API)
-    user_create(
-      data: {
-        login:        'test_user',
-        firstname:    'John',
-        lastname:     'Doe',
-        phone:        '1234567890',
-        organization: 'Zammad Foundation'
-      },
-    )
-
-    # enable CTI
-    click(css: 'a[href="#manage"]')
-    click(css: 'a[href="#system/integration"]')
-    click(css: 'a[href="#system/integration/cti"]')
-
-    switch(
-      css:  '.content.active .js-switch',
-      type: 'on'
-    )
-
-    watch_for(
-      css: 'a[href="#cti"]'
-    )
-
-    # view caller log
-    click(css: 'a[href="#cti"]')
-
-    # simulate CTI callbacks to/from target user
-    url = URI.join(browser_url, "api/v1/cti/#{ENV['CTI_TOKEN']}")
-    params = {
-      direction: 'out',
-      from:      '1234567890',
-      to:        '1234567890',
-      callId:    "4991155921769858278-#{id}",
-      cause:     'busy'
-    }
-    Net::HTTP.post_form(url, params.merge(event: 'newCall'))
-    Net::HTTP.post_form(url, params.merge(event: 'hangup'))
-
-    params = {
-      direction: 'in',
-      from:      '1234567890',
-      to:        '1234567890',
-      callId:    "4991155921769858278-#{id.next}",
-      cause:     'busy'
-    }
-    Net::HTTP.post_form(url, params.merge(event: 'newCall'))
-    Net::HTTP.post_form(url, params.merge(event: 'hangup'))
-
-    watch_for(
-      css: '.js-callerLog tr:nth-of-type(2)'
-    )
-
-    # assertions: Caller ID includes user organization
-    match(
-      css:   '.js-callerLog tr:first-of-type div.user-popover',
-      value: 'John Doe (Zammad Foundation)',
-    )
-
-    match(
-      css:   '.js-callerLog tr:last-of-type div.user-popover',
-      value: 'John Doe (Zammad Foundation)',
-    )
-  end
-end
diff --git a/test/browser/integration_sipgate_test.rb b/test/browser/integration_sipgate_test.rb
deleted file mode 100644
index 887621321..000000000
--- a/test/browser/integration_sipgate_test.rb
+++ /dev/null
@@ -1,71 +0,0 @@
-# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
-
-require 'browser_test_helper'
-
-class IntegrationSipgateTest < TestCase
-  # Regression test for #2017
-  def test_nav_menu_notification_badge_clears
-    id = SecureRandom.uuid
-
-    @browser = browser_instance
-    login(
-      username: 'admin@example.com',
-      password: 'test',
-      url:      browser_url,
-    )
-
-    click(css: 'a[href="#manage"]')
-    click(css: 'a[href="#system/integration"]')
-    click(css: 'a[href="#system/integration/sipgate"]')
-
-    switch(
-      css:  '.content.active .js-switch',
-      type: 'on'
-    )
-
-    watch_for(
-      css:     'a[href="#cti"]',
-      timeout: 4,
-    )
-
-    click(css: 'a[href="#cti"]')
-
-    call_counter = @browser.find_elements(css: '.js-phoneMenuItem .counter')
-                           .first&.text.to_i
-
-    # simulate cti callbacks
-    url = URI.join(browser_url, 'api/v1/sipgate/in')
-    params = {
-      direction: 'in',
-      from:      '491715000003',
-      to:        '4930600000004',
-      callId:    "4991155921769858279-#{id}",
-      cause:     'busy'
-    }
-    Net::HTTP.post_form(url, params.merge(event: 'newCall'))
-    Net::HTTP.post_form(url, params.merge(event: 'hangup'))
-
-    # flanky
-    watch_for(
-      css:     '.js-phoneMenuItem .counter',
-      value:   (call_counter + 1).to_s,
-      timeout: 4,
-    )
-
-    check(css: '.content.active .table-checkbox input')
-
-    watch_for_disappear(
-      css:     '.js-phoneMenuItem .counter',
-      timeout: 6,
-    )
-
-    click(css: 'a[href="#manage"]')
-    click(css: 'a[href="#system/integration"]')
-    click(css: 'a[href="#system/integration/sipgate"]')
-
-    switch(
-      css:  '.content.active .js-switch',
-      type: 'off'
-    )
-  end
-end

From 54417cd416169f38d5177c058f2fceaaac6fdced Mon Sep 17 00:00:00 2001
From: Martin Gruner <mg@zammad.com>
Date: Fri, 8 Oct 2021 08:23:20 +0200
Subject: [PATCH 62/65] Fixes #3794 - Example payload in webhook view leads to
 500 error

---
 app/controllers/webhooks_controller.rb |  4 +---
 spec/system/manage/webhooks_spec.rb    | 18 +++++++++++++++++-
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/app/controllers/webhooks_controller.rb b/app/controllers/webhooks_controller.rb
index 722931f2c..fc55e3586 100644
--- a/app/controllers/webhooks_controller.rb
+++ b/app/controllers/webhooks_controller.rb
@@ -4,9 +4,7 @@ class WebhooksController < ApplicationController
   prepend_before_action { authentication_check && authorize! }
 
   def preview
-    access_condition = Ticket.access_condition(current_user, 'read')
-
-    ticket = Ticket.where(access_condition).last
+    ticket = TicketPolicy::ReadScope.new(current_user).resolve.last
 
     render json:   JSON.pretty_generate({
                                           ticket:  TriggerWebhookJob::RecordPayload.generate(ticket),
diff --git a/spec/system/manage/webhooks_spec.rb b/spec/system/manage/webhooks_spec.rb
index 34081fa87..a257d8ebe 100644
--- a/spec/system/manage/webhooks_spec.rb
+++ b/spec/system/manage/webhooks_spec.rb
@@ -3,7 +3,23 @@
 require 'rails_helper'
 
 RSpec.describe 'Manage > Webhook', type: :system do
-  context 'deleting' do
+
+  context 'when showing the example payload' do
+
+    it 'shows correctly' do
+      visit '/#manage/webhook'
+
+      within :active_content do
+        click 'a[data-type="payload"]'
+      end
+
+      in_modal disappears: false do
+        expect(page).to have_text('X-Zammad-Trigger:')
+      end
+    end
+  end
+
+  context 'when deleting' do
     let!(:webhook) { create(:webhook) }
     let!(:trigger) { create(:trigger, perform: { 'notification.webhook' => { 'webhook_id' => webhook.id.to_s } }) }
 

From 16870853e1994e5a03b8d530532651eb7ba04b8d Mon Sep 17 00:00:00 2001
From: Thorsten Eckel <te@zammad.com>
Date: Tue, 12 Oct 2021 17:18:07 +0200
Subject: [PATCH 63/65] Follow up - d7cdb308dd21e0ac22ea72d22868fe4c4c9b15d6 -
 Maintenance: Remove wrongly re-added switch_to_user_test.rb in browser
 slicing.

---
 script/build/test_slice_tests.sh | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/script/build/test_slice_tests.sh b/script/build/test_slice_tests.sh
index a09020993..b40e9d2ed 100755
--- a/script/build/test_slice_tests.sh
+++ b/script/build/test_slice_tests.sh
@@ -97,7 +97,6 @@ elif [ "$LEVEL" == '2' ]; then
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
   rm test/browser/manage_test.rb
-  rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
   # test/browser/user_access_permissions_test.rb
@@ -146,7 +145,6 @@ elif [ "$LEVEL" == '3' ]; then
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
   rm test/browser/manage_test.rb
-  rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
   rm test/browser/user_access_permissions_test.rb
@@ -195,7 +193,6 @@ elif [ "$LEVEL" == '4' ]; then
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
   rm test/browser/manage_test.rb
-  rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
   rm test/browser/user_access_permissions_test.rb
@@ -243,7 +240,6 @@ elif [ "$LEVEL" == '5' ]; then
   rm test/browser/integration_test.rb
   rm test/browser/keyboard_shortcuts_test.rb
   rm test/browser/manage_test.rb
-  rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
   rm test/browser/user_access_permissions_test.rb
@@ -294,7 +290,6 @@ elif [ "$LEVEL" == '6' ]; then
   # test/browser/integration_test.rb
   # test/browser/keyboard_shortcuts_test.rb
   rm test/browser/manage_test.rb
-  rm test/browser/switch_to_user_test.rb
   rm test/browser/taskbar_session_test.rb
   rm test/browser/taskbar_task_test.rb
   rm test/browser/user_access_permissions_test.rb

From c435fa4b23fb23ea54eae3399ff85edde5558709 Mon Sep 17 00:00:00 2001
From: Thorsten Eckel <te@zammad.com>
Date: Wed, 13 Oct 2021 08:44:52 +0200
Subject: [PATCH 64/65] Maintenance: Bumped Puma to 4.3.10 to resolve
 CVE-2021-41136.

---
 Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index e95bab86a..bb2c8c38d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -423,7 +423,7 @@ GEM
       binding_of_caller (~> 1.0)
       pry (~> 0.13)
     public_suffix (4.0.6)
-    puma (4.3.8)
+    puma (4.3.10)
       nio4r (~> 2.0)
     pundit (2.1.1)
       activesupport (>= 3.0.0)

From 2bd4ceeedfb999d4e948b8aa8b91a759eb7a4c1b Mon Sep 17 00:00:00 2001
From: Dominik Klein <dk@zammad.com>
Date: Thu, 30 Sep 2021 15:57:39 +0200
Subject: [PATCH 65/65] Fixes #3733 - Simple quote characters (`'`) not
 properly displayed.

---
 .../_application_ui_element.coffee            |  6 +++---
 .../app/views/data_privacy/preview.jst.eco    |  2 +-
 spec/system/ticket/create_spec.rb             | 19 +++++++++++++++++++
 3 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/app/assets/javascripts/app/controllers/_ui_element/_application_ui_element.coffee b/app/assets/javascripts/app/controllers/_ui_element/_application_ui_element.coffee
index 9c48d193b..4a950bc02 100644
--- a/app/assets/javascripts/app/controllers/_ui_element/_application_ui_element.coffee
+++ b/app/assets/javascripts/app/controllers/_ui_element/_application_ui_element.coffee
@@ -46,7 +46,7 @@ class App.UiElement.ApplicationUiElement
     result = []
     for row in selection
       if attribute.translate
-        row.name = App.i18n.translateInline(row.name)
+        row.name = App.i18n.translatePlain(row.name)
         if !_.isEmpty(row.children)
           row.children = @getConfigOptionListArray(attribute, row.children)
       result.push row
@@ -65,7 +65,7 @@ class App.UiElement.ApplicationUiElement
       for key in order
         name_new = selection[key]
         if attribute.translate
-          name_new = App.i18n.translateInline(name_new)
+          name_new = App.i18n.translatePlain(name_new)
         attribute.options.push {
           name:  name_new
           value: key
@@ -162,7 +162,7 @@ class App.UiElement.ApplicationUiElement
           nameNew = item.name
 
         if attribute.translate
-          nameNew = App.i18n.translateInline(nameNew)
+          nameNew = App.i18n.translatePlain(nameNew)
 
         row =
           value: item.id,
diff --git a/app/assets/javascripts/app/views/data_privacy/preview.jst.eco b/app/assets/javascripts/app/views/data_privacy/preview.jst.eco
index 02856323a..90a19c95d 100644
--- a/app/assets/javascripts/app/views/data_privacy/preview.jst.eco
+++ b/app/assets/javascripts/app/views/data_privacy/preview.jst.eco
@@ -14,7 +14,7 @@
   </div>
   <div class="form-group js-sure">
     <h3 class="danger-color"><%- @T('Warning') %></h3>
-    <p class="danger-color"><%- @T('There is no rollback of this deletion possible. If you are absolutely sure to do this, then type in "%s" into the input.', App.i18n.translateInline('delete').toUpperCase()) %></p>
+    <p class="danger-color"><%- @T('There is no rollback of this deletion possible. If you are absolutely sure to do this, then type in "%s" into the input.', App.i18n.translatePlain('delete').toUpperCase()) %></p>
     <%- @sure_html %>
   </div>
 </div>
diff --git a/spec/system/ticket/create_spec.rb b/spec/system/ticket/create_spec.rb
index f4776874b..28ad4af66 100644
--- a/spec/system/ticket/create_spec.rb
+++ b/spec/system/ticket/create_spec.rb
@@ -562,6 +562,25 @@ RSpec.describe 'Ticket Create', type: :system do
     end
   end
 
+  context 'when state options have a special translation', authenticated_as: :authenticate do
+    let(:admin_de) { create(:admin, preferences: { locale: 'de-de' }) }
+
+    context 'when translated state option has a single quote' do
+      def authenticate
+        open_tranlation = Translation.where(locale: 'de-de', source: 'open')
+        open_tranlation.update(target: "off'en")
+
+        admin_de
+      end
+
+      it 'shows the translated state options correctly' do
+        visit 'ticket/create'
+
+        expect(page).to have_select('state_id', with_options: ["off'en"])
+      end
+    end
+  end
+
   describe 'It should be possible to show attributes which are configured shown false #3726', authenticated_as: :authenticate, db_strategy: :reset do
     let(:field_name) { SecureRandom.uuid }
     let(:field) do