Conversation Extensions Guidelines

Conversation extensions are custom interactive interfaces that overlay the conversation display. They are designed to enrich conversations by enabling more than just simple question-and-answer interactions.

For information on how to implement and manage conversation extensions, see Conversation Extensions.

Webview usage guidelines

Webviews used in Conversation Extensions support the DOM Storage API, enabling the use of localStorage.

Storage used by JavaScript APIs is automatically cleared on successful logout to protect user data. For unauthenticated users, explicitly calling WebStorage.getInstance().deleteAllData() is recommended to clear stored data.

Security guidelines for enabling JavaScript in web views

While JavaScript is enabled by default in web views for Conversation Extensions, it is recommended to follow these best practices to ensure security and performance:

• Enable JavaScript Only When Necessary: Only use JavaScript for web views that require it to function. Avoid enabling it for static content to reduce potential vulnerabilities.

• Sanitize User Input: Ensure that all user inputs are properly sanitized to prevent cross-site scripting (XSS) attacks.

• Use Secure Communication: Always load web view content over HTTPS to protect against man-in-the-middle attacks.

• Restrict External Content: Limit the domains and resources that can be loaded in the web view to trusted sources only.

• Monitor Performance: Test the performance of web views with JavaScript enabled to ensure a smooth user experience.

By adhering to these guidelines, you can safely leverage JavaScript in web views while maintaining a secure and efficient environment.