New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MWPW-159191: MAS Freyja support #3209

Open

yesil wants to merge 147 commits into ccd from MWPW-159191

+2,178 −1,840

Contributor

yesil commented Nov 18, 2024 •

edited

Loading

Resolves: MWPW-159191

In this PR, I also removed the ccd-action variant that was merged for the initial MAS POC.

Depends on: #3135

Test URLs:

Axelcureno and others added 30 commits

October 22, 2024 20:11


          MWPW-157100: Merch card headers as p tags for Accessibility

1f587d6


          make mini-compare footer rows unordered list for accessiblity

bf074c6


          dummy commit

a3a8824


          Revert "dummy commit"

1d2d5bf

This reverts commit a3a8824.


          remive tabindex=0 as the attributes from merchcard div

664a78b


          fresh commit with same changes as commit 1 after resolving the merge …

d104ec4

…conflict


          Merge branch 'MWPW-157451' of https://github.com/rohitsahu/milo into …

f8ba10f

…MWPW-157451

# Conflicts:
#	libs/deps/mas/mas.js
#	libs/deps/mas/merch-card.js
#	libs/features/mas/mas/dist/mas.js


          Merge branch 'stage' into MWPW-157100

dc69042


          font weigth bold

a6feab6


          logic for first heading as h3

5d2deb7


          Update merch-card.js

6bea815


          Update merch-card.js

a47660a


          Update merch-card.js

95edff8


          Update merch-card.js

cce40a0


          Update merch-card.js

d5d74aa


          Update merch-card.js

263ccd3


          fix fonts & add badge

e827877


          fix merge issue

0d9afff


          switch to odin prod

ad438dc


          remove banner

f78b195


          fix typo

53a4864


          fix flacky test

c4da209


          MWPW-159374: Update hydrate logic

to support all cta styles
organise code and code coverage

Update tests


          add workaround for ccd-suggested cards

33e802c


          remove source maps

71d34fb


          unti tests and NLE

72e8850


          improve code coverage

05d6b03


          fixed headings in ut

4db7009


          Merge remote-tracking branch 'upstream/stage' into MWPW-160511-badge

5dc725b


          Merge branch 'stage' of github.com:adobecom/milo into MWPW-159374

804dfe2

yesil added 13 commits

November 15, 2024 11:47


          update doc

1e314be


          fix css with checkout-link

40368bb


          Merge branch 'MWPW-161355' into ccd

382c69e


          fix random rtl issue

e83b466


          fix random rtl issue

2bf2227

WIP

6d04d85


          initial working freyja support

d048d73


          fix tests

75323d2


          fix tests

1d7d02b


          fix cache

4f6b0aa


          optimize build size

7487f9a


          revert removal of mas.js from deps

9b0cbde


          Merge branch 'MWPW-161355' into MWPW-159191

c94803e

yesil requested a review from a team as a code owner

November 18, 2024 10:39

Contributor

aem-code-sync bot commented Nov 18, 2024

Hello, I'm the AEM Code Sync Bot and I will run some actions to deploy your branch and validate page speed.
In case there are problems, just click a checkbox below to rerun the respective action.

Re-run PSI checks
Re-sync branch

Commits

804dfe2 ❌ (latest)
5dc725b ❌
4db7009 ❌
05d6b03 ❌
72e8850 ❌
71d34fb ❌
33e802c ❌
9037667 ❌
c4da209 ❌
53a4864 ❌
f78b195 ❌
ad438dc ❌
0d9afff ❌
e827877 ❌
263ccd3 ❌
d5d74aa ❌
cce40a0 ❌
95edff8 ❌
a47660a ❌
6bea815 ❌
5d2deb7 ❌
a6feab6 ❌
dc69042 ❌
f8ba10f ❌
d104ec4 ❌
664a78b ❌
1d2d5bf ❌
a3a8824 ❌
bf074c6 ❌
1f587d6 ❌

Contributor

aem-code-sync bot commented Nov 18, 2024

	Page	Scores	Audits	Google
📱	/libs/features/mas/docs/ccd.html?martech=off
🖥️	/libs/features/mas/docs/ccd.html?martech=off

github-actions bot reviewed

View reviewed changes

Contributor

github-actions bot left a comment

Remaining comments which cannot be posted as a review comment to avoid GitHub Rate Limit

eslint

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

https://github.com/adobecom/milo/blob/c94803ea35ca77a7f961f4eab20f016ddd322e01/libs/features/mas/web-components/src/merch-card.js

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

https://github.com/adobecom/milo/blob/c94803ea35ca77a7f961f4eab20f016ddd322e01/libs/features/mas/web-components/src/utils.js

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

https://github.com/adobecom/milo/blob/c94803ea35ca77a7f961f4eab20f016ddd322e01/libs/features/mas/web-components/src/variants/ccd-slice.js

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

https://github.com/adobecom/milo/blob/c94803ea35ca77a7f961f4eab20f016ddd322e01/libs/features/mas/web-components/src/variants/mini-compare-chart.css.js

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

https://github.com/adobecom/milo/blob/c94803ea35ca77a7f961f4eab20f016ddd322e01/libs/features/mas/web-components/src/variants/mini-compare-chart.js

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

https://github.com/adobecom/milo/blob/c94803ea35ca77a7f961f4eab20f016ddd322e01/libs/features/mas/web-components/src/variants/variant-layout.js

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

https://github.com/adobecom/milo/blob/c94803ea35ca77a7f961f4eab20f016ddd322e01/libs/features/mas/web-components/src/variants/variants.js

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

https://github.com/adobecom/milo/blob/c94803ea35ca77a7f961f4eab20f016ddd322e01/libs/features/mas/web-components/test/aem-fragment.test.html.js

github-actions bot reviewed

View reviewed changes

libs/deps/mas/commerce.js

Contributor

github-actions bot Nov 18, 2024

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

github-actions bot reviewed

View reviewed changes

libs/deps/mas/mas.js

Contributor

github-actions bot Nov 18, 2024

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

github-actions bot reviewed

View reviewed changes

libs/deps/mas/merch-card.js

Contributor

github-actions bot Nov 18, 2024

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

github-actions bot reviewed

View reviewed changes

libs/features/mas/commerce/src/inline-price.js

Contributor

github-actions bot Nov 18, 2024

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

github-actions bot reviewed

View reviewed changes

libs/features/mas/commerce/test/price.test.js

Contributor

github-actions bot Nov 18, 2024

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

github-actions bot reviewed

View reviewed changes

libs/features/mas/mas/dist/mas.js

Contributor

github-actions bot Nov 18, 2024

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

github-actions bot reviewed

View reviewed changes

libs/features/mas/mocks/aem.js

Contributor

github-actions bot Nov 18, 2024

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

github-actions bot reviewed

View reviewed changes

libs/features/mas/web-components/src/aem-fragment.js

Contributor

github-actions bot Nov 18, 2024

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

github-actions bot reviewed

View reviewed changes

libs/features/mas/web-components/src/global.css.js

Contributor

github-actions bot Nov 18, 2024

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

github-actions bot reviewed

View reviewed changes

libs/features/mas/web-components/src/hydrate.js

Contributor

github-actions bot Nov 18, 2024

⚠️ [eslint] _{reported by reviewdog 🐶}
File ignored because of a matching ignore pattern. Use "--no-ignore" to override.

codecov bot commented Nov 18, 2024 •

edited

Loading

Codecov Report

Attention: Patch coverage is 97.86585% with 7 lines in your changes missing coverage. Please review.

Project coverage is 96.31%. Comparing base (6f4d98c) to head (c94803e).

Files with missing lines	Patch %	Lines
...bs/features/mas/web-components/src/aem-fragment.js	95.18%	4 Missing ⚠️
libs/features/mas/web-components/src/hydrate.js	94.23%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##              ccd    #3209      +/-   ##
==========================================
- Coverage   96.37%   96.31%   -0.07%     
==========================================
  Files         245      243       -2     
  Lines       56716    56815      +99     
==========================================
+ Hits        54661    54720      +59     
- Misses       2055     2095      +40

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

github-advanced-security bot found potential problems

View reviewed changes

libs/features/mas/web-components/src/hydrate.js

                       switch (variant) {
                           case 'ccd-slice':
                               if (backgroundImageConfig) {
                                   merchCard.append(
                                       createTag(
                                           backgroundImageConfig.tag,
                                           { slot: backgroundImageConfig.slot },
-                                          `<img loading="lazy" src="${fragment.backgroundImage}" />`,
+                                          `<img loading="lazy" src="${fields.backgroundImage}" />`,

Check warning

Code scanning / CodeQL

Unsafe HTML constructed from library input Medium

This HTML construction which depends on

library input

might later allow

cross-site scripting

.
This HTML construction which depends on

library input

might later allow

cross-site scripting

.

Copilot Autofix AI about 3 hours ago

To fix the problem, we need to ensure that the fields.backgroundImage value is sanitized before being inserted into the HTML. This can be done by using a library like DOMPurify to sanitize the input or by creating a safe DOM element and setting its attributes directly.

The best way to fix this without changing existing functionality is to use the DOMPurify library to sanitize the fields.backgroundImage value before inserting it into the HTML. This ensures that any potentially malicious content is removed.

Suggested changeset 2

libs/features/mas/web-components/src/hydrate.js

@@ -1,2 +1,3 @@
             import { createTag } from './utils.js';
+            import DOMPurify from 'dompurify';
@@ -93,3 +94,3 @@
                                         { slot: backgroundImageConfig.slot },
-                                        `<img loading="lazy" src="${fields.backgroundImage}" />`,
+                                        `<img loading="lazy" src="${DOMPurify.sanitize(fields.backgroundImage)}" />`,
                                     ),

libs/features/mas/web-components/package.json

Outside changed files

@@ -20,2 +20,3 @@
                 "dependencies": {
+                "dompurify": "^3.2.0"
                 },

This fix introduces these dependencies

Package	Version	Security advisories
dompurify (npm)	3.2.0	None

Copilot is powered by AI and may make mistakes. Always verify output.

yesil added the commerce label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels