Skip to content

Pplt 4949 add cors iframe handling and multi dom width config#2121

Draft
bhokaremoin wants to merge 7 commits intomasterfrom
PPLT-4949-add-cors-iframe-handling-and-multi-dom-width-config
Draft

Pplt 4949 add cors iframe handling and multi dom width config#2121
bhokaremoin wants to merge 7 commits intomasterfrom
PPLT-4949-add-cors-iframe-handling-and-multi-dom-width-config

Conversation

@bhokaremoin
Copy link
Contributor

No description provided.

- Add GET /percy/widths-config endpoint to compute responsive widths
- Implement computeResponsiveWidths() in core utils for width/height calculation
- Add getResponsiveWidths() SDK method to fetch computed widths
- Mobile device widths include height, other widths are height-agnostic
- Returns widths sorted in ascending order
- Add processCorsIframes and processCorsIframesInDomSnapshot utilities in utils.js
- Add appendUrlSearchParam utility for adding query parameters to URLs
- Integrate CORS iframe processing in snapshot method before validation
- Process iframe resources and update HTML src attributes with width-aware URLs
- Support both single domSnapshot object and array of domSnapshots
Comment on lines +77 to +79
const regex = new RegExp(
`(<iframe[^>]*data-percy-element-id=["']${iframeData.percyElementId}["'][^>]*>)`
);

Check warning

Code scanning / Semgrep OSS

Semgrep Finding: javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp Warning

RegExp() called with a domSnapshot function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant