Skip to content

Fix some JS issues #11250

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mekarpeles merged 6 commits into from
Sep 11, 2025
Merged

Fix some JS issues #11250

mekarpeles merged 6 commits into from
Sep 11, 2025

Conversation

@cdrini
Copy link
Collaborator

@cdrini cdrini commented Sep 10, 2025
edited
Loading

Fixes:

  • An XSS vulnerability (patch deployed)
  • Some updates to some outdated dependencies
  • Fixes a bug where it seems like our workbox/service worker config wasn't initializing properly? So that should start working now as well.

Technical

Testing

Patch deployed for the security fix, and otherwise up on testing.

  • ✅ Confirm barcodescanner works
  • ✅ No more error when trying to load the service worker!

Before:
image

Screenshot

Stakeholders

@cdrini cdrini added Patch Deployed This PR has been deployed to production independently, outside of the regular deploy cycle. Priority: 1 Do this week, receiving emails, time sensitive, . [managed] labels Sep 10, 2025
@cdrini cdrini marked this pull request as ready for review September 10, 2025 19:13
Copilot AI review requested due to automatic review settings September 10, 2025 19:13
Copilot AI reviewed Sep 10, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR addresses security vulnerabilities, updates dependencies, and fixes PWA configuration issues. The changes include fixing an XSS vulnerability in the barcode scanner, updating Jest and related testing dependencies to newer versions, and correcting the webpack configuration for proper PWA initialization.

  • Fixed XSS vulnerability by validating returnTo parameter in BarcodeScanner component
  • Updated Jest from 29.7.0 to 30.0.5 and other testing-related dependencies
  • Removed problematic webpack library configuration that was preventing PWA functionality

Reviewed Changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
openlibrary/components/BarcodeScanner.vue Added URL validation to prevent XSS via returnTo parameter
package.json Updated Jest, stylelint, and workbox dependencies; added dependency overrides
webpack.config.js Removed library configuration that was interfering with PWA setup
openlibrary/plugins/openlibrary/js/SearchBar.js Added getCurUrl() method for better testability
tests/unit/js/SearchBar.test.js Refactored test to use stubbed method instead of mocking window.location

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

cdrini
cdrini commented Sep 11, 2025
View reviewed changes
@mekarpeles mekarpeles merged commit dbeb2cf into internetarchive:master Sep 11, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mekarpeles mekarpeles mekarpeles left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

Patch Deployed This PR has been deployed to production independently, outside of the regular deploy cycle. Priority: 1 Do this week, receiving emails, time sensitive, . [managed]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cdrini @mekarpeles