fix: sanitize class string more #925

pauldambra · 2023-12-06T23:23:36Z

We are very intolerant of class strings that contain multiple spaces, tabs, or new lines when processing autocapture.

Technically the class attribute should always be a space separated set of strings, but computers let you generate all kinds of HTML 🙈

Follow-up to #919

This sanitizes the class string in more places so that we generate a working elements chain string even with an invalid css class.

pauldambra · 2023-12-06T23:24:44Z

@tiina303 since this touches an area you're actively working on.

I tried to keep a minimal change so hopefully I can fix the issue in PostHog/posthog#19068 without clashing with your work

github-actions · 2023-12-06T23:26:05Z

Size Change: +460 B (0%)

Total Size: 745 kB

Filename	Size	Change
`dist/array.full.js`	176 kB	+115 B (0%)
`dist/array.js`	118 kB	+115 B (0%)
`dist/es.js`	118 kB	+115 B (0%)
`dist/module.js`	118 kB	+115 B (0%)

ℹ️ View Unchanged

Filename	Size
`dist/exception-autocapture.js`	12 kB
`dist/recorder-v2.js`	104 kB
`dist/recorder.js`	58.4 kB
`dist/surveys.js`	41.5 kB

_{compressed-size-action}

tiina303

honestly I know very little of this, I was mainly just moving code around. Let's make sure we mirror in plugin-server side & maybe add comments to keep in sync

davemurphysf

The implementation looks fine, but we should test for all the acceptable whitespace characters

davemurphysf · 2023-12-07T17:10:12Z

src/__tests__/autocapture.test.ts

+        it('returns elementsChain correctly with newlines in css', () => {
+            const elTarget = document.createElement('a')
+            elTarget.setAttribute('href', 'http://test.com')
+            elTarget.setAttribute('class', 'test-class\n test-class2 test-class3       test-class4  \r\n test-class5')


Can you add \t and \f characters in here, just for completeness sake?

davemurphysf

LGTM

fix: sanitize class string more

ac063e3

pauldambra requested a review from a team December 6, 2023 23:23

pauldambra added 2 commits December 6, 2023 23:26

fix

261a8ae

format comment

f989ac3

daibhin approved these changes Dec 7, 2023

View reviewed changes

tiina303 requested a review from davemurphysf December 7, 2023 12:42

tiina303 approved these changes Dec 7, 2023

View reviewed changes

davemurphysf reviewed Dec 7, 2023

View reviewed changes

extend tests

13800d5

davemurphysf approved these changes Dec 7, 2023

View reviewed changes

pauldambra added the bump patch Bump patch version when this PR gets merged label Dec 7, 2023

pauldambra merged commit 7ee1b74 into master Dec 7, 2023
13 checks passed

pauldambra deleted the fix/more-class-sanitization branch December 7, 2023 18:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: sanitize class string more #925

fix: sanitize class string more #925

pauldambra commented Dec 6, 2023

pauldambra commented Dec 6, 2023

github-actions bot commented Dec 6, 2023 •

edited

Loading

tiina303 left a comment •

edited

Loading

davemurphysf left a comment

davemurphysf Dec 7, 2023

davemurphysf left a comment

fix: sanitize class string more #925

fix: sanitize class string more #925

Conversation

pauldambra commented Dec 6, 2023

pauldambra commented Dec 6, 2023

github-actions bot commented Dec 6, 2023 • edited Loading

tiina303 left a comment • edited Loading

Choose a reason for hiding this comment

davemurphysf left a comment

Choose a reason for hiding this comment

davemurphysf Dec 7, 2023

Choose a reason for hiding this comment

davemurphysf left a comment

Choose a reason for hiding this comment

github-actions bot commented Dec 6, 2023 •

edited

Loading

tiina303 left a comment •

edited

Loading