AMP signal collection frame#6830
AMP signal collection frame#6830keithwrightbos wants to merge 9 commits intoampproject:masterfrom google:a4a_signal_collection_frame
Conversation
…l_collection_frame
…l_collection_frame
…l_collection_frame
|
@keithwrightbos Top-level question: is this mostly the same code as we had https://github.com/ampproject/amphtml/blob/master/src/document-click.js ? I can't find where we removed it and why... |
| 'CLICK_Y': () => { | ||
| return e.pageY; | ||
| }, | ||
| 'POSTMESSAGE': (origin, varName) => { |
There was a problem hiding this comment.
Are we going to make this genetic to any postmessage?
- If we are, then there are other security issues to be considered.
- If not, I suggest making it
BG_SIGNAL(type), which is more specific and reduces chance of mis-use.
There was a problem hiding this comment.
Its not really "generic" to any postmessage given the above code restricts populating the postmessage data by messages coming from an iframe within an amp-signal-collection-frame element. I could rename but was just trying to match the i2i #3665 . Thoughts?
| */ | ||
| export const MESSAGE_INTERVAL_MS = 100; | ||
|
|
||
| export class AmpSignalCollectionFrame extends AMP.BaseElement { |
There was a problem hiding this comment.
have we considered having the logic as a part of the doubleclick A4A extension? an extra extension means extra latency.
of course, probably I should ask this first: is it possible for doubleclick A4A to load a creative with AmpSignalCollectionFrame of other type?
There was a problem hiding this comment.
This will be shared across AdSense and Doubleclick and potentially other networks that could return a creative from either of those networks so having it in A4A abstract element makes the most sense IMO. Let's discuss offline.
There was a problem hiding this comment.
IIRC the resolution of this was to keep separate, but may be thinking of a distinct/similar issue. Confirm please?
| } | ||
| // Only allow messages from child iframe whose parent is an | ||
| // amp-signal-collection-frame element. | ||
| const frames = iframeWin.document |
There was a problem hiding this comment.
let's cache the results for the sake of performance
There was a problem hiding this comment.
The reason not to cache is that attachment of the iframe within amp-signal-collection-frame is done within layoutCallback of that element. Given it will have a lower priority (2) it is likely it will be appended AFTER registerExpandUrlParams_ executes. I also want to allow for the possibility that multiple amp-signal-collection-frame elements exist within the AMP creative so its not sufficient to use the result of querySelectorAll after the first post message. I suppose I could verify the count of iframes = count of total amp signal collection frames and cache at that time... just not sure its worth it. Thoughts?
| // Place listener on outer document and use capture to ensure data is | ||
| // always collected. | ||
| this.unlisteners_.push( | ||
| listen(this.element.ownerDocument.documentElement, name, e => { |
There was a problem hiding this comment.
do we allow multiple SignalCollectionFrames in a single creative? If so, should we reuse the listeners for the sake of performance?
| } | ||
|
|
||
| sendPostMessage(win, message) { | ||
| win./*REVIEW*/postMessage(message, '*'); |
There was a problem hiding this comment.
for safety, we can use explicit target origin here.
| JSON.stringify({'collection-events': events})); | ||
| events = {}; | ||
| } | ||
| }, MESSAGE_INTERVAL_MS); |
There was a problem hiding this comment.
did you think of using rate-limit.js ?
| /** @type {Object<string, Object<string, string>>} */ | ||
| const messages = {}; | ||
| // Listen for messages to creative friendly frame. | ||
| this.unlisteners_.push(listen(iframeWin, 'message', evt => { |
There was a problem hiding this comment.
if we're eventually having a new extension, i'd prefer all the logic go there.
|
@dvoytenko responding to Top-level question: is this mostly the same code as we had https://github.com/ampproject/amphtml/blob/master/src/document-click.js? It was removed due to concerns that anchors not within AMP creatives could be modified. @cramforce isolated it to only the AMP creative iframe within amp-a4a.js and I have an outstanding issue #6385 assigned to @lannka to ensure it is ported to AMP-inabox runtime. |
cramforce
left a comment
There was a problem hiding this comment.
Does the current design allow for a single signal collection iframe per page instead of one per ad?
| }; | ||
| // For now we only allow to replace the vars defined items and nothing else. | ||
| // NOTE: Addition to this whitelist requires additional review. | ||
| const whitelist = {}; |
| try { | ||
| if (frame.contentWindow == evt.source) { | ||
| const originUrl = parseUrl(evt.origin); | ||
| messages[originUrl.hostname.toUpperCase()] = |
| /** @type {Object<string, Object<string, string>>} */ | ||
| const messages = {}; | ||
| // Listen for messages to creative friendly frame. | ||
| this.unlisteners_.push(listen(iframeWin, 'message', evt => { |
There was a problem hiding this comment.
Lets factor this into a specific method.
tdrl
left a comment
There was a problem hiding this comment.
Still reviewing, but have gotten preempted by other things today.
| this.xOriginIframeHandler_ = null; | ||
| } | ||
| this.layoutMeasureExecuted_ = false; | ||
| this.unlisteners_.forEach(unlistener => unlistener); |
There was a problem hiding this comment.
Sorry if this is JS-naive, but... Not clear what this is doing. Shouldn't it be .foreach(unlistener => unlistener())?
|
design changed. closing this for now. |
To be included in valid AMP A4A ad content allowing for click url augmentation based on custom javascript execution within a cross domain iframe. Note the following: