Validate required fields in corsIframes entries to avoid throwing on malformed input#2125
Merged
bhokaremoin merged 3 commits intoPPLT-4949-add-cors-iframe-handling-and-multi-dom-width-configfrom Feb 28, 2026
Conversation
…sInDomSnapshot Co-authored-by: bhokaremoin <75439850+bhokaremoin@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Update responsive widths config endpoint and CORS processing
Validate required fields in corsIframes entries to avoid throwing on malformed input
Feb 28, 2026
bhokaremoin
approved these changes
Feb 28, 2026
5ac3cb8
into
PPLT-4949-add-cors-iframe-handling-and-multi-dom-width-config
35 of 36 checks passed
prklm10
pushed a commit
that referenced
this pull request
Mar 10, 2026
…g to core (#2121) * feat: add responsive widths endpoint for multi-DOM capture - Add GET /percy/widths-config endpoint to compute responsive widths - Implement computeResponsiveWidths() in core utils for width/height calculation - Add getResponsiveWidths() SDK method to fetch computed widths - Mobile device widths include height, other widths are height-agnostic - Returns widths sorted in ascending order * adding unit tests * fixing test coverage * fixing test coverage * feat: add CORS iframe processing support for domSnapshots - Add processCorsIframes and processCorsIframesInDomSnapshot utilities in utils.js - Add appendUrlSearchParam utility for adding query parameters to URLs - Integrate CORS iframe processing in snapshot method before validation - Process iframe resources and update HTML src attributes with width-aware URLs - Support both single domSnapshot object and array of domSnapshots * adding tests for cors iframes functionality * moving creatating of iframe resource object logic to CLI from sdk, since its common * fixing test * adding nosemgrep comment for the regex error * Fix regex injection via unescaped percyElementId in processCorsIframesInDomSnapshot (#2124) * Initial plan * fix: escape percyElementId before using in RegExp to prevent regex injection Co-authored-by: bhokaremoin <75439850+bhokaremoin@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: bhokaremoin <75439850+bhokaremoin@users.noreply.github.com> * Guard getResponsiveWidths return type with Array.isArray (#2126) * Initial plan * Use Array.isArray check in getResponsiveWidths to ensure stable array return type Co-authored-by: bhokaremoin <75439850+bhokaremoin@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: bhokaremoin <75439850+bhokaremoin@users.noreply.github.com> * Validate required fields in corsIframes entries to avoid throwing on malformed input (#2125) * Initial plan * Add validation for malformed corsIframes entries in processCorsIframesInDomSnapshot Co-authored-by: bhokaremoin <75439850+bhokaremoin@users.noreply.github.com> * adding validation for widths as well --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: bhokaremoin <75439850+bhokaremoin@users.noreply.github.com> Co-authored-by: bhokaremoin <bhokaremoin@gmail.com> * adding no semgrep * fix: prioritize user-passed widths over mobile widths in computeResponsiveWidths * fixing test * adding cors iframe in config so it can become part of domSnapshot * fixing test with the config change --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
processCorsIframesInDomSnapshot()would throw on anycorsIframesentry missingiframeSnapshotoriframeSnapshot.html, failing the entire snapshot rather than gracefully handling the bad entry.Changes
packages/core/src/utils.js— Added a guard at the top of thecorsIframesloop that skips entries missingframeUrloriframeSnapshot.html, logging them at debug level:packages/core/test/utils.test.js— Added test cases covering: missingframeUrl, missingiframeSnapshot, missingiframeSnapshot.html, and mixed valid/invalid entry arrays.💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.