Skip to content

Comments

Scripts.js maintenance: sanitizeHTML and reduce function complexities#676

Merged
helms-charity merged 4 commits intomainfrom
675-scriptsjsmain
Feb 23, 2026
Merged

Scripts.js maintenance: sanitizeHTML and reduce function complexities#676
helms-charity merged 4 commits intomainfrom
675-scriptsjsmain

Conversation

@helms-charity
Copy link
Collaborator

@helms-charity helms-charity commented Feb 21, 2026

The biggest change was that handleSectionMetadata was reduced from a complexity of 41 to under 15 by moving logic into five helpers:

  • applySpecialSectionMetadata(metadata, section) – style, backgroundcolor, grid, gap, spacing, containerwidth, height/heightmobile.
  • applyDataAttributesFromMetadata(metadata, section) – writes non-special keys to section.dataset and sets section.id when present.
  • applySectionBackgroundImages(metadata, section) – section desktop/mobile background images.
  • applyDecorationImages(metadata, section) – decoration (doodle) images and reverse flag.
  • applyBlockContentMetadata(metadata, section) – block-content background, images, object-fit, object-position.
  • addressed CWE-915 / OWASP A01 – Prototype pollution. Replaced the plain object with a Map so block IDs are stored with blockIds.get(name) / blockIds.set(name, value) instead of blockIds[name]. No prototype is involved, so there’s no prototype pollution risk.

Also added the section metadata key lists as Set()s since apparently this has been a thing since ES6.

Fix #675

Test URLs:

Testing: There should not be any functional difference.

image After: your IDE should not have errors anymore. image

@aem-code-sync
Copy link

aem-code-sync bot commented Feb 21, 2026

Hello, I'm the AEM Code Sync Bot and I will run some actions to deploy your branch and validate page speed.
In case there are problems, just click a checkbox below to rerun the respective action.

  • Re-run PSI checks
  • Re-sync branch
Commits

@aem-code-sync
Copy link

aem-code-sync bot commented Feb 21, 2026

Page Scores Audits Google
📱 / PERFORMANCE A11Y SEO BEST PRACTICES SI FCP LCP TBT CLS PSI
🖥️ / PERFORMANCE A11Y SEO BEST PRACTICES SI FCP LCP TBT CLS PSI
📱 /credit-card/metal-credit-card/mayura PERFORMANCE A11Y SEO BEST PRACTICES SI FCP LCP TBT CLS PSI
🖥️ /credit-card/metal-credit-card/mayura PERFORMANCE A11Y SEO BEST PRACTICES SI FCP LCP TBT CLS PSI

Copy link
Contributor

@amarghioali amarghioali left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@helms-charity helms-charity merged commit 3457e3e into main Feb 23, 2026
0 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

scripts.js XSS and high sonarQube fixes

2 participants