Skip to content

Comments

header.js: Fixed XSS and reduced complexity#690

Open
helms-charity wants to merge 1 commit intomainfrom
689-headerjsxss
Open

header.js: Fixed XSS and reduced complexity#690
helms-charity wants to merge 1 commit intomainfrom
689-headerjsxss

Conversation

@helms-charity
Copy link
Collaborator

Cognitive complexity that was fixed:

Summary of the refactor for Cognitive Complexity:

  1. decorate (target function around line 126)
    Logo – getLogoFromFragment(fragment) and buildNavBrand(navBrand, logo) now handle logo parsing and brand markup.
    Nav sections – buildNavSectionsFromFragment(fragment) returns the wrapper and ul; decorate only appends them.
    Nav tools – getToolsData(sections) and buildNavToolsDOM(navToolsWrapper, toolsData) parse tools and build the DOM; decorate just calls them and appends.
    Dropdowns – createDropdown moved to module scope. setupCustomerServiceDropdown(navTools), setupSearchDropdown(navToolsWrapper, navTools), and setupLoginDropdown(navToolsWrapper) handle all dropdown setup.
    Odometer – startOdometerAnimation(navTools) is module-level. Desktop odometer is started with setTimeout(() => startOdometerAnimation(navTools), 100).
    Mobile odometer – buildMobileOdometerContainer(odometerItemTexts) and wireMobileOdometer(nav, container, csDropdownOpen) build and wire the mobile odometer; startMobileOdometerAnimation(container) is module-level and uses a WeakSet so it runs once per container.
    Nav section behavior – initNavSectionBehaviors(domCache, setupDesktopNavigation, setupTabletNavigation, setupMobileNavigation) runs the per-section setup so the forEach and viewport branching live in one helper.

  2. loadNavFragmentContent (was 22, needed ≤15)
    buildFragmentSectionsUl(fragmentContent) – Builds the accordion ul from fragment sections (category-nav or standard).
    decorateFragmentBlocks(ul) – Decorates non–category-nav blocks (e.g. Cards) via cached dynamic imports.
    loadNavFragmentContent – Now only coordinates: guard clauses, load fragment, build ul, append, decorate, attach accordion behavior, and catch.

ALSO,
I learned we shouldn't use "service" in a CSS class or {query} in a variable because they are causing false positives with 'hardcoded API' and GraphQL something something.... :-D

Fix #689

Test URLs:

There should be no functional difference in the header.

@aem-code-sync
Copy link

aem-code-sync bot commented Feb 22, 2026

Hello, I'm the AEM Code Sync Bot and I will run some actions to deploy your branch and validate page speed.
In case there are problems, just click a checkbox below to rerun the respective action.

  • Re-run PSI checks
  • Re-sync branch
Commits

@aem-code-sync
Copy link

aem-code-sync bot commented Feb 22, 2026

Page Scores Audits Google
📱 / PERFORMANCE A11Y SEO BEST PRACTICES SI FCP LCP TBT CLS PSI
🖥️ / PERFORMANCE A11Y SEO BEST PRACTICES SI FCP LCP TBT CLS PSI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

header.js: XSS and complexity fixes

1 participant