MWPW-151376: Check sharepoint url #3733
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hello, I'm the AEM Code Sync Bot and I will run some actions to deploy your branch and validate page speed.
Commits
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
overmyheadandbody
approved these changes
Feb 25, 2025
DKos95
approved these changes
Feb 25, 2025
|
Reminder to set the |
narcis-radu
reviewed
Feb 26, 2025
| @@ -68,6 +68,12 @@ export function getUrlInfo() { | |||
| function getParam(name) { | |||
| return location.searchParams.get(name); | |||
| } | |||
|
|
|||
| function isValidReferrer(url) { | |||
| const allowedHosts = ['adobe.sharepoint.com']; | |||
There was a problem hiding this comment.
@janaki-r-bhagwath, @raga-adbe-gh - do you see any issues with this list of hosts?
There was a problem hiding this comment.
Project details can be opened from Sidekick and milo studio. Both appears to be using the url with adobe.sharepoint.com. So appears to be ok.
The branch used in loc tool is locui
There was a problem hiding this comment.
Yes. sharepoint seems to be the only referrer for both loc v2 and milo studio (loc v3). So I think we should be good.
There was a problem hiding this comment.
One question, from what I saw this /tools/loc/utils.js file that is the problem is not used in v2, so for development I used v1
Does this change anything?
There was a problem hiding this comment.
Loc V2/V3 details screen uses locui branch. I think Loc V1 is no longer used/supported.
hit11757
approved these changes
Feb 28, 2025
There was a problem hiding this comment.
Validated. Test details can be found in Jira ticket https://jira.corp.adobe.com/browse/MWPW-151376
sukamat
reviewed
Feb 28, 2025
There was a problem hiding this comment.
Although this is fine to be fixed because of the SSRF, this loc and fg code in stage and main branch is not used and is very old. At some point, it will be good to clean this up.
The loc and floodgate modules that are used today are in the locui and floodgateui branch of adobecom/milo and are not part of stage or main branch.
vgoodric
pushed a commit
that referenced
this pull request
Mar 6, 2025
… Tab as Android (#3766) * [MWPW-159511] Create anchor (ID) elements (#3714) * [MWPW-159511] Create anchor (ID) elements * address feedback * address feedback * [MWPW-167031] top tooltip rtl fix (#3618) * [MWPW-167031] tooltip top rtl fix * [MWPW-167031] spacing corrections * [MWPW-167031] css optimization * [MWPW-167031] replaced css with js logic * [MWPW-167031] optimization * [MWPW-167031] optimization * MWPW-164492: Plans Card via MAS (#3649) * first draft * add callout * fix stock js issue * fix plans variant * remove sitemap * fix unit tests * add nala tests * MWPW-167305 [Plans Milo] Callout grey block: authoring improvement (#3663) Co-authored-by: Bozo Jovicic <[email protected]> * use consonant cta for plans * add plans.md * fix review comments * fix merge issue * revert obsolete change * fix nala tests * address review comments * merge in stage * Fix regression * fix nala tests comments --------- Co-authored-by: Bozo Jovicic <[email protected]> Co-authored-by: Bozo Jovicic <[email protected]> * MWPW-160954 Marketo Multi-step (#3671) * MWPW-160954 Marketo Multi-step * PR Changes * QA Fixes * Next button fix * Adding support for first localnav menu being a dropdown (#3693) * Adding support for localnav item being a dropdown * Fix for button text * wip * Updating title for dropdown * Updating mock for localnav * Fixing button text * Lint fix * Replacing button text after copying * Lint fix * [MWPW-162639] youtube block a tag fix (#3703) * [MWPW-162639] youtube block a tag fix * [MWPW-162639] condition update * [MWPW-162639] clause fix * [MWPW-162639] code removal * Fix(mwpw-163031): Typo fix long-form (#3710) * new event added for autoplay videos * combining the fixe for 163031 * Update adobetv.js * Upgrading standalone gnav version to 0.0.5 (#3712) Upgrading gnav version to 0.0.5 * MWPW-167455: Remove node cloning (#3715) * MWPW-167455: Remove node cloning * MWPW-167455: Remove redundant code * MWPW-167455: Remove video test * MWPW-167455: Remove unnecessary code * MWPW-167455: Change test name * Add fix for galaxy tab * [MWPW-167349] - Added a default logo for the 'A' icon displayed on the right side of GNAV. (#3728) * Added default case adobe 'A' logo on right side for GNAV(Adobe logo block) * Added default case adobe 'A' logo on right side for GNAV(Adobe logo block) --------- Co-authored-by: Dev Ashish Sardana <[email protected]> * MWPW-164660: [3-in-1][Milo] Implement a link converter for CTAs using an iFrame (#3564) * added 3-in-1 modal * moved event listener * updated tests * addressed comments * fixed unit test * moved constants.js into mas.js * added cli param * MWPW-167928 Override Marketo POI (#3702) * replace overflow x with contain layout (#3706) * replace overflow x with contain layout * add a fix for breaking mobile gnav * move fix to existing media block * [MWPW-168309] 2 small MEP button updates (#3719) * Revert "MWPW-140452 - Icon authoring in milo using the federal repo a… (#3357) Revert "MWPW-140452 - Icon authoring in milo using the federal repo and individual SVG assets (#3259)" This reverts commit 81a5770. * [Release] Stage to Main (#3497) MWPW-165774 [Mobile-GNAV] page is not scrollable in live page (#3495) * check for new nav when disabling ios scroll * shortened the check from the previous commit Co-authored-by: Raghav Sharma <[email protected]> * Initial checkin. * Remove white space. --------- Co-authored-by: milo-pr-merge[bot] <169241390+milo-pr-merge[bot]@users.noreply.github.com> Co-authored-by: Okan Sahin <[email protected]> Co-authored-by: Raghav Sharma <[email protected]> * MWPW-168334 Load georoutingv2.json and georoutingv2.js in parallel (#3720) * load georoutingv2.json in parallel with georoutingv2.js * remove performance marks * fixed unit tests * Small refactoring * fallback for the jsonPromise * fix unit tests * [MWPW-167309] - Table h tags replace (#3721) * [MWPW-167749] table h header replaced * [MWPW-167749] optimization * [MWPW-167749] naming changes * [MWPW-167749] optimization * [MWPW-167749] code optimization * [MWPW-167749] col role removal * [MWPW-167749] code style update * [MWPW-167309] code improvement * [MWPW-167309] - header role paragraph * MWPW-166176 - Stop initial tabs click propagation (#3726) * MWPW-166176 - Stop initial tabs click propagation * PR feedback --------- Co-authored-by: Ryan Clayton <[email protected]> * Fix(mwpw-168006): Viewport bug fix. (#3730) viewport bug fix * Remove file overlap condition from merge to stage workflow (#3736) Remove file overlap condition * Revert "replace overflow x with contain layout" (#3776) Revert "replace overflow x with contain layout (#3706)" This reverts commit 0f54535. * Adding a class to convert group link title to a simple header instead of a link (#3769) Adding a class to convert group link title to a simple header instead of link * MWPW-164093: Adobe Home "Try Buy Widget" merch card (#3651) * MWPW-164093: Adobe Home 'Pricing Widget' merch card Co-Authored-By: Angelo Statescu <[email protected]> * styles * cr fixes * refactored swc cta creation * wip * Revert "wip" This reverts commit ebede48. * wip * wip * wip * removed loading promise from race * tacocat update * new fragment mapping approach * typo fix * adobe home card improvements * Enhance merch card background and border color handling - Refactored background color processing to support custom color mapping - Updated border color processing to use CSS custom properties - Added more flexible color configuration for merch cards - Improved test coverage for color-related functions - Removed hardcoded color and border styling in favor of dynamic properties * truncate fixes * benchmarks duration update * truncation error handling * reubens comments * updated deps * unit test fix * data-href for event capture * Delete .cursor.zip * Update .gitignore * bubbled click event * dataset url * wip * Move SWC buttons to light DOM (#3734) * Move SWC buttons to light DOM * fix doc * css padding reset * remove .cursor rules * NALA tests * improved nala tests * lcp improvements on docs page * lcp improvements * Revert "lcp improvements" This reverts commit bb26697. * Revert "lcp improvements on docs page" This reverts commit 936cf14. * Update MAS package.json version * fixed nala tests * lint fixes * nala test title fixed * fixed test * conflicts resolved for the nth time * conflicts resolved * no source maps * right bg color for ah try card * sp-button analytics * data-analytics-id in sp-button * MWPW-169143: AH Try/Buy Widget sizing fixes * data-analytics-id on checkoutButton * version bump --------- Co-authored-by: Angelo Statescu <[email protected]> Co-authored-by: astatescu <[email protected]> Co-authored-by: Ilyas Türkben <[email protected]> Co-authored-by: Ilyas Türkben <[email protected]> * [MWPW-167752] Loop focus in modals containing iframes (#3716) * MWPW-163228: Preflight svg issue (#3725) * WIP: Pushing just for preview purposes * Added messaging to clairfy the status of the SVG * Strange issues with dev tools, removing fetch to avoid possible CORS, adding external url to show authors where content lives * Updating tags and errortype for PEP lana logs (#3731) Lana log message fix * MWPW-151376: Check sharepoint url (#3733) * [MWPW-167759] Hero marquee bg-bottom-tablet fix (#3735) * MWPW-166689 Add video support to Article Header (#3737) * MWPW-163320 Gnav Promo CTA overflowing issue - BACOM Global Nav (#3739) * MWPW-163320 Gnav Promo CTA overflowing issue - BACOM Global Nav * apply fix specific to button inside feds promo --------- Co-authored-by: Narcis Radu <[email protected]> Co-authored-by: Dušan Kosanović <[email protected]> Co-authored-by: Mariia Lukianets <[email protected]> Co-authored-by: Bozo Jovicic <[email protected]> Co-authored-by: Bozo Jovicic <[email protected]> Co-authored-by: Brandon Marshall <[email protected]> Co-authored-by: Bandana Laishram <[email protected]> Co-authored-by: sharathkannan <[email protected]> Co-authored-by: Ratko Zagorac <[email protected]> Co-authored-by: Dev Ashish Saradhana <[email protected]> Co-authored-by: Dev Ashish Sardana <[email protected]> Co-authored-by: Mira Fedas <[email protected]> Co-authored-by: Prince Patel <[email protected]> Co-authored-by: Dave Linhart <[email protected]> Co-authored-by: milo-pr-merge[bot] <169241390+milo-pr-merge[bot]@users.noreply.github.com> Co-authored-by: Okan Sahin <[email protected]> Co-authored-by: Raghav Sharma <[email protected]> Co-authored-by: Ryan Clayton <[email protected]> Co-authored-by: Ryan Clayton <[email protected]> Co-authored-by: Axel Cureno Basurto <[email protected]> Co-authored-by: Angelo Statescu <[email protected]> Co-authored-by: astatescu <[email protected]> Co-authored-by: Ilyas Türkben <[email protected]> Co-authored-by: Ilyas Türkben <[email protected]> Co-authored-by: Rares Munteanu <[email protected]> Co-authored-by: Jason Slavin <[email protected]> Co-authored-by: Megan Thomas <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
referrerquery param when starting localization processResolves: MWPW-151376
Kodiak tiket: https://jira.corp.adobe.com/browse/MWPW-144376
Test URLs:
Test url