Merge pull request #202 from CleverTap/task/WEB-2516/XSS_bugfix

XSS bug fix
CleverTap · May 3, 2024 · c7ac1c9 · c7ac1c9
2 parents 00f17e5 + 4a36b20
commit c7ac1c9
Show file tree

Hide file tree

Showing 10 changed files with 433 additions and 150 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -11,13 +11,13 @@ on:
     types: [opened, synchronize, reopened]
 jobs:
   build:
-    runs-on: macos-latest
+    runs-on: macos-12
     steps:
       - uses: actions/checkout@v2
-      - name: Use node.js version 10.x
+      - name: Use node.js version 10.24.1
         uses: actions/[email protected]
         with:
-          node-version: '10.x'
+          node-version: '10.24.1'
       - name: Get yarn cache directory path
         id: yarn-cache-dir-path
         run: echo "::set-output name=dir::$(yarn cache dir)"

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -4,13 +4,13 @@ on:
     types: [published]
 jobs:
   build:
-    runs-on: macos-latest
+    runs-on: macos-12
     steps:
       - uses: actions/checkout@v2
-      - name: Use node.js version 10.x
+      - name: Use node.js version 10.24.1
         uses: actions/[email protected]
         with:
-          node-version: '10.x'
+          node-version: '10.24.1'
       - name: Get yarn cache directory path
         id: yarn-cache-dir-path
         run: echo "::set-output name=dir::$(yarn cache dir)"
@@ -27,10 +27,10 @@ jobs:
         run: yarn run test:coverage
       - name: Build package
         run: yarn run build
-      - name: Use node.js version 10.x
+      - name: Use node.js version 10.24.1
         uses: actions/[email protected]
         with:
-          node-version: '10.x'
+          node-version: '10.24.1'
           registry-url: 'https://registry.npmjs.org'
       - name: Publish package to npm
         run: npm publish

diff --git a/.github/workflows/sw_build.yml b/.github/workflows/sw_build.yml
@@ -11,13 +11,13 @@ on:
     types: [opened, synchronize, reopened]
 jobs:
   build:
-    runs-on: macos-latest
+    runs-on: macos-12
     steps:
       - uses: actions/checkout@v2
-      - name: Use node.js version 10.x
+      - name: Use node.js version 10.24.1
         uses: actions/[email protected]
         with:
-          node-version: '10.x'
+          node-version: '10.24.1'
       - name: Get yarn cache directory path
         id: yarn-cache-dir-path
         run: echo "::set-output name=dir::$(yarn cache dir)"

diff --git a/.github/workflows/sw_release.yml b/.github/workflows/sw_release.yml
@@ -4,13 +4,13 @@ on:
     types: [published]
 jobs:
   build:
-    runs-on: macos-latest
+    runs-on: macos-12
     steps:
       - uses: actions/checkout@v2
-      - name: Use node.js version 10.x
+      - name: Use node.js version 10.24.1
         uses: actions/[email protected]
         with:
-          node-version: '10.x'
+          node-version: '10.24.1'
       - name: Get yarn cache directory path
         id: yarn-cache-dir-path
         run: echo "::set-output name=dir::$(yarn cache dir)"

diff --git a/clevertap.js b/clevertap.js
diff --git a/clevertap.js.map b/clevertap.js.map
diff --git a/clevertap.min.js b/clevertap.min.js
diff --git a/src/util/clevertap-handler.js b/src/util/clevertap-handler.js
@@ -0,0 +1,55 @@
+// clevertap-handler.js
+
+const ctEventhandler = (html) => {
+  const ctScript = `
+      var clevertap = {
+        event: {
+          push: (eventName) => {
+            window.parent.postMessage({
+              action: 'Event',
+              value: eventName
+            },'*');
+          }
+        },
+        profile: {
+          push: (eventName) => {
+            window.parent.postMessage({
+              action: 'Profile',
+              value: eventName
+            },'*');
+          }
+        },
+        onUserLogin: {
+          push: (eventName) => {
+            window.parent.postMessage({
+              action: 'OUL',
+              value: eventName
+            },'*');
+          }
+        },
+        closeBoxPopUp: () => {
+          window.parent.postMessage({
+            action: 'closeBoxPopUp',
+            value: 'closeBoxPopUp'
+          },'*');
+        },
+        closeBannerPopUp: () => {
+          window.parent.postMessage({
+            action: 'closeBannerPopUp',
+            value: 'closeBannerPopUp'
+          },'*');
+        },
+        closeInterstitialPopUp: () => {
+          window.parent.postMessage({
+            action: 'closeInterstitialPopUp',
+            value: 'closeInterstitialPopUp'
+          },'*');
+        }
+      }
+    `
+  const insertPosition = html.indexOf('<script>')
+  html = [html.slice(0, insertPosition + '<script>'.length), ctScript, html.slice(insertPosition + '<script>'.length)].join('')
+  return html
+}
+
+export default ctEventhandler
diff --git a/src/util/constants.js b/src/util/constants.js
@@ -56,6 +56,18 @@ export const VARIABLES = 'WZRK_PE'
 export const PUSH_DELAY_MS = 1000
 export const MAX_DELAY_FREQUENCY = 1000 * 60 * 10
 export const WZRK_FETCH = 'wzrk_fetch'
+export const WIZ_IFRAME = 'wiz-iframe'
+export const WIZ_IFRAME_INTENT = 'wiz-iframe-intent'
+export const ADJUST_IFRAME_HEIGHT = 'adjustIFrameHeight'
+export const UPDATE_HEIGHT = 'update height'
+export const GET_NOTIFICATION = 'getnotif'
+export const EVENT = 'Event'
+export const PROFILE = 'Profile'
+export const OUL = 'OUL'
+export const CLOSE_BOX_POPUP = 'closeBoxPopUp'
+export const CLOSE_BANNER_POPUP = 'closeBannerPopUp'
+export const GET_NOTIFICATION_DATA = 'getnotifData'
+export const CLOSE_INTERSTITIAL_POPUP = 'closeInterstitialPopUp'
 
 export const SYSTEM_EVENTS = [
   'Stayed',