Fix/post-message-target

[nd0ut]

Description

Checklist

• Tests (if applicable)
• Documentation (if applicable)
• Changelog stub (or use conventional commit messages)

Summary by CodeRabbit

• New Features

  • "Done" button visibility now follows selection state (appears only when items are selected) and is cleared on reset.

• Bug Fixes

  • Prevented "waiting-for" hint from appearing for completed file items.

• Refactor

  • External messaging now targets a specific origin for safer cross-window communication.

[coderabbitai]

Walkthrough

ExternalSource now drives showDoneBtn from selection totals (no longer auto-enabled on ready) and passes a getTargetOrigin callback when creating MessageBridge. MessageBridge stores the callback, makes _handlerMap/_context private, and uses the callback in postMessage. FileItem suppresses "waiting-for" hint for finished items.

Changes

Cohort / File(s)	Summary
MessageBridge callback & privacy src/blocks/ExternalSource/MessageBridge.ts	Constructor changed to (context: Window, getTargetOrigin: () => string). New private _getTargetOrigin field. _handlerMap and _context marked private. send() calls _getTargetOrigin() and posts with that origin instead of '*'.
ExternalSource: showDoneBtn state and wiring src/blocks/ExternalSource/ExternalSource.ts	Added showDoneBtn: boolean to init state and updates. showDoneBtn now set from selection messages (message.total > 0) and cleared on reset; removed legacy auto-enable-on-ready logic. MessageBridge instantiation updated to new MessageBridge(iframe.contentWindow, () => this.cfg.socialBaseUrl).
FileItem hint gating src/blocks/FileItem/FileItem.ts	Added local isFinished and updated hint computation to skip the "waiting-for" hint when the item is finished (require !isFinished for externalUrl/source hint).

Sequence Diagram(s)

sequenceDiagram
    participant ExternalSource
    participant MessageBridge
    participant IframeWindow

    rect rgb(240,248,255)
    Note over ExternalSource,MessageBridge: MessageBridge constructed with origin callback
    ExternalSource->>MessageBridge: new MessageBridge(iframe.contentWindow, () => this.cfg.socialBaseUrl)
    MessageBridge->>MessageBridge: store _getTargetOrigin
    end

    rect rgb(240,248,255)
    Note over ExternalSource,MessageBridge: Sending messages uses computed origin
    ExternalSource->>MessageBridge: send(message)
    MessageBridge->>MessageBridge: targetOrigin = _getTargetOrigin()
    MessageBridge->>IframeWindow: postMessage(message, targetOrigin)
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Verify all MessageBridge instantiations across the codebase were updated to pass the getTargetOrigin callback.
• Confirm making _handlerMap and _context private doesn't break external access or tests.
• Review ExternalSource selection/reset transitions to ensure showDoneBtn is consistently set/cleared and UI consumers use the flag.
• Check FileItem transitions to/from finished state to ensure hints update correctly.

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The pull request description is entirely composed of template placeholders with no actual content provided by the author. The description section is empty with only HTML comments showing where information should be added, the related issue link is missing, and no explanation of the changes has been filled in. While the checklist is present (though unchecked), the description fails to provide any substantive information about what changes were made or why.	The author should complete the description by filling in the required sections: providing a link to the related issue, writing a brief description of the changes (specifically mentioning the MessageBridge constructor signature update, the shift from wildcard to dynamic target origin, and the related updates in ExternalSource and FileItem), and adding any relevant code snippets or examples if applicable. The checklist items should also be marked as completed or marked N/A if not applicable.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "Fix/post-message-target" directly relates to the main change in this pull request, which is the update to MessageBridge.ts to replace the use of '*' as the target origin in postMessage with a dynamically provided origin callback. This is a security/correctness-focused fix that aligns well with the title. The title is concise, specific, and clearly communicates the primary purpose of the changeset without unnecessary verbosity.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/post-message-target

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• JIRA integration encountered authorization issues. Please disconnect and reconnect the integration in the CodeRabbit UI.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

src/blocks/ExternalSource/MessageBridge.ts (2)

18-29: Consider validating the target origin returned by the callback.

The constructor now accepts a getTargetOrigin callback to compute the target origin dynamically, which is a security improvement over using the wildcard '*'. However, there's no validation to ensure the callback returns a valid origin string.

Consider adding validation in the send method to handle edge cases:

  send(message: OutputMessage) {
    const targetOrigin = this._getTargetOrigin();
+   if (!targetOrigin || typeof targetOrigin !== 'string') {
+     console.error('Invalid target origin returned from callback:', targetOrigin);
+     return;
+   }
    this._context.postMessage(message, targetOrigin);
  }

Alternatively, validate in the constructor if the callback is expected to return a constant value:

  constructor(context: Window, getTargetOrigin: () => string) {
    this._context = context;
    this._getTargetOrigin = getTargetOrigin;
+   
+   // Validate that callback returns a valid origin
+   const testOrigin = getTargetOrigin();
+   if (!testOrigin || typeof testOrigin !== 'string') {
+     throw new Error('getTargetOrigin must return a non-empty string');
+   }

    window.addEventListener('message', this._handleMessage);
  }

---

57-60: Consider adding error handling for postMessage failures.

The postMessage call can throw exceptions if the targetOrigin is malformed or if the context window is closed. Consider wrapping it in a try-catch block to handle potential failures gracefully.

  send(message: OutputMessage) {
    const targetOrigin = this._getTargetOrigin();
-   this._context.postMessage(message, targetOrigin);
+   try {
+     this._context.postMessage(message, targetOrigin);
+   } catch (error) {
+     console.error('Failed to send message to iframe:', error, { targetOrigin, message });
+   }
  }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 68475d9 and f48516e.

📒 Files selected for processing (3)

• src/blocks/ExternalSource/ExternalSource.ts (2 hunks)
• src/blocks/ExternalSource/MessageBridge.ts (2 hunks)
• src/blocks/FileItem/FileItem.ts (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/blocks/ExternalSource/ExternalSource.ts (1)

src/blocks/ExternalSource/MessageBridge.ts (1)

• MessageBridge (17-65)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (3)

src/blocks/ExternalSource/ExternalSource.ts (2)

315-315: LGTM! State management simplified.

The done button visibility now relies on showSelectionStatus instead of the removed showDoneBtn flag. This simplifies state management and aligns with the selection status logic set on Line 189, which shows the button appropriately in multiple selection mode when items are available.

---

265-265: No action required.

The socialBaseUrl is a required string type with a concrete default value ('https://social.uploadcare.com') and passes through string validation. It cannot be undefined or empty due to the configuration architecture. The code already uses socialBaseUrl directly without defensive checks on line 238 (new URL(..., socialBaseUrl)), so the callback pattern on line 265 is consistent with existing usage.

Likely an incorrect or invalid review comment.

src/blocks/FileItem/FileItem.ts (1)

145-156: LGTM! Improved UX by gating the waiting hint.

The addition of the isFinished check correctly prevents the "waiting-for" hint from displaying after a file upload has completed. This ensures users only see the waiting message while the upload is in progress, improving the overall user experience.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/blocks/ExternalSource/ExternalSource.ts (1)

21-42: Add showDoneBtn to the interface definition.

The showDoneBtn property is used throughout the implementation (lines 65, 194, 290, 318) but is not declared in the ExternalSourceInitState interface. This creates a type safety gap.

Apply this diff to add the missing property:

 interface ExternalSourceInitState extends BaseInitState {
   activityIcon: string;
   activityCaption: string;
 
   selectedList: NonNullable<InputMessageMap['selected-files-change']['selectedFiles']>;
   total: number;
 
   isSelectionReady: boolean;
   isDoneBtnEnabled: boolean;
   couldSelectAll: boolean;
   couldDeselectAll: boolean;
   showSelectionStatus: boolean;
+  showDoneBtn: boolean;
   counterText: string;
   doneBtnTextClass: string;
   toolbarVisible: boolean;
 
   onDone: () => void;
   onCancel: () => void;
 
   onSelectAll: () => void;
   onDeselectAll: () => void;
 }

🧹 Nitpick comments (1)

src/blocks/ExternalSource/ExternalSource.ts (1)

267-267: Verify that socialBaseUrl uses only the origin for postMessage security.

The protocol, port and hostname of the target window must match the targetOrigin parameter for the message to be sent. The default socialBaseUrl value is correctly set to 'https://social.uploadcare.com' (protocol + host only), but if someone misconfigures it with a path component, the postMessage call will fail because targetOrigin must exactly match the iframe's origin.

Consider extracting only the origin to be defensive:

this._messageBridge = new MessageBridge(
  iframe.contentWindow, 
  () => new URL(this.cfg.socialBaseUrl).origin
);

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f48516e and 13aa292.

📒 Files selected for processing (1)

• src/blocks/ExternalSource/ExternalSource.ts (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/blocks/ExternalSource/ExternalSource.ts (1)

src/blocks/ExternalSource/MessageBridge.ts (1)

• MessageBridge (17-65)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (4)

src/blocks/ExternalSource/ExternalSource.ts (4)

65-65: LGTM!

The showDoneBtn property is correctly initialized to false, which is appropriate since no files are available when the external source first mounts.

---

186-195: Verify the UX intent for done button visibility.

The done button will be visible whenever total > 0 (line 194) but only enabled when isReady && selectedFiles.length > 0 (line 189). This means users will see a disabled done button when files are available but none are selected yet.

Please confirm this matches the intended UX behavior.

---

282-292: LGTM!

The showDoneBtn is correctly reset to false along with other selection state properties, maintaining consistency when the iframe is mounted or unmounted.

---

315-322: LGTM!

The template correctly binds both visibility (@hidden: !showDoneBtn) and enabled state (@disabled: !isDoneBtnEnabled) to the done button, providing appropriate user feedback at different stages of the file selection process.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/blocks/ExternalSource/MessageBridge.ts (1)

58-59: Security improvement: specific targetOrigin instead of wildcard.

Replacing the wildcard '*' with a specific origin from getTargetOrigin() is a significant security improvement that prevents messages from being intercepted by unintended origins.

However, consider adding error handling in case the callback throws or returns an invalid origin:

 send(message: OutputMessage) {
-  const targetOrigin = this._getTargetOrigin();
-  this._context.postMessage(message, targetOrigin);
+  try {
+    const targetOrigin = this._getTargetOrigin();
+    if (!targetOrigin || typeof targetOrigin !== 'string') {
+      console.error('MessageBridge: Invalid targetOrigin returned');
+      return;
+    }
+    this._context.postMessage(message, targetOrigin);
+  } catch (error) {
+    console.error('MessageBridge: Failed to send message', error);
+  }
 }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 13aa292 and cd9aa92.

📒 Files selected for processing (3)

• src/blocks/ExternalSource/ExternalSource.ts (2 hunks)
• src/blocks/ExternalSource/MessageBridge.ts (2 hunks)
• src/blocks/FileItem/FileItem.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• src/blocks/FileItem/FileItem.ts
• src/blocks/ExternalSource/ExternalSource.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (2)

src/blocks/ExternalSource/MessageBridge.ts (2)

18-22: Good encapsulation with private fields.

Making _handlerMap and _context private and adding the new _getTargetOrigin callback field improves encapsulation and follows TypeScript best practices.

---

24-26: Constructor signature change verified—all call sites updated correctly.

The single MessageBridge instantiation in src/blocks/ExternalSource/ExternalSource.ts:267 properly passes both parameters: the context window and the getTargetOrigin callback (() => this.cfg.socialBaseUrl).