Skip to content

Instantly share code, notes, and snippets.

@wmedlar

wmedlar/README.md

Created November 30, 2016 21:26
Show Gist options
  • Save wmedlar/5da92970a135c536f3d387454d1f3874 to your computer and use it in GitHub Desktop.
Save wmedlar/5da92970a135c536f3d387454d1f3874 to your computer and use it in GitHub Desktop.
Download ZIP
Ralph Lauren bug replication
Raw
README.md

To reproduce the issue:

  • Serve script.js and index.html with a simple HTTP server.
$ python3 -m http.server
  • Ensure your ad-blocker is disabled and navigate to any page on www.ralphlauren.com. I was able to reproduce the error in Firefox and Chrome.
  • Run bookmarklet.js either as a bookmarklet or in the browser url.
  • The iframe created by script.js sends a message to a listener in index.html once, then is hammered with additional events (due to the bug) with data similar to "{"cxr":true,"id":"de358f9-93588236-068e-9f0c-fe732…le-frame'][1]"],"sid":"7_","sp":{"x":0,"y":6610}}", all of which are logged to the console.

We think it's related to the survey modal. Let us know if you need any more information to reproduce!

Raw
bookmarklet.js
javascript:void(function(){var t=document.createElement("script");t.setAttribute("type","text/javascript"),t.setAttribute("charset","UTF-8"),t.setAttribute("src","http://127.0.0.1:8000/script.js?r="+99999999*Math.random()),document.body.appendChild(t)}());
Raw
index.html
<html lang="en">
<head>
<script type="text/javascript">
window.addEventListener("message", console.log, false);
</script>
</head>
</html>
Raw
script.js
(function() {
// create modal div
var modal = document.createElement('div');
modal.setAttribute('id', 'rewardstyle-modal');
// add iframe to modal and append
var iframe = document.createElement('iframe');
iframe.setAttribute('id', 'rewardstyle-frame');
iframe.setAttribute('src', 'http://127.0.0.1:8000/index.html');
modal.appendChild(iframe);
// send message on load to trigger modal interception
iframe.onload = function () {
iframe.contentWindow.postMessage(
'Sending love from rewardStyle! :)',
'http://127.0.0.1:8000/index.html'
);
}
// add modal to body
document.body.appendChild(modal);
})();
@wmedlar
Copy link
Author

wmedlar commented Jun 18, 2017
edited
Loading

The source of this bug was found to be Ralph Lauren's configuration of their third-party "Foresee" survey modal, and was resolved by adding the following snippet to our front-end code:

window._acsRequire.s.contexts._.defined.recordconfig.advancedSettings.skipIframes = true;

This snippet seems to be extensible to all sites that implement the Foresee modal service.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment