feat(HikVision): add auto check jQuery plugin

[ArgoZhang]

Link issues

fixes #776

Summary By Copilot

Regression?

• Yes
• No

Risk

• High
• Medium
• Low

Verification

• Manual (required)
• Automated

Packaging changes reviewed?

• Yes
• No
• N/A

☑️ Self Check before Merge

⚠️ Please check all items below before review. ⚠️

• Doc is updated/provided or not needed
• Demo is updated/provided or not needed
• Merge the latest code from the main branch

Summary by Sourcery

New Features:

• Automatically load the HikVision jQuery plugin dependency if jQuery is not available on the page.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Adds an automatic check and conditional loading of a bundled jQuery plugin for the HikVision video component’s initialization script to ensure jQuery is available before plugin usage.

Sequence diagram for HikVision init script loading with conditional jQuery

sequenceDiagram
    participant Browser
    participant HikVisionScript as HikVision_init
    participant ScriptLoader as addScript

    Browser->>HikVisionScript: init(id)
    activate HikVisionScript

    HikVisionScript->>ScriptLoader: addScript(./_content/BootstrapBlazor.HikVision/jsencrypt.min.js)
    ScriptLoader-->>HikVisionScript: script loaded

    HikVisionScript->>ScriptLoader: addScript(./_content/BootstrapBlazor.HikVision/jsVideoPlugin-1.0.0.min.js)
    ScriptLoader-->>HikVisionScript: script loaded

    HikVisionScript->>ScriptLoader: addScript(./_content/BootstrapBlazor.HikVision/webVideoCtrl.js)
    ScriptLoader-->>HikVisionScript: script loaded

    HikVisionScript->>Browser: check window.$
    alt jQuery_not_present
        HikVisionScript->>ScriptLoader: addScript(./_content/BootstrapBlazor.HikVision/jquery-1.7.1.min.js)
        ScriptLoader-->>HikVisionScript: script loaded
    end

    HikVisionScript->>Browser: document.getElementById(id)
    Browser-->>HikVisionScript: element or null
    HikVisionScript-->>Browser: return (continue initialization if element exists)
    deactivate HikVisionScript

Loading

Flow diagram for HikVision init jQuery auto-check logic

flowchart TD
    A["init(id) called"] --> B["Load jsencrypt.min.js via addScript"]
    B --> C["Load jsVideoPlugin-1.0.0.min.js via addScript"]
    C --> D["Load webVideoCtrl.js via addScript"]
    D --> E["window.$ is undefined?"]
    E -- Yes --> F["Load jquery-1.7.1.min.js via addScript"]
    F --> G["Get element by id"]
    E -- No --> G["Get element by id"]
    G --> H["element is null?"]
    H -- Yes --> I["Return and stop"]
    H -- No --> J["Continue HikVision video initialization"]

Loading

File-Level Changes

Change	Details	Files
Conditionally load bundled jQuery if it is not already present on the page during HikVision plugin initialization.	Extend the HikVision init function to detect absence of the global jQuery shortcut on window If jQuery is missing, dynamically load the local jquery-1.7.1.min.js script via the existing addScript helper before proceeding Keep the rest of the initialization flow (loading jsVideoPlugin and webVideoCtrl, querying the element by id) unchanged	src/components/BootstrapBlazor.HikVision/wwwroot/hikvision.js

Assessment against linked issues

Issue	Objective	Addressed	Explanation
#776	In the HikVision component JavaScript, automatically check for the presence of jQuery and load the jQuery plugin if it is not already available.	✅

Possibly linked issues

• feat(HikVision): add auto check jQuery plugin #776: PR adds a window.$ check and conditionally loads jquery-1.7.1.min.js, matching the requested auto check jQuery plugin.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• Consider loading jquery-1.7.1.min.js before jsVideoPlugin-1.0.0.min.js and webVideoCtrl.js if those scripts assume $ is available at load time, otherwise they may initialize incorrectly on pages without jQuery.
• The jQuery presence check only looks at window.$; you may also want to check window.jQuery to avoid reloading jQuery in environments where $ is aliased or not exposed.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider loading `jquery-1.7.1.min.js` before `jsVideoPlugin-1.0.0.min.js` and `webVideoCtrl.js` if those scripts assume `$` is available at load time, otherwise they may initialize incorrectly on pages without jQuery.
- The jQuery presence check only looks at `window.$`; you may also want to check `window.jQuery` to avoid reloading jQuery in environments where `$` is aliased or not exposed.

## Individual Comments

### Comment 1
<location> `src/components/BootstrapBlazor.HikVision/wwwroot/hikvision.js:9` </location>
<code_context>
     await addScript('./_content/BootstrapBlazor.HikVision/webVideoCtrl.js');

+    if (window.$ === void 0) {
+        await addScript('./_content/BootstrapBlazor.HikVision/jquery-1.7.1.min.js');
+    }
+
</code_context>

<issue_to_address>
**🚨 issue (security):** Loading jQuery 1.7.1 introduces potential security and compatibility concerns; consider a more recent version if possible.

jQuery 1.7.1 has known security issues and poor support in modern browsers. If you can change this dependency, please use a supported jQuery version (1.x LTS or newer) that remains compatible with the HikVision plugin to avoid relying on a vulnerable library.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

🚨 issue (security): Loading jQuery 1.7.1 introduces potential security and compatibility concerns; consider a more recent version if possible.

jQuery 1.7.1 has known security issues and poor support in modern browsers. If you can change this dependency, please use a supported jQuery version (1.x LTS or newer) that remains compatible with the HikVision plugin to avoid relying on a vulnerable library.

[Copilot]

Pull request overview

This PR adds functionality to automatically detect and load jQuery if it's not already present on the page, addressing issue #776 where the HikVision component failed when jQuery wasn't globally available.

Key Changes:

• Added conditional jQuery loading to ensure the HikVision plugin's dependencies are met
• Checks for jQuery existence using window.$ before dynamically loading jQuery 1.7.1

Comments suppressed due to low confidence (1)

src/components/BootstrapBlazor.HikVision/wwwroot/hikvision.js:224

• Unused variable szDeviceIdentify.

    const { iWndIndex, szDeviceIdentify } = vision;

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The jQuery check and loading happens after loading webVideoCtrl.js, but webVideoCtrl.js depends on jQuery. The file contains extensive jQuery usage (e.g., $, $("#"+id), $.each, etc.). This creates a race condition where webVideoCtrl.js will execute before jQuery is available, causing runtime errors.

jQuery should be loaded first, before any scripts that depend on it. Move the jQuery check and loading to lines 5-7, before the jsVideoPlugin and webVideoCtrl scripts.

Suggested change

	await addScript('./_content/BootstrapBlazor.HikVision/jsVideoPlugin-1.0.0.min.js');
	await addScript('./_content/BootstrapBlazor.HikVision/webVideoCtrl.js');
	if (window.$ === void 0) {
	await addScript('./_content/BootstrapBlazor.HikVision/jquery-1.7.1.min.js');
	}
	if (window.$ === void 0) {
	await addScript('./_content/BootstrapBlazor.HikVision/jquery-1.7.1.min.js');
	}
	await addScript('./_content/BootstrapBlazor.HikVision/jsVideoPlugin-1.0.0.min.js');
	await addScript('./_content/BootstrapBlazor.HikVision/webVideoCtrl.js');

[Copilot]

jQuery 1.7.1 is from 2011 and has multiple known security vulnerabilities (CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023). Consider upgrading to jQuery 3.7.1 or later, which includes security fixes and is still compatible with legacy code. If the HikVision plugin requires this specific old version, document this requirement and the security implications.

Suggested change

	await addScript('./_content/BootstrapBlazor.HikVision/jquery-1.7.1.min.js');
	// Updated to jQuery 3.7.1 for security reasons (CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023)
	// If the HikVision plugin fails with this version, revert to 1.7.1 and document the risk.
	await addScript('./_content/BootstrapBlazor.HikVision/jquery-3.7.1.min.js');