New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow invalid AMP creatives to get position info #19044
Conversation
cc @lannka Do you have context on this? |
@torch2424 Some context:
An alternative implementation of this would be for the ad tag to add all creatives, AMP or not, to the list of frames, and use the new @zombifier could you include some of this background in your PR description? |
return false; | ||
} | ||
|
||
// if message comes from an unregistered frame, allow anyway if it's only | ||
// getting viewability | ||
if (!this.iframeMap_[request['sentinel']].iframe) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not convinced this works: after running getFrameElement_
above either:
getFrameElement_
returnednull
,!iframe
wastrue
, we returnedfalse
above!this.iframeMap_[request['sentinel']].iframe
will be false and this code block will never run
Have you tested this locally?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
getFrameElement_ does not return the iframe, it returns the top most measurable frame (measurableFrame), so the two conditions are not mutually exclusive. I had tested this locally and it works on my end.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm still not seeing it, but maybe I'm misreading?
Case 1:
getFrameElement_
returnsnull
iframeMap_[sentinel]
is unsetprocessMessage
will logIgnored message from unmeasurable iframe
and return false
Case 2:
getFrameElement_
returns non-null
iframeMap_[sentinel]
will be set, as williframeMap_[sentinel].iframe
!this.iframeMap_[request['sentinel']].iframe
will be false- the
if (request['type'] != MessageType.SEND_POSITIONS) {...}
block won't ever run
Are you getting Ignored message from untrusted iframe
in local testing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I refactored getFrameElement_ so that if the message source is not (a child of any frames) within the registered frames list, its entry with the sentinel would still be logged in the map. In this case iframeMap_[sentinel].iframe will be null (since we don't know, correct me if I'm wrong), but not iframeMap_[sentinel].measurableFrame, which is needed for getting positioning.
I hope this makes sense. Please ask more questions if you are unclear.
Not sure if it's the same thing but I remember we were discussing adding Is that the same thing? @zombifier @jeffkaufman since you've already written up a description, do you mind moving it to an issue I2I, and have this PR link to it. Just for streamlined tracking and providing more background to the community |
So concerning @jeffkaufman's comment, after a bit of thinking and discussions I believe that the stated alternative of loosening the ad tag's restrictions so all frames are registered with the host script and instead relying on the whitelist for functionality is the better way to do this. As such, I'm closing this PR for now. |
Allows unregistered iframes (and their children) to receive position info from the inabox host script.
Some AMP creatives will fail validation, meaning it will not be registered with the host script and thus unable to determine its visibility or resize itself. The former functionality should be unrestricted to any frames that request it, valid or not.