fix: remove Cloudflare beacon.min.js external dependency#324
fix: remove Cloudflare beacon.min.js external dependency#324benoit74 merged 1 commit intoopenzim:mainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR addresses zimcheck url_external validation failures by stripping the Cloudflare Insights analytics script (beacon.min.js) that can be injected by the CDN into downloaded simulation HTML, ensuring generated ZIM content is fully self-contained.
Changes:
- Detect and remove
<script>tags whosesrccontainsbeacon.min.jsduring the HTML transform step.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
benoit74
left a comment
benoit74
left a comment
There was a problem hiding this comment.
- please better fix the issue by analyzing what happens on https://browse.library.kiwix.org/viewer#phet_ru_all_2026-02/states-of-matter-basics_ru.html (or https://phet.colorado.edu/sims/html/build-a-nucleus/latest/build-a-nucleus_all.html?locale=ru online) ; looks like we also have a googletagmanager unwanted resource, please fix that in same PR
- please add an entry to CHANGELOG.md
- maybe relying on domain name is going to be more stable than relying on filename ; not sure about that, WDYT?
|
Oh, I get you point @benoit74 I agree, Just matching with filename would not probably solve the problem as there is a possibility of cloudflare renaming the version of the file or file itself. Also I observe versioned URL already showed this: So, relying on domain name is more stable as domain is tied to Cloudflare's infrastructure. Let me look into this |
Amith71965
force-pushed
the
fix/remove-beacon-min-js
branch
from
1f19390 to
f2ab55d
Compare
|
Hi @benoit74 , I've updated the PR with the requested changes:
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| return | ||
| } | ||
| const scriptSrc = $(elem).attr('src') | ||
| if (scriptSrc && scriptSrc.includes('static.cloudflareinsights.com')) { |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High
benoit74
left a comment
benoit74
left a comment
There was a problem hiding this comment.
LGTM, thank you. Please squash commits and I will merge
Amith71965
force-pushed
the
fix/remove-beacon-min-js
branch
from
f2ab55d to
7df24f9
Compare
|
@benoit74 |
Fixes #323
The transform step was not stripping the Cloudflare analytics script injected by the CDN into downloaded simulation HTML files:
<script defer src="https://static.cloudflareinsights.com/beacon.min.js/..."></script>This caused zimcheck to report a url_external ERROR since ZIM files must be fully self-contained with no external dependencies.