Skip to content

[723] Fix scroll after applying filters#179

Merged
killev merged 9 commits into
mainfrom
fix/avoid-reload-case-study-page-during-filtering
Jul 2, 2025
Merged

[723] Fix scroll after applying filters#179
killev merged 9 commits into
mainfrom
fix/avoid-reload-case-study-page-during-filtering

Conversation

@IhorMasechko

Copy link
Copy Markdown
Contributor
  • Update filter anchor to use SCSS header height variables instead of hardcoded values
  • Add visibility hidden property to filter anchor for better accessibility
  • Restructure HTML layout by moving filter anchor outside main content area
  • Improve HTML formatting and code readability

This fix ensures the filter anchor positioning is consistent across different screen sizes and improves the overall accessibility and maintainability of the case studies filtering functionality.

- Update filter anchor to use SCSS header height variables instead of hardcoded values

- Add visibility hidden property to filter anchor for better accessibility

- Restructure HTML layout by moving filter anchor outside main content area

- Improve HTML formatting and code readability
@IhorMasechko IhorMasechko requested a review from killev as a code owner June 19, 2025 13:13
@coderabbitai

coderabbitai Bot commented Jun 19, 2025

Copy link
Copy Markdown
Contributor
📝 Walkthrough
## Walkthrough

This update introduces a new client-side filtering module for the case studies page, integrates its initialization into the main UI setup, and adjusts scrolling behavior for filter anchors. SCSS styles for case studies are enhanced for layout and transitions, while HTML and JavaScript files receive formatting and minor logic adjustments.

## Changes

| File(s)                                                                                  | Change Summary                                                                                                   |
|-----------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------|
| website/modules/asset/ui/src/clientSideFiltering.js                                     | New module for client-side filtering: intercepts filter link clicks, updates URL, reloads page, handles popstate.|
| website/modules/asset/ui/src/index.js                                                   | Removes comments, integrates `initClientSideFiltering`, adjusts scroll-to-filter logic, minor whitespace tweaks. |
| website/modules/asset/ui/src/scss/_cases.scss                                           | Adds min-height to `.cs_list`, uses header height vars, hides `.filter-anchor`, adds opacity transition to cards. |
| website/modules/case-studies-page/views/index.html                                      | Formatting and indentation improvements; no logic or structural changes.                                         |

## Sequence Diagram(s)

```mermaid
sequenceDiagram
    participant User
    participant Browser
    participant ClientSideFiltering
    participant Page

    User->>Browser: Clicks filter link (industry/stack/caseStudyType)
    Browser->>ClientSideFiltering: Intercepts click event
    ClientSideFiltering-->>Browser: Prevents default navigation
    ClientSideFiltering->>Browser: Updates URL with pushState
    ClientSideFiltering->>Page: Reloads page to apply filter
    Browser->>ClientSideFiltering: Detects popstate (back/forward)
    ClientSideFiltering->>Page: Reloads page if state is client-side filter

Possibly related PRs

Suggested reviewers

  • IhorMasechko
  • yuramax
  • VitalyyP

</details>

<!-- walkthrough_end -->


---

<details>
<summary>📜 Recent review details</summary>

**Configuration used: CodeRabbit UI**
**Review profile: CHILL**
**Plan: Pro**


<details>
<summary>📥 Commits</summary>

Reviewing files that changed from the base of the PR and between 3ce3b572f7a5d353285899fcd13a75952aded038 and 905508aa43a3a2ca5af4ef5e21c33899aadcf50d.

</details>

<details>
<summary>📒 Files selected for processing (2)</summary>

* `website/modules/asset/ui/src/scss/_cases.scss` (3 hunks)
* `website/modules/case-studies-page/views/index.html` (3 hunks)

</details>

<details>
<summary>✅ Files skipped from review due to trivial changes (1)</summary>

* website/modules/case-studies-page/views/index.html

</details>

<details>
<summary>🚧 Files skipped from review as they are similar to previous changes (1)</summary>

* website/modules/asset/ui/src/scss/_cases.scss

</details>

<details>
<summary>⏰ Context from checks skipped due to timeout of 90000ms (4)</summary>

* GitHub Check: e2e-tests
* GitHub Check: lint
* GitHub Check: unit-tests
* GitHub Check: security-scan

</details>

</details>
<!-- internal state start -->


<!-- DwQgtGAEAqAWCWBnSTIEMB26CuAXA9mAOYCmGJATmriQCaQDG+Ats2bgFyQAOFk+AIwBWJBrngA3EsgEBPRvlqU0AgfFwA6NPEgQAfACgjoCEYDEZyAAUASpETZWaCrKNwSPbABsvkCiQBHbGlcSHFcLzpIACIAbQB2ACYAZgBdSAAxeAAPewYKfB90ADMaPjRubi9ZeAwiSGL4LzLEABpo+2wBZnUaejlIbERKSABJWHwKAFk0YYZYAGt8dGRbSAxHARGARniATlb0Wlp/RGHkeGZefCk2DFxkAjDYD0bmkcx5ycgSSLvQzD0XAvSAACWgUwAMvZcBRsGJsP5+MVnh4GLMPIhcNhaPBpA0mmVavVitgMGJ4PgMGgvOpZBoYCD5phSBdyV4cR5sNxaNRiaiCe9yuSJnwnkMPABlADCkslkBeaCUfBe8CIsFCEmc8BUkTZWJISuRCuctCYSnoWo50kOAHcEPMfhhYJ98UwMIgkDR7jx8J7xFT+Wh8n7kLjisVKOw8v4yPZ4AAvaQMgCCx3UlOpPlkh2Br0JHxF31QREkcbQkAkSHgalpuHkCGOceu3Eo9bCy0u1yk6AYDGkntrdIZ7jBEOhXjQsnweBQyFOsPh2P8/XkzBu/LzgrK6CLfBnD3gSgFzG0WHd3oB/jQh0B/CkVCK4KhDUmp9w4jqu/o5o8195Q7ts4HhdgUUi0COLzDJA67hvA6IBh66CXB2ToOEi7qegaPpvDunyir6/qZsShxbB+Hx9gONZNHSt4YPQoE3FEp61LgZ4qDR7b4CiW64ZQ/KRtQiIkJBHjcN4vj+EEISMJgkBbJWeK2lE1AKh+3CIBwAD0WmlsCXQaEwzBaYgrZ0ICpLkohWnKQI/okFp4k+Fpux7BoRj6MY4BQGQ9DcTgBDEGQyh9AorDsFwvD8MIojiFIMjyL+VCqOoWg6J5JhQHAqCoHJaB4IQpDkFQoVGf8XBULanROC48mJYoygpZo2i6GAhheaYBi2fZWmwd40habMwy4Fp2DwCZFAMCZDBnFpAD66LnBoiAzZpBjRBtBgWJAKajEFxXUFEDg1fI/nMnU0hGCmMG1JcjgKiQaoasaAAG6JeAwAAU2wAAw/RIsC6JAyTJD93DZAAlC9kC2rMRwWqhW4vYZiBzbSWLQxeZ4jE8ZDoR4SqBNgh2Vm28E0vY3DBiJjIeMjfEUGA+GTJjk5nAA5MgjTZFE5BEHyPYvQQ3DQ9wOS/JWNLBMgylIv4VTU/QtrqIDW5ahQOoCHqkAvQAJOutYkGAirKsbj3qrg0N3nrSiIAswtm4TjOqhb0PFN8BtNAT9EwXQ8D3QI14LNw+CsfO0ithSUjVHR9AvVWg6cbIXCNkoGAANzQ7DyBKgjTyNh4W6/CQ/yKQ4NLVKJOso3NRAa7QmMYjCOLyLwJBViQVXohQStw2QLrklEAy50GOuwpgRFUlw+BUwwdKQD9GjJMghrDJnPAFK2FDtrj1Ja5i674MC/Cz/P48ehmVJhoi/JePgSr8t8WIk+drJV2V0YqEx1czbX9dZ3DbkvJQpPH8MUSIYgBQj0QsaLcd8H5fmfjQMIVAL6ISrguWBIIsSyFpF+O8mBLh8ivn4EuZ5BgihZHQdyRgtqWBTEKYhSEnhbiUAwScJVMzIH8iQbIIdt5RG+OJLW8EnThDxIgIwAA5KkIl1qbQMBAMARhurqAcn1PUWlFpGyxDiCRYAqakC0h3W0iAtK1CUNkDQGpmBeA4PI6IdCdp7SKiFI6jhTy1TOgPVkbgmQ+LdFfL0PxsjsKGGWaoxp3YUHfJ+eod57RqNMtTI4Qghi4H+DLFWtQBTPmhDQK4k4aBVxnmQfkL1gC4gkIwNmiAAC80Rf5Y1qJQDowC0BgCUMUfKzQwAJxrJEMAbEiD1OiAAbzGZAdpGguk9NwAANWrPvaAaARnShnD6AAvps6IehobDLnKQ6JsSohPGSVgZg3hxBVA8Hg/Eytj6GkdNQWENY8AeCpCgB4/BbRYDuQySUlwmjOBjgKCptI9k/D+OwcObdhj3E3Ksr5JdkAuh7FsOMYC3wvNOcsBW/YBTsKGt+KZ1AOmTi2L4F5GsBDvO4VgYYVMSq3JaYgKuFTaUfipJC4updokxElBMKq65/AdGGRcHOXhEDLCxTEnFQJlhoo8E8wG1K3nIM+eobhvzID/MgDIxgASZZRhgoTRGII76lgYIcC8BRfDgPwLaQ43xKAFBVICPBRAq7DFPAihgMI4QIiRHeSyFIqQ0nnv5LcBSFbIP8CxLAZJX7UNoU4hhZQmGPGWKw0QHDM3Gl4fw0KQiui0n9ewDMl0DAyPIO5DajjFGdVUTQXqih+pmKGiQEaY0JpTQsbwjQQg1r1rTS44KzL6DHU8adFEybJEGFHOGFE8amLIEuc0eANz4x1EGXcsKmTniqVtvkGspyQTiQoCHaC/lQ2IW4XwX88k74MAWFk4EB5DUsk3CCMkypqi33wFahkowATHBzlgLskwAQ+1qBIfACFMzGgrOQKqt7EMvVurgaUtJ2CAqUFkIUxIs7ZKwEjTDOpaRJgYV4dZVxZH3EQFnKglRKCHFYiQOufIvzsLxPcMAnpjwM35ORiNCYmEoHuNmkECawoh3ID6Ya3IGRTFqN8RJNBkkErvCXbg7Y90rqtNwvsiIJP2Hbsoe1Sa71sfZHor8GGMDqHWRgRoRBERMJeocBz6hRinlIJCfAYmG5ecwxkKkWGAkUE8zrETlGSDUdo3JmF0XraYYAELOAEGgKwqySDQFQZPD00WHkTFnGgCMsV+S2sKA0O+toaGjFIyCDLFAss8Fyygiel8sDsBGO9LwWWX25iZBXVC3nxCifiz4RL9GHifShocjAyw74XT4G3fsCNh77vYOy0LBZpiKBpG7KziG77nHQNtn0X9ZzulxIhCmsXEzic+VubRzdcT4kMR4TlpC2K1AuN8273WKaWvgjQxdJBulXJCUWqIaHPn83+xdlDUzfhTiiJ9UGP1mCIAhk++DCxD2hHmKIV9KAeJMkRP4H0ABVGw0JmlIRelojEjGSWYBnQKBwdlXl1GQC9MwDNosOdoOklwwvn4vui98N6GJJTYloLIaAshWzIzGCiaVbHQgrTtVK+wh9gSRKeHJXl0YStjAACI6yF5BHKOd1id1ktBXRH3wNfD4Nzd+o2njjclAb2A6yyQtHm9DVA65wKoQUuVncwJUAo61gTklcfHWyR8FEIH93szk51hUP0WhaA9AwC10Pjw4TAhzPJWcJWP1bjblWGcK8+FlvUPjl9AalzCRoQao+LwPcnfDb4Od/AH3hbtbVlPsF4CNAQyQ4CEnYRto2zQ7a6aQpcPNR4Nhea70Fr4VBwRa3S2iIreIKtNaaaLqnyiWg+B8RLdA7QQ4BmSDOr4JP4o8gtyeiINSZc+J/Ic4w775+SH4iL+rw4eg2q1I2jD6Sway6jJgOIeRNokB2RqKtqi6aKdrdrjSICTRaI4b3B4YkAEZEh1CDrDqbQr5joHShRTrOCc5zpXQO5dyEG4D8ZHj5iEZfgaKvDfBvYu4SKHKsQFCi4bZE7z6UD9i6bIA8Yvr0rbiUBgD+BFJRB4Jk6M78imSiBT6iLSS1RMpoBsAtCwEuiICAzFBUBEAHoqGHQKqKEaxfifQiReo2ai5YguCHCS4LA2py4K5K4q4kAQwMgADqLwDK8IqquqtQhOqAchCwdAw2m+kOcy6waAVY/MMCqAdevWj+JKW4dO0IqAQCdhgwnoX4W4oIXokw8gKYVgownMng5h8uJM5uFYDA6SLAMIJMggIgkCFi5McSF2PG7AHBgm+2vY6CO0pQIwJRQxBR9OSR7WpAhyKh98ecMqkOECoQvEExc6qY6YmeoKW4vB0R2EXMQiM8SCyqUgDGqESgNAkCgcjqwwfA1IGR4mryRApAK4dU8kwYCwWk0SsMPcleXKHo6c2eX+bEyCAxCE+I7RbBYxXBZQSxX2pC8CtAOcfYkwuIO69ItMEmGYom4mEBkxkgh0jwCAMgJAaKlI+4GAkSU+F22hc80+UKJc0Yn07MNc6MuA7MeOvCXoChteuWt4H4wYCAFRIIKh7cmAoQ5mPofJ46FxD6ZahOd4IcGkMJNxMKNC5g9CjCO+LCIIW+zg+aPCe+AiIBngYBYila86UAUijuhawBDQ/eGAXA422GvGuAxBpB/EdQIepmL0za6ibaWBZwXao0uB+BIxRBnBAZjhXqQ6L0SBja7UmUTofkKI+UgUriE6l2nAfgaAVU9BtUAwSUKgagzU6UbUBgWZZU6gc0R4qM/gJidAc0z828rUmZ3kkA2wiQewAAbAACwMAAAcyQkOAgo5o5w5v0o5AArEubQNOYkLQEuVsMkMUPEOOROfOcOcUAwD9MOb2Q2f2QwEeSecOckHsEuT9HQEuckJuXsCQNsNsH2MUHsLQKOXuSeYaPsMucObQD9CiBlP2YObQHufEHuWgHsMkAID9BOUuXsAIBOb+cUAIEuaOckPEGgPED9OOQwIkEuX2D+YaOeVmbhcOYTBGBOcOROceeOceR+e+RucUHeYkMUIxX+SQIkCQCQMkEucOfEFRf2SQMOQwEubuQeaOYkOOSJWgJDvOcJbhSQD9GaFlhueiEoCDNBR4BBRAMDP2IhUuUkLuWgKucJckIkChROXsHsMebQNsMkARahUuYkITKBckBOeJcZXsD9CuchWgGgLhWgG5YkOiEueVqOZDkufxZ+SDA5XsKFWaMUA+fQJ5BecZU2bgC2ViXNO2UpJ2b5L2UAA= -->

<!-- internal state end -->
<!-- tips_start -->

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

<details>
<summary>❤️ Share</summary>

- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai)
- [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai)
- [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai)
- [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)

</details>

<details>
<summary>🪧 Tips</summary>

### Chat

There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai?utm_source=oss&utm_medium=github&utm_campaign=speedandfunction/website&utm_content=179):

- Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  - `I pushed a fix in commit <commit_id>, please review it.`
  - `Explain this complex logic.`
  - `Open a follow-up GitHub issue for this discussion.`
- Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples:
  - `@coderabbitai explain this code block.`
  -	`@coderabbitai modularize this function.`
- PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  - `@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.`
  - `@coderabbitai read src/utils.ts and explain its main purpose.`
  - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.`
  - `@coderabbitai help me debug CodeRabbit configuration file.`

### Support

Need help? Create a ticket on our [support page](https://www.coderabbit.ai/contact-us/support) for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

### CodeRabbit Commands (Invoked using PR comments)

- `@coderabbitai pause` to pause the reviews on a PR.
- `@coderabbitai resume` to resume the paused reviews.
- `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
- `@coderabbitai full review` to do a full review from scratch and review all the files again.
- `@coderabbitai summary` to regenerate the summary of the PR.
- `@coderabbitai generate docstrings` to [generate docstrings](https://docs.coderabbit.ai/finishing-touches/docstrings) for this PR.
- `@coderabbitai generate sequence diagram` to generate a sequence diagram of the changes in this PR.
- `@coderabbitai resolve` resolve all the CodeRabbit review comments.
- `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository.
- `@coderabbitai help` to get help.

### Other keywords and placeholders

- Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed.
- Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description.
- Add `@coderabbitai` anywhere in the PR title to generate the title automatically.

### CodeRabbit Configuration File (`.coderabbit.yaml`)

- You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository.
- Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information.
- If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json`

### Documentation and Community

- Visit our [Documentation](https://docs.coderabbit.ai) for detailed information on how to use CodeRabbit.
- Join our [Discord Community](http://discord.gg/coderabbit) to get help, request features, and share feedback.
- Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

</details>

<!-- tips_end -->

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
website/modules/asset/ui/src/scss/_cases.scss (1)

618-626: Consider using scroll-margin-top for anchor offset
Using position: relative with negative top offsets works, but for scroll anchors it's more semantic and less layout-shifting to use the scroll-margin-top CSS property. For example:

 .filter-anchor {
-  position: relative;
-  top: -$mobile-header-height;
+  height: 0;
+  visibility: hidden;
+  scroll-margin-top: $mobile-header-height;
   @include breakpoint-medium {
-    top: -$desktop-header-height;
+    scroll-margin-top: $desktop-header-height;
   }
 }

This approach keeps the anchor in flow and avoids manual positioning hacks.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3bcb9c4 and 12964c8.

📒 Files selected for processing (2)
  • website/modules/asset/ui/src/scss/_cases.scss (1 hunks)
  • website/modules/case-studies-page/views/index.html (3 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (4)
  • GitHub Check: lint
  • GitHub Check: security-scan
  • GitHub Check: e2e-tests
  • GitHub Check: unit-tests
🔇 Additional comments (3)
website/modules/case-studies-page/views/index.html (3)

4-7: Approve: Multiline attributes for container <div>
Splitting the class and data-default-visible-tags attributes onto separate lines improves readability and aligns with the template’s formatting conventions.


167-169: Approve: Multiline attributes for hidden tag list <li>
Moving class and data-label to their own lines enhances clarity in the loop-generated tag markup.


197-200: Approve: Multiline attributes for “Show more” <button>
Separating class, data-filter-type, and type attributes makes the button markup more maintainable and easier to scan.

coderabbitai[bot]
coderabbitai Bot previously approved these changes Jun 19, 2025
@github-actions

github-actions Bot commented Jun 19, 2025

Copy link
Copy Markdown

🔍 Vulnerabilities of apostrophe-cms:test

📦 Image Reference apostrophe-cms:test
digestsha256:b41f8f49f7eb0196401ead601b8f48fe6919d921807f0d0d6958029aab672274
vulnerabilitiescritical: 0 high: 3 medium: 0 low: 0
platformlinux/amd64
size290 MB
packages977
📦 Base Image node:23-alpine
also known as
  • 23-alpine3.22
  • 23.11-alpine
  • 23.11-alpine3.22
  • 23.11.1-alpine
  • 23.11.1-alpine3.22
digestsha256:b9d38d589853406ff0d4364f21969840c3e0397087643aef8eede40edbb6c7cd
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 1
critical: 0 high: 1 medium: 0 low: 0 async 1.5.2 (npm)

pkg:npm/async@1.5.2

high 7.8: CVE--2021--43138 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range<2.6.4
Fixed version2.6.4, 3.2.2
CVSS Score7.8
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score0.419%
EPSS Percentile61st percentile
Description

A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.

critical: 0 high: 1 medium: 0 low: 0 async 0.9.2 (npm)

pkg:npm/async@0.9.2

high 7.8: CVE--2021--43138 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

Affected range<2.6.4
Fixed version2.6.4, 3.2.2
CVSS Score7.8
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score0.419%
EPSS Percentile61st percentile
Description

A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.

critical: 0 high: 1 medium: 0 low: 0 connect-multiparty 2.2.0 (npm)

pkg:npm/connect-multiparty@2.2.0

high 7.8: CVE--2022--29623 Unrestricted Upload of File with Dangerous Type

Affected range<=2.2.0
Fixed versionNot Fixed
CVSS Score7.8
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score0.334%
EPSS Percentile56th percentile
Description

An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. NOTE: the Supplier has not verified this vulnerability report.

@IhorMasechko IhorMasechko self-assigned this Jun 19, 2025

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 12964c8 and c6fc063.

📒 Files selected for processing (1)
  • website/modules/asset/ui/src/index.js (2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (6)
  • GitHub Check: security-scan
  • GitHub Check: unit-tests
  • GitHub Check: e2e-tests
  • GitHub Check: lint
  • GitHub Check: Analyze (javascript-typescript)
  • GitHub Check: Analyze (actions)
🔇 Additional comments (2)
website/modules/asset/ui/src/index.js (2)

13-13: Minor formatting improvement.

The added empty line improves code readability and structure.


299-299: ```shell
#!/bin/bash

Display the context around both initSmoothCounters calls in index.js

echo "----- Lines 1–120 of index.js -----"
sed -n '1,120p' website/modules/asset/ui/src/index.js

echo "----- Lines 250–350 of index.js -----"
sed -n '250,350p' website/modules/asset/ui/src/index.js


</details>

</blockquote></details>

</details>

<!-- This is an auto-generated comment by CodeRabbit for review status -->

Comment thread website/modules/asset/ui/src/index.js

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (3)
website/modules/asset/ui/src/clientSideFiltering.js (3)

3-15: Optimize the URL pattern matching logic.

The current implementation has repetitive href.includes() checks that could be simplified and made more maintainable.

Consider refactoring to use a more efficient approach:

-const shouldInterceptClick = function (link) {
-  const href = link.getAttribute('href');
-  return (
-    href &&
-    (href.includes('#filter') ||
-      href.includes('?industry=') ||
-      href.includes('&industry=') ||
-      href.includes('?stack=') ||
-      href.includes('&stack=') ||
-      href.includes('?caseStudyType=') ||
-      href.includes('&caseStudyType='))
-  );
-};
+const shouldInterceptClick = function (link) {
+  const href = link.getAttribute('href');
+  if (!href) return false;
+  
+  const filterParams = ['industry=', 'stack=', 'caseStudyType='];
+  return href.includes('#filter') || 
+         filterParams.some(param => href.includes(`?${param}`) || href.includes(`&${param}`));
+};

35-39: Use optional chaining as suggested by static analysis.

The static analysis tool correctly identified that optional chaining can simplify the condition check.

Apply the suggested optional chaining:

 const handlePopState = function (event) {
-  if (event.state && event.state.clientSideFilter) {
+  if (event.state?.clientSideFilter) {
     window.location.reload();
   }
 };

41-48: Consider adding cleanup functionality.

The current implementation adds event listeners but doesn't provide a way to remove them, which could lead to memory leaks in single-page applications or during testing.

Consider returning a cleanup function:

 export const initClientSideFiltering = function () {
   if (!document.querySelector('.cs_list')) {
-    return;
+    return () => {}; // No-op cleanup
   }

   window.addEventListener('popstate', handlePopState);
   document.addEventListener('click', handleFilterClick);
+
+  // Return cleanup function
+  return function cleanup() {
+    window.removeEventListener('popstate', handlePopState);
+    document.removeEventListener('click', handleFilterClick);
+  };
 };
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c6fc063 and 12d7477.

📒 Files selected for processing (3)
  • website/modules/asset/ui/src/clientSideFiltering.js (1 hunks)
  • website/modules/asset/ui/src/index.js (3 hunks)
  • website/modules/asset/ui/src/scss/_cases.scss (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
  • website/modules/asset/ui/src/scss/_cases.scss
  • website/modules/asset/ui/src/index.js
🧰 Additional context used
🪛 Biome (1.9.4)
website/modules/asset/ui/src/clientSideFiltering.js

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

⏰ Context from checks skipped due to timeout of 90000ms (6)
  • GitHub Check: e2e-tests
  • GitHub Check: lint
  • GitHub Check: unit-tests
  • GitHub Check: security-scan
  • GitHub Check: Analyze (javascript-typescript)
  • GitHub Check: Analyze (actions)
🔇 Additional comments (1)
website/modules/asset/ui/src/clientSideFiltering.js (1)

1-48: Overall implementation looks solid for the intended use case.

The module correctly implements client-side filtering with page reload functionality. The approach of using window.location.reload() after URL updates ensures server-side filtering logic is applied, which aligns with the PR objectives.

Comment thread website/modules/asset/ui/src/clientSideFiltering.js
- Add error handling for URL construction in client-side filtering
- Use optional chaining for safer event state checking
- Refactor case studies anchor fix with destructured URL properties
- Consolidate CSS rules for case study grid loading state
- Remove redundant comments in index.js initialization
coderabbitai[bot]
coderabbitai Bot previously approved these changes Jun 20, 2025
coderabbitai[bot]
coderabbitai Bot previously approved these changes Jun 23, 2025
@IhorMasechko IhorMasechko force-pushed the fix/avoid-reload-case-study-page-during-filtering branch from e6c5f78 to 3ce3b57 Compare June 23, 2025 12:33
@yuramax yuramax changed the title fix: Fix filter anchor positioning and improve HTML structure [723] Fix scroll after applying filters Jun 30, 2025

@VitalyyP VitalyyP left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Anton-88 Anton-88 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good job!

@killev killev left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@killev killev enabled auto-merge (squash) July 2, 2025 15:56
@sonarqubecloud

sonarqubecloud Bot commented Jul 2, 2025

Copy link
Copy Markdown

@killev killev merged commit fe825f6 into main Jul 2, 2025
12 checks passed
@killev killev deleted the fix/avoid-reload-case-study-page-during-filtering branch July 2, 2025 17:56
@coderabbitai coderabbitai Bot mentioned this pull request Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants