Skip to content

Read regex mobile regex through html dataset #9413

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
RushanNanayakkara wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Read regex mobile regex through html dataset #9413

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1045ec2
Read regex mobile regex through html dataset
RushanNanayakkara Oct 31, 2025
f9e0d00
Fix typo in back channel logout url section
RushanNanayakkara Nov 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion features/admin.applications.v1/components/forms/inbound-oidc-form.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3909,7 +3909,7 @@ export const InboundOIDCForm: FunctionComponent<InboundOIDCFormPropsInterface> =
<Divider hidden />
</Grid.Column>
<Grid.Column mobile={ 16 } tablet={ 16 } computer={ 16 }>
<Heading as="h4">Logout URLs</Heading>
<Heading as="h4">Logout URL</Heading>
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Avoid hardcoded text; use i18n key for the section heading

This file consistently uses t(...) for labels. Hardcoding "Logout URL" breaks i18n/l10n. Prefer the existing translations (e.g., a logoutURLs.heading key) or add a new singular key if needed.

- <Heading as="h4">Logout URL</Heading>
+ <Heading as="h4">
+   { t("applications:forms.inboundOIDC.sections.logoutURLs.heading") }
+ </Heading>

Run to confirm an existing heading key (adjust paths as needed):

🏁 Script executed:

#!/bin/bash
rg -nP --type=json -C2 'logoutURLs.*heading' i18n|head -n 50

Length of output: 44


---

🏁 Script executed:

```shell
#!/bin/bash
# Find i18n or translation-related directories/files
fd -t f -e json -e ts -e tsx | grep -iE '(i18n|translation|locale|lang)' | head -20

Length of output: 1119

🏁 Script executed:

#!/bin/bash
# Check the structure near the file under review to understand the project layout
fd -t d -path '*/admin.applications*' | head -10

Length of output: 168

🏁 Script executed:

#!/bin/bash
# Search for "Logout URL" or similar logout-related i18n keys anywhere in the repo
rg -n --type=json 'logout' | head -30

Length of output: 1063

🏁 Script executed:

#!/bin/bash
# Check the actual file to see how other headings use i18n
rg -nP --type=tsx 'Heading as="h4"' features/admin.applications.v1/components/forms/inbound-oidc-form.tsx -C2 | head -40

Length of output: 27


---

🏁 Script executed:

```shell
#!/bin/bash
# Find translation/locale JSON files - likely in public folder or modules
fd -t f -e json | grep -iE '(locale|translation|messages|en|lang)' | grep -v node_modules | grep -v deployment.config | head -30

Length of output: 2887

🏁 Script executed:

#!/bin/bash
# Check the actual file around line 3912
sed -n '3910,3915p' features/admin.applications.v1/components/forms/inbound-oidc-form.tsx

Length of output: 329

🏁 Script executed:

#!/bin/bash
# Search for how other Heading h4 elements use i18n in this file
rg -n --type=ts 'Heading as="h4"' features/admin.applications.v1/components/forms/inbound-oidc-form.tsx -B1 -A1 | head -50

Length of output: 2772

🏁 Script executed:

#!/bin/bash
# Look for t(...) usage patterns in the file to understand i18n key structure
rg -n 't\(' features/admin.applications.v1/components/forms/inbound-oidc-form.tsx | head -20

Length of output: 1443


---

🏁 Script executed:

```shell
#!/bin/bash
# Find where translation keys are defined - check public folder
find . -type f -name "*.json" -path "*/public/*" | grep -iE '(en|locale|translation|messages)' | grep -v node_modules | head -20

Length of output: 156

🏁 Script executed:

#!/bin/bash
# Search for existing logout-related i18n keys in the codebase
rg -n 'logoutURL' --type=ts --type=tsx features/admin.applications.v1/ -B1 -A1 | head -30

Length of output: 27

🏁 Script executed:

#!/bin/bash
# Look for similar section keys patterns to understand structure
rg -n 'sections\.' features/admin.applications.v1/components/forms/inbound-oidc-form.tsx | grep -i 'heading' | head -10

Length of output: 110

Use i18n translation key for "Logout URL" heading

Line 3912 is the only h4 heading in this file that is hardcoded; all others consistently use t(...) for translations following the pattern applications:forms.inboundOIDC.sections.*. This breaks i18n/l10n consistency.

- <Heading as="h4">Logout URL</Heading>
+ <Heading as="h4">
+   { t("applications:forms.inboundOIDC.sections.logoutURLs.heading") }
+ </Heading>
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
<Heading as="h4">Logout URL</Heading>
<Heading as="h4">
{ t("applications:forms.inboundOIDC.sections.logoutURLs.heading") }
</Heading>
🤖 Prompt for AI Agents 
In features/admin.applications.v1/components/forms/inbound-oidc-form.tsx around
line 3912, the h4 heading "Logout URL" is hardcoded while other headings use the
i18n helper; replace the hardcoded string by using the translation key following
the existing pattern, e.g. call
t('applications:forms.inboundOIDC.sections.logoutUrl') (or the exact key name
matching your locale files) so the heading is internationalized and consistent
with the rest of the file.

<Divider hidden />
<Field
ref={ backChannelLogoutUrl }
Expand Down
8 changes: 7 additions & 1 deletion identity-apps-core/apps/authentication-portal/src/main/webapp/mobile.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,15 +187,21 @@
<jsp:include page="includes/footer.jsp"/>
<% } %>

<div id="regexData" data-regex="<%=Encode.forHtmlAttribute(mobileRegex)%>" style="display:none;"></div>

<script type="text/javascript">
$(document).ready(function() {
$('#update').click(function() {
var mobileNumber = document.getElementById("MOBILE_NUMBER").value;
var regexPattern = document.getElementById('regexData').dataset.regex;
// decode HTML-encoded backslashes for use in RegExp constructor
regexPattern = regexPattern.replace(/\\\\/g, "\\");
var regexObj = new RegExp(regexPattern);
if (mobileNumber == "") {
Comment on lines +196 to 200
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Harden regex construction and validation; avoid runtime breaks and over-unescaping

  • Construct RegExp only if validation is enabled and a pattern exists.
  • Wrap in try/catch to avoid a hard failure on invalid patterns.
  • Only unescape double backslashes if present; unconditional replacement can change semantics for patterns that need literal backslashes.
  • Use the compiled regex only when available.
- var regexPattern = document.getElementById('regexData').dataset.regex;
- // decode HTML-encoded backslashes for use in RegExp constructor
- regexPattern = regexPattern.replace(/\\\\/g, "\\");
- var regexObj = new RegExp(regexPattern);
+ var regexObj = null;
+ var regexHolder = document.getElementById('regexData');
+ var regexPattern = regexHolder ? regexHolder.dataset.regex : "";
+ // Build regex only when policy is enabled and a non-empty pattern exists.
+ if (<%=validateMobileNumberFormat%> && regexPattern) {
+   try {
+     // Unescape only if we actually see double backslashes.
+     var pattern = regexPattern.indexOf("\\\\") >= 0
+       ? regexPattern.replace(/\\\\/g, "\\")
+       : regexPattern;
+     regexObj = new RegExp(pattern);
+   } catch (e) {
+     console.error("Invalid mobile regex pattern supplied:", e);
+     regexObj = null; // Fail open on client; server should still validate.
+   }
+ }
@@
- } else if (<%=validateMobileNumberFormat%> && !(regexObj.test(mobileNumber))) {
+ } else if (<%=validateMobileNumberFormat%> && regexObj && !(regexObj.test(mobileNumber.trim()))) {

Additional minor tweak (outside the selected lines): consider var mobileNumber = document.getElementById("MOBILE_NUMBER").value.trim(); to avoid whitespace false negatives.

Also applies to: 204-205

🤖 Prompt for AI Agents 
In identity-apps-core/apps/authentication-portal/src/main/webapp/mobile.jsp
around lines 196-200 (and similarly 204-205), only build a RegExp when
validation is enabled and a pattern exists: check the flag and presence of
dataset.regex before attempting construction; if present, conditionally unescape
double backslashes (perform replace only when /\\\\/ is found) rather than
unconditionally altering the pattern, then wrap new RegExp(...) in try/catch and
proceed to use the compiled regex only if construction succeeds; additionally,
trim the mobile number by replacing the mobileNumber assignment with a .trim()
call to avoid whitespace false negatives.

document.getElementById('alertDiv').innerHTML
= '<div id="error-msg" class="ui negative message"><%=AuthenticationEndpointUtil.i18n(resourceBundle, "please.enter.mobile.number")%></div>'
+'<div class="ui divider hidden"></div>';
} else if (<%=validateMobileNumberFormat%> && !(mobileNumber.match("<%=Encode.forJavaScript(mobileRegex)%>"))) {
} else if (<%=validateMobileNumberFormat%> && !(regexObj.test(mobileNumber))) {
document.getElementById('alertDiv').innerHTML
= '<div id="error-msg" class="ui negative message"><%=Encode.forHtml(mobileRegexPolicyValidationErrorMessage)%></div>'
+'<div class="ui divider hidden"></div>';
Expand Down
Loading