From 77c6c42c9474511debd523477ec5a5bb81008fbb Mon Sep 17 00:00:00 2001 From: daniel-c-harvey Date: Tue, 23 Jun 2026 14:17:34 -0400 Subject: [PATCH] remediate: replace eval cookie writes with safe JS helper + add tests (18.6 Track A) Both SettingsCookieService and DarkModeCookieService now call window.DeepDrftSettings.setCookie (new Interop/settings/settings.ts) instead of eval. New tests cover SettingsServiceBase parse/format round-trip and the PreferenceAwareStreamingPlayerService invariant (Lossless skips probe; LowData inherits base). --- .../Services/DarkModeCookieService.cs | 4 +- .../Services/SettingsCookieService.cs | 4 +- DeepDrftPublic/Components/App.razor | 1 + DeepDrftPublic/Interop/settings/settings.ts | 33 +++ ...ferenceAwareStreamingPlayerServiceTests.cs | 209 ++++++++++++++++++ DeepDrftTests/SettingsServiceBaseTests.cs | 73 ++++++ 6 files changed, 318 insertions(+), 6 deletions(-) create mode 100644 DeepDrftPublic/Interop/settings/settings.ts create mode 100644 DeepDrftTests/PreferenceAwareStreamingPlayerServiceTests.cs create mode 100644 DeepDrftTests/SettingsServiceBaseTests.cs diff --git a/DeepDrftPublic.Client/Services/DarkModeCookieService.cs b/DeepDrftPublic.Client/Services/DarkModeCookieService.cs index 177894e..30e6b2f 100644 --- a/DeepDrftPublic.Client/Services/DarkModeCookieService.cs +++ b/DeepDrftPublic.Client/Services/DarkModeCookieService.cs @@ -14,9 +14,7 @@ public class DarkModeCookieService(DarkModeSettings darkModeSetting, IJSRuntime public async ValueTask SetDarkModeAsync(bool isDarkMode) { - var expires = DateTime.UtcNow.AddDays(EXPIRY_DAYS).ToString("R"); - await js.InvokeVoidAsync("eval", - $"document.cookie = '{COOKIE_NAME}={isDarkMode.ToString().ToLower()}; expires={expires}; path=/; SameSite=Lax'"); + await js.InvokeVoidAsync("DeepDrftSettings.setCookie", COOKIE_NAME, isDarkMode.ToString().ToLower(), EXPIRY_DAYS); darkModeSetting.IsDarkMode = isDarkMode; } } \ No newline at end of file diff --git a/DeepDrftPublic.Client/Services/SettingsCookieService.cs b/DeepDrftPublic.Client/Services/SettingsCookieService.cs index e58f08b..d0bbce7 100644 --- a/DeepDrftPublic.Client/Services/SettingsCookieService.cs +++ b/DeepDrftPublic.Client/Services/SettingsCookieService.cs @@ -27,8 +27,6 @@ public class SettingsCookieService(PublicSiteSettings settings, IJSRuntime js) : private async ValueTask WriteCookieAsync(string name, string value) { - var expires = DateTime.UtcNow.AddDays(ExpiryDays).ToString("R"); - await js.InvokeVoidAsync("eval", - $"document.cookie = '{name}={value}; expires={expires}; path=/; SameSite=Lax'"); + await js.InvokeVoidAsync("DeepDrftSettings.setCookie", name, value, ExpiryDays); } } diff --git a/DeepDrftPublic/Components/App.razor b/DeepDrftPublic/Components/App.razor index 851143b..4576b1f 100644 --- a/DeepDrftPublic/Components/App.razor +++ b/DeepDrftPublic/Components/App.razor @@ -24,6 +24,7 @@