github-actions[bot]
commented
4 months ago [puLL-Merge] - brave/ads-ui@1182
Description
This PR adds the favicon field to the SearchLandingPageWithStats fragment and uses it in the SearchPreview component. It allows displaying the favicon associated with a landing page in the search campaign creation UI.
Changes
### Changes - `src/components/Creatives/SearchPreview.tsx`: - Add `favicon` prop to `SearchPreview` component - Display the favicon image inside the URL bar of the search preview - `src/graphql-client/gql.ts`: - Update the `CreateSearchCampaign_LandingPageList` query to include the `favicon` field in the `SearchProspects_LandingPageList` fragment - `src/graphql-client/graphql.ts`: - Update the generated GraphQL types to include `favicon` field in `SearchLandingPage` and `SearchLandingPageWithStats` types - `src/user/views/user/search/CreateSearchCampaign.tsx`: - Update the `CreateSearchCampaign_LandingPageList` fragment to include the `favicon` field - `src/user/views/user/search/LandingPageListEntry.tsx`: - Pass the `favicon` prop from `landingPage` to the `SearchPreview` componentSecurity Hotspots
- Displaying user-supplied favicons could potentially be an XSS vector if not properly sanitized. Ensure the
faviconURL is validated and filtered before rendering. Risk: Medium - Fetching favicons from arbitrary origins may expose user activity if not proxied through a secure server. Consider proxying the favicon requests. Risk: Low
Let me know if you have any other questions!
tackley
Relies on https://github.com/brave/ads-serve/pull/3884