Skip to content

fix: some nested cross-origin iframes can't be recorded#237

Merged
billyvg merged 2 commits intosentry-v2from
upstream-nested-cross-origin-iframes
Feb 10, 2025
Merged

fix: some nested cross-origin iframes can't be recorded#237
billyvg merged 2 commits intosentry-v2from
upstream-nested-cross-origin-iframes

Conversation

@billyvg
Copy link
Copy Markdown
Member

@billyvg billyvg commented Jan 23, 2025
edited
Loading

Upstream rrweb-io#1353

  • fix: some nested cross-origin iframes can't be recorded
  • fix building error in rrweb-player
  • add test case for this special case

Co-authored-by: YunFeng0817 YunFeng0817@users.noreply.github.com

@YunFeng0817 @billyvg
fix: some nested cross-origin iframes can't be recorded (rrweb-io#1353)
5f9073c 
* fix: some nested cross-origin iframes can't be recorded

* fix building error in rrweb-player

* add test case for this special case

* Apply formatting changes

---------

Co-authored-by: YunFeng0817 <YunFeng0817@users.noreply.github.com>
@billyvg billyvg changed the title fix: some nested cross-origin iframes can't be recorded (#1353) fix: some nested cross-origin iframes can't be recorded Jan 23, 2025
@billyvg billyvg requested a review from a team January 24, 2025 21:01
@billyvg billyvg marked this pull request as ready for review January 24, 2025 21:01
@billyvg billyvg merged commit abae563 into sentry-v2 Feb 10, 2025
@billyvg billyvg deleted the upstream-nested-cross-origin-iframes branch February 10, 2025 16:32
@c298lee c298lee mentioned this pull request Feb 18, 2025
Merged
billyvg pushed a commit to getsentry/sentry-javascript that referenced this pull request Feb 24, 2025
@c298lee
feat(replay): Update rrweb packages to 2.32.0 (#15443)
4c54bed 
Includes the following:

- getsentry/rrweb#239
- getsentry/rrweb#237
- getsentry/rrweb#238
- getsentry/rrweb#234
- rrweb-io/rrweb#1501
- rrweb-io/rrweb#1500
- rrweb-io/rrweb#1033
- getsentry/rrweb#233
- getsentry/rrweb#229
chargome added a commit that referenced this pull request Apr 24, 2026
@chargome @claude
fix(deps): refresh lockfile pins for vulnerable transitive deps (#285)
db898b9 
## Summary
Updates stale yarn.lock resolutions to patched versions within their
existing semver ranges, plus fixes a build breakage in rrweb-worker.

**Lockfile refreshes** (no package.json changes):
- **basic-ftp** 5.0.5 -> 5.3.0 (via puppeteer -> proxy-agent -> get-uri)
- **node-forge** 1.3.1 -> 1.4.0 (via vite-plugin-web-extension ->
web-ext-run -> @devicefarmer/adbkit)
- **picomatch** 2.3.1 -> 2.3.2 (via chokidar, micromatch,
@rollup/pluginutils)
- **picomatch** 4.0.2 -> 4.0.4 (via @rollup/pluginutils)
- **flatted** 3.3.2 -> 3.4.2 (via eslint -> flat-cache)

**rrweb-worker build fix**: Replaces `rollup-plugin-typescript2` with
`@rollup/plugin-typescript` — the old plugin can't parse `import type`
syntax with the newer rollup version pulled in by the
`@rollup/plugin-terser` v1 bump.

## Breaking changes
- Lockfile refreshes: none — all within existing semver ranges
- `rollup-plugin-typescript2` -> `@rollup/plugin-typescript`: drop-in
replacement, same rollup plugin API. `@rollup/plugin-typescript` is the
officially maintained plugin. Config options (`tsconfig`, `sourceMap`,
`inlineSourceMap`, `inlineSources`) are compatible. Build verified
passing.

## Dependabot alerts resolved
- [Alert
#249](https://github.com/getsentry/rrweb/security/dependabot/249) (high)
— basic-ftp CRLF injection
- [Alert
#202](https://github.com/getsentry/rrweb/security/dependabot/202)
(critical) — basic-ftp path traversal
- [Alert
#237](https://github.com/getsentry/rrweb/security/dependabot/237) (high)
— node-forge basicConstraints bypass
- [Alert
#236](https://github.com/getsentry/rrweb/security/dependabot/236) (high)
— node-forge Ed25519 signature forgery
- [Alert
#235](https://github.com/getsentry/rrweb/security/dependabot/235) (high)
— node-forge RSA-PKCS signature forgery
- [Alert
#234](https://github.com/getsentry/rrweb/security/dependabot/234) (high)
— node-forge DoS via BigInteger.modInverse
- [Alert
#164](https://github.com/getsentry/rrweb/security/dependabot/164) (high)
— node-forge ASN.1 unbounded recursion
- [Alert
#163](https://github.com/getsentry/rrweb/security/dependabot/163)
(medium) — node-forge ASN.1 OID integer truncation
- [Alert
#162](https://github.com/getsentry/rrweb/security/dependabot/162) (high)
— node-forge ASN.1 desynchronization
- [Alert
#232](https://github.com/getsentry/rrweb/security/dependabot/232)
(medium) — picomatch POSIX class method injection
- [Alert
#230](https://github.com/getsentry/rrweb/security/dependabot/230)
(medium) — picomatch POSIX class method injection (4.x)
- [Alert
#229](https://github.com/getsentry/rrweb/security/dependabot/229) (high)
— picomatch ReDoS via extglob quantifiers
- [Alert
#227](https://github.com/getsentry/rrweb/security/dependabot/227) (high)
— flatted prototype pollution via parse

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@c298lee c298lee c298lee approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@billyvg @c298lee @YunFeng0817