From e7aa91bbe7c6e5f623a534220746d73203c91aac Mon Sep 17 00:00:00 2001
From: Denys Fedotov <dfedotov@Denyss-MacBook-Pro.local>
Date: Wed, 29 May 2024 17:48:04 -0600
Subject: [PATCH 1/8] Removed DOMXSS vulnerability noticed by Kodiak

---
 libs/features/personalization/preview.js | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/libs/features/personalization/preview.js b/libs/features/personalization/preview.js
index 28caab1d2d..d13d5c6aec 100644
--- a/libs/features/personalization/preview.js
+++ b/libs/features/personalization/preview.js
@@ -254,10 +254,18 @@ function createPreviewPill(manifests) {
           </div>
         </div>
       </div>
-    </div>
-    <div class="dark">
-      <a class="con-button outline button-l" href="${simulateHref.href}" title="Preview above choices">Preview</a>
     </div>`;
+
+  const darkDiv = document.createElement('div')
+  const button = document.createElement('a')
+  darkDiv.className = 'dark'
+  button.className = 'con-button outline button-l'
+  button.title = 'Preview above choices'
+  button.text = 'Preview'
+  button.href = simulateHref.href
+  darkDiv.append(button)
+  div.append(darkDiv)
+
   overlay.append(div);
   addPillEventListeners(div);
 }

From ef20bda68a6fd2276d10a5a4dbf34f07ba30a369 Mon Sep 17 00:00:00 2001
From: Denys Fedotov <dfedotov@Denyss-MacBook-Pro.local>
Date: Wed, 29 May 2024 18:13:10 -0600
Subject: [PATCH 2/8] lint errors fix

---
 libs/features/personalization/preview.js | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/libs/features/personalization/preview.js b/libs/features/personalization/preview.js
index d13d5c6aec..04695414d3 100644
--- a/libs/features/personalization/preview.js
+++ b/libs/features/personalization/preview.js
@@ -254,17 +254,20 @@ function createPreviewPill(manifests) {
           </div>
         </div>
       </div>
+    </div>
+    <div class="dark">
+      <a class="con-button outline button-l" href="${simulateHref.href}" title="Preview above choices">Preview</a>
     </div>`;
+  const darkDiv = document.createElement('div');
+  const button = document.createElement('a');
+  darkDiv.className = 'dark';
+  button.className = 'con-button outline button-l';
+  button.title = 'Preview above choices';
+  button.text = 'Preview';
+  button.href = simulateHref.href;
+  darkDiv.append(button);
 
-  const darkDiv = document.createElement('div')
-  const button = document.createElement('a')
-  darkDiv.className = 'dark'
-  button.className = 'con-button outline button-l'
-  button.title = 'Preview above choices'
-  button.text = 'Preview'
-  button.href = simulateHref.href
-  darkDiv.append(button)
-  div.append(darkDiv)
+  div.append(darkDiv);
 
   overlay.append(div);
   addPillEventListeners(div);

From 9c7582f104e5cefecbfd9621410dcadd98a2aac8 Mon Sep 17 00:00:00 2001
From: Denys Fedotov <dfedotov@Denyss-MacBook-Pro.local>
Date: Wed, 29 May 2024 18:14:38 -0600
Subject: [PATCH 3/8] removed txt version of the div

---
 libs/features/personalization/preview.js | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/libs/features/personalization/preview.js b/libs/features/personalization/preview.js
index 04695414d3..4038d5e62d 100644
--- a/libs/features/personalization/preview.js
+++ b/libs/features/personalization/preview.js
@@ -254,9 +254,6 @@ function createPreviewPill(manifests) {
           </div>
         </div>
       </div>
-    </div>
-    <div class="dark">
-      <a class="con-button outline button-l" href="${simulateHref.href}" title="Preview above choices">Preview</a>
     </div>`;
   const darkDiv = document.createElement('div');
   const button = document.createElement('a');

From e311a86ea8b243ca3e9db2dd10267903f5cf93b3 Mon Sep 17 00:00:00 2001
From: Denys Fedotov <dfedotov@Denyss-MacBook-Pro.local>
Date: Mon, 3 Jun 2024 11:56:40 -0600
Subject: [PATCH 4/8] using createTag instead of document.createElement

---
 libs/features/personalization/preview.js | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/libs/features/personalization/preview.js b/libs/features/personalization/preview.js
index 4038d5e62d..669de74d0e 100644
--- a/libs/features/personalization/preview.js
+++ b/libs/features/personalization/preview.js
@@ -255,13 +255,13 @@ function createPreviewPill(manifests) {
         </div>
       </div>
     </div>`;
-  const darkDiv = document.createElement('div');
-  const button = document.createElement('a');
-  darkDiv.className = 'dark';
-  button.className = 'con-button outline button-l';
-  button.title = 'Preview above choices';
-  button.text = 'Preview';
-  button.href = simulateHref.href;
+  const darkDiv = createTag('div', { class: 'dark'});
+  const button = createTag('a', { 
+    class: 'con-button outline button-l', 
+    text: 'Preview', 
+    href: simulateHref.href, 
+    title: 'Preview above choices'
+  });
   darkDiv.append(button);
 
   div.append(darkDiv);

From 7c7ce8cfdd9963dd7ef60575778a4f76dbf58a0e Mon Sep 17 00:00:00 2001
From: Denys Fedotov <dfedotov@Denyss-MacBook-Pro.local>
Date: Mon, 3 Jun 2024 11:58:33 -0600
Subject: [PATCH 5/8] lint error

---
 libs/features/personalization/preview.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libs/features/personalization/preview.js b/libs/features/personalization/preview.js
index 669de74d0e..4e7b009437 100644
--- a/libs/features/personalization/preview.js
+++ b/libs/features/personalization/preview.js
@@ -256,10 +256,10 @@ function createPreviewPill(manifests) {
       </div>
     </div>`;
   const darkDiv = createTag('div', { class: 'dark'});
-  const button = createTag('a', { 
-    class: 'con-button outline button-l', 
-    text: 'Preview', 
-    href: simulateHref.href, 
+  const button = createTag('a', {
+    class: 'con-button outline button-l',
+    text: 'Preview',
+    href: simulateHref.href,
     title: 'Preview above choices'
   });
   darkDiv.append(button);

From 7bec4c1b5e2b88780ec3878776068e1aa6c2b1fe Mon Sep 17 00:00:00 2001
From: Denys Fedotov <dfedotov@Denyss-MacBook-Pro.local>
Date: Mon, 3 Jun 2024 11:59:13 -0600
Subject: [PATCH 6/8] lint error

---
 libs/features/personalization/preview.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libs/features/personalization/preview.js b/libs/features/personalization/preview.js
index 4e7b009437..6f454b9257 100644
--- a/libs/features/personalization/preview.js
+++ b/libs/features/personalization/preview.js
@@ -255,7 +255,7 @@ function createPreviewPill(manifests) {
         </div>
       </div>
     </div>`;
-  const darkDiv = createTag('div', { class: 'dark'});
+  const darkDiv = createTag('div', { class: 'dark' });
   const button = createTag('a', {
     class: 'con-button outline button-l',
     text: 'Preview',

From a0bc994a4d2a7c45ec0da79623d2fca6d4b10764 Mon Sep 17 00:00:00 2001
From: Denys Fedotov <dfedotov@Denyss-MacBook-Pro.local>
Date: Mon, 3 Jun 2024 13:35:43 -0600
Subject: [PATCH 7/8] refactored to simplify

---
 libs/features/personalization/preview.js | 72 ++++++++++++------------
 1 file changed, 36 insertions(+), 36 deletions(-)

diff --git a/libs/features/personalization/preview.js b/libs/features/personalization/preview.js
index 6f454b9257..8ebfd34b62 100644
--- a/libs/features/personalization/preview.js
+++ b/libs/features/personalization/preview.js
@@ -213,58 +213,58 @@ function createPreviewPill(manifests) {
     document.body.dataset.mepHighlight = true;
   }
 
+  const PREVIEW_BUTTON_ID = 'preview-button';
+
   div.innerHTML = `
     <div class="mep-manifest mep-badge">
       <span class="mep-open"></span>
       <div class="mep-manifest-count">${manifests?.length || 0} Manifest(s) served</div>
     </div>
     <div class="mep-popup">
-    <div class="mep-popup-header">
-      <div>
-        <h4>${manifests?.length || 0} Manifest(s) served</h4>
-        <span class="mep-close"></span>
-        <div class="mep-manifest-page-info-title">Page Info:</div>
-        <div>Target integration feature is ${targetOnText}</div>
-        <div>Personalization feature is ${personalizationOnText}</div>
-        <div>Page's Locale is ${config.locale.ietf}</div>
-      </div>
-    </div>
-    <div class="mep-manifest-list">
-      <div class="mep-manifest-info">
-        <div class="mep-manifest-variants">
-          <input type="checkbox" name="mepHighlight" id="mepHighlightCheckbox" ${mepHighlightChecked} value="true"> <label for="mepHighlightCheckbox">Highlight changes</label>
+      <div class="mep-popup-header">
+        <div>
+          <h4>${manifests?.length || 0} Manifest(s) served</h4>
+          <span class="mep-close"></span>
+          <div class="mep-manifest-page-info-title">Page Info:</div>
+          <div>Target integration feature is ${targetOnText}</div>
+          <div>Personalization feature is ${personalizationOnText}</div>
+          <div>Page's Locale is ${config.locale.ietf}</div>
         </div>
       </div>
-      ${manifestList}
-      <div class="mep-advanced-container">
-        <div class="mep-toggle-advanced">Advanced options</div>
-        <div class="mep-manifest-info mep-advanced-options">
-          <div>
-            Optional: new manifest location or path
-          </div>
+      <div class="mep-manifest-list">
+        <div class="mep-manifest-info">
           <div class="mep-manifest-variants">
+            <input type="checkbox" name="mepHighlight" id="mepHighlightCheckbox" ${mepHighlightChecked} value="true"> <label for="mepHighlightCheckbox">Highlight changes</label>
+          </div>
+        </div>
+        ${manifestList}
+        <div class="mep-advanced-container">
+          <div class="mep-toggle-advanced">Advanced options</div>
+          <div class="mep-manifest-info mep-advanced-options">
             <div>
-              <input type="text" name="new-manifest" id="new-manifest">
+              Optional: new manifest location or path
+            </div>
+            <div class="mep-manifest-variants">
+              <div>
+                <input type="text" name="new-manifest" id="new-manifest">
+              </div>
             </div>
           </div>
-        </div>
-        <div class="mep-manifest-info">
-          <div class="mep-manifest-variants mep-advanced-options">
-            <input type="checkbox" name="mepPreviewButtonCheckbox" id="mepPreviewButtonCheckbox" value="off"> <label for="mepPreviewButtonCheckbox">add mepButton=off to preview link</label>
+          <div class="mep-manifest-info">
+            <div class="mep-manifest-variants mep-advanced-options">
+              <input type="checkbox" name="mepPreviewButtonCheckbox" id="mepPreviewButtonCheckbox" value="off"> <label for="mepPreviewButtonCheckbox">add mepButton=off to preview link</label>
+            </div>
           </div>
         </div>
       </div>
+      <div class="dark">
+        <a class="con-button outline button-l" data-id="${PREVIEW_BUTTON_ID}" title="Preview above choices">Preview</a>
+      </div>
     </div>`;
-  const darkDiv = createTag('div', { class: 'dark' });
-  const button = createTag('a', {
-    class: 'con-button outline button-l',
-    text: 'Preview',
-    href: simulateHref.href,
-    title: 'Preview above choices'
-  });
-  darkDiv.append(button);
 
-  div.append(darkDiv);
+  const previewButton = div.querySelector(`a[data-id="${PREVIEW_BUTTON_ID}"]`);
+
+  if (previewButton) previewButton.href = simulateHref.href;
 
   overlay.append(div);
   addPillEventListeners(div);
@@ -300,4 +300,4 @@ export default async function decoratePreviewMode() {
   loadStyle(`${miloLibs || codeRoot}/features/personalization/preview.css`);
   createPreviewPill(mep?.experiments);
   if (mep?.experiments) addHighlightData(mep.experiments);
-}
+}
\ No newline at end of file

From e38876f689f1c345c967959ab974fc926afc4460 Mon Sep 17 00:00:00 2001
From: Denys Fedotov <dfedotov@Denyss-MacBook-Pro.local>
Date: Mon, 3 Jun 2024 13:36:30 -0600
Subject: [PATCH 8/8] lint

---
 libs/features/personalization/preview.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libs/features/personalization/preview.js b/libs/features/personalization/preview.js
index 8ebfd34b62..df2d7944fc 100644
--- a/libs/features/personalization/preview.js
+++ b/libs/features/personalization/preview.js
@@ -300,4 +300,4 @@ export default async function decoratePreviewMode() {
   loadStyle(`${miloLibs || codeRoot}/features/personalization/preview.css`);
   createPreviewPill(mep?.experiments);
   if (mep?.experiments) addHighlightData(mep.experiments);
-}
\ No newline at end of file
+}