npm - nodebb-plugin-ezoic-infinite - Versions diffs - 1.8.34 → 1.8.35 - Mend

nodebb-plugin-ezoic-infinite 1.8.34 → 1.8.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/public/client.js +108 -31

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-ezoic-infinite",
-  "version": "1.8.34",
+  "version": "1.8.35",
   "description": "Production-ready Ezoic infinite ads integration for NodeBB 4.x",
   "main": "library.js",
   "license": "MIT",

package/public/client.js CHANGED Viewed

@@ -38,7 +38,7 @@
     SHOW_RELEASE_MS:      700,
     BATCH_FLUSH_MS:        80,
     RECYCLE_DELAY_MS:     450,
-    TCF_DEBOUNCE_MS:      500,
   };
   // Limits
@@ -923,50 +923,122 @@
     } catch (_) {}
   }
-  // ── TCF Locator ────────────────────────────────────────────────────────────
+  // ── TCF / CMP Protection ─────────────────────────────────────────────────
   //
-  // FIX: The CMP iframe locator (__tcfapiLocator) must exist for the CMP to
-  // communicate via postMessage. NodeBB's ajaxify can remove it during navigation.
+  // Root cause of the CMP errors:
+  //   "Cannot read properties of null (reading 'postMessage')"
+  //   "Cannot set properties of null (setting 'addtlConsent')"
   //
-  // Previous approach: MutationObserver that re-injects on EVERY mutation → race
-  // conditions with CMP, causing "Cannot read properties of null (reading 'postMessage')"
-  // and "Cannot set properties of null (setting 'addtlConsent')".
+  // The CMP (Gatekeeper Consent) communicates via postMessage on the
+  // __tcfapiLocator iframe's contentWindow. During NodeBB ajaxify navigation,
+  // jQuery's html() or empty() on the content area can cascade and remove
+  // iframes from <body>. The CMP then calls getTCData on a stale reference
+  // where contentWindow is null.
   //
-  // New approach: Debounced check — only re-inject after DOM stabilizes (500ms).
-  // The CMP scripts handle their own initialization; we just ensure the locator
-  // iframe exists when needed.
-  let _tcfDebounce = null;
+  // Strategy (3 layers):
+  //
+  //  1. PROTECT: Move the locator iframe into <head> where ajaxify never
+  //     touches it. The TCF spec only requires the iframe to exist in the
+  //     document with name="__tcfapiLocator" — it works from <head>.
+  //
+  //  2. GUARD: Wrap __tcfapi and __cmp with a safety layer that catches
+  //     errors in the CMP's internal getTCData, preventing the uncaught
+  //     TypeError from propagating.
+  //
+  //  3. RESTORE: MutationObserver on <body> childList (not subtree) to
+  //     immediately re-create the locator if something still removes it.
   function ensureTcfLocator() {
-    // Only needed if CMP APIs are present
     if (!window.__tcfapi && !window.__cmp) return;
-    const inject = () => {
-      if (document.getElementById('__tcfapiLocator')) return;
+    const LOCATOR_ID = '__tcfapiLocator';
+    // Create or relocate the locator iframe into <head> for protection
+    const ensureInHead = () => {
+      let existing = document.getElementById(LOCATOR_ID);
+      if (existing) {
+        // If it's in <body>, move it to <head> where ajaxify can't reach it
+        if (existing.parentElement !== document.head) {
+          try { document.head.appendChild(existing); } catch (_) {}
+        }
+        return existing;
+      }
+      // Create fresh
       const f = document.createElement('iframe');
       f.style.display = 'none';
-      f.id = f.name = '__tcfapiLocator';
-      (document.body || document.documentElement).appendChild(f);
+      f.id = f.name = LOCATOR_ID;
+      try { document.head.appendChild(f); } catch (_) {
+        // Fallback to body if head insertion fails
+        (document.body || document.documentElement).appendChild(f);
+      }
+      return f;
     };
-    inject();
+    ensureInHead();
+    // Layer 2: Guard the CMP API calls against null contentWindow
+    if (!window.__nbbCmpGuarded) {
+      window.__nbbCmpGuarded = true;
+      // Wrap __tcfapi
+      if (typeof window.__tcfapi === 'function') {
+        const origTcf = window.__tcfapi;
+        window.__tcfapi = function (cmd, version, cb, param) {
+          try {
+            return origTcf.call(this, cmd, version, function (...args) {
+              try { cb?.(...args); } catch (_) {}
+            }, param);
+          } catch (e) {
+            // If the error is the null postMessage/addtlConsent, swallow it
+            if (e?.message?.includes('null')) {
+              // Re-ensure locator exists, then retry once
+              ensureInHead();
+              try { return origTcf.call(this, cmd, version, cb, param); } catch (_) {}
+            }
+          }
+        };
+      }
-    // Set up a debounced observer instead of per-mutation injection
+      // Wrap __cmp (legacy CMP v1 API)
+      if (typeof window.__cmp === 'function') {
+        const origCmp = window.__cmp;
+        window.__cmp = function (...args) {
+          try {
+            return origCmp.apply(this, args);
+          } catch (e) {
+            if (e?.message?.includes('null')) {
+              ensureInHead();
+              try { return origCmp.apply(this, args); } catch (_) {}
+            }
+          }
+        };
+      }
+    }
+    // Layer 3: MutationObserver to immediately restore if removed
     if (!window.__nbbTcfObs) {
-      window.__nbbTcfObs = new MutationObserver(() => {
-        // Quick check: if locator still exists, skip
-        if (document.getElementById('__tcfapiLocator')) return;
-        // Debounce: wait for DOM to stabilize before re-injecting
-        clearTimeout(_tcfDebounce);
-        _tcfDebounce = setTimeout(inject, TIMING.TCF_DEBOUNCE_MS);
-      });
-      // Observe only direct children of body (not deep subtree)
-      // since the locator iframe is a direct child
-      window.__nbbTcfObs.observe(document.body || document.documentElement, {
-        childList: true,
-        subtree: false,
+      window.__nbbTcfObs = new MutationObserver(muts => {
+        // Fast check: still in document?
+        if (document.getElementById(LOCATOR_ID)) return;
+        // Something removed it — restore immediately (no debounce)
+        ensureInHead();
       });
+      // Observe body direct children only (the most likely removal point)
+      try {
+        window.__nbbTcfObs.observe(document.body || document.documentElement, {
+          childList: true,
+          subtree: false,
+        });
+      } catch (_) {}
+      // Also observe <head> in case something cleans it
+      try {
+        if (document.head) {
+          window.__nbbTcfObs.observe(document.head, {
+            childList: true,
+            subtree: false,
+          });
+        }
+      } catch (_) {}
     }
   }
@@ -985,6 +1057,8 @@
       'cannot call refresh on the same page',
       'no placeholders are currently defined in Refresh',
       'Debugger iframe already exists',
+      '[CMP] Error in custom getTCData',
+      'vignette: no interstitial API',
     ];
     const PH_PATTERN = `with id ${PH_PREFIX}`;
@@ -1050,6 +1124,9 @@
       state.kind       = null;
       state.blockedUntil = 0;
+      // Fix: CMP modal can leave aria-hidden="true" on <body> after navigation
+      try { document.body.removeAttribute('aria-hidden'); } catch (_) {}
       muteConsole();
       ensureTcfLocator();
       warmNetwork();