Refactor core utilities for security, performance, and modern browser compatibility in utils.js #5407
+78
−112
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
✅ All Jest tests passed! This PR is ready to merge. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
##Summary
This PR refactors the core utility layer to remove legacy and unsafe patterns and align the codebase with modern JavaScript, browser APIs, and security best practices.
The changes eliminate eval() usage, fix minification-related breakage, remove UI-blocking synchronous network calls, and replace deprecated browser APIs with modern equivalents. Overall, this significantly improves security, performance, maintainability, and CSP compatibility.
✅Safe Object Resolution (Minifier-Proof)
Replaced dynamic resolution via eval() and constructor.name
Introduced an explicit object registry (string → constructor)
Guarantees deterministic behavior under minification (uglify/terser)
✅Removed eval() Usage
Eliminates arbitrary code execution risks
Makes the codebase CSP-compliant
Improves auditability and static analysis
✅sync Networking (No UI Blocking)
Replaced synchronous XMLHttpRequest with async fetch()
Prevents UI freezes and main-thread blocking
Enables parallel resource loading
✅ Removed Hardcoded API Keys
No secrets embedded in client-side code
Prepares codebase for secure backend proxy or env-based injection
✅ Modern Camera API
Replaced deprecated navigator.getUserMedia
Uses navigator.mediaDevices.getUserMedia with proper error handling
✅ Simplified Translation Helper
Removed dead/unused string cleanup logic
Translation helper is now a thin wrapper around i18next.t
✅ Improved Animation Timing
Uses requestAnimationFrame instead of fixed setInterval
Better performance and reduced CPU usage