test: add test case for survey not found in metadata generation

fix: handle ResourceNotFoundError in generateMetadata for link surveys
2026-04-22 19:39:01 -05:00 · 2026-03-16 15:00:10 +00:00 · 2026-03-16 14:23:59 +00:00
11 changed files with 52 additions and 178 deletions
@@ -1,19 +1,7 @@
 import * as Sentry from "@sentry/nextjs";
-import { type Instrumentation } from "next";
-import { isExpectedError } from "@formbricks/types/errors";
 import { IS_PRODUCTION, PROMETHEUS_ENABLED, SENTRY_DSN } from "@/lib/constants";

-export const onRequestError: Instrumentation.onRequestError = (...args) => {
-  const [error] = args;
-
-  // Skip expected business-logic errors (AuthorizationError, ResourceNotFoundError, etc.)
-  // These are handled gracefully in the UI and don't need server-side Sentry reporting
-  if (error instanceof Error && isExpectedError(error)) {
-    return;
-  }
-
-  Sentry.captureRequestError(...args);
-};
+export const onRequestError = Sentry.captureRequestError;

 export const register = async () => {
  if (process.env.NEXT_RUNTIME === "nodejs") {
@@ -11,7 +11,7 @@ export const TagsLoading = () => {
  return (
    <PageContentWrapper>
      <PageHeader pageTitle={t("common.workspace_configuration")}>
-        <ProjectConfigNavigation activeId="tags" loading />
+        <ProjectConfigNavigation activeId="tags" />
      </PageHeader>
      <SettingsCard
        title={t("environments.workspace.tags.manage_tags")}
@@ -168,6 +168,14 @@ describe("getMetadataForLinkSurvey", () => {
    expect(notFound).toHaveBeenCalled();
  });

+  test("calls notFound when survey is not found", async () => {
+    vi.mocked(getSurveyWithMetadata).mockResolvedValue(null as any);
+
+    await getMetadataForLinkSurvey(mockSurveyId);
+
+    expect(notFound).toHaveBeenCalled();
+  });
+
  test("handles metadata without openGraph property", async () => {
    const mockSurvey = {
      id: mockSurveyId,
@@ -36,7 +36,12 @@ export const generateMetadata = async (props: LinkSurveyPageProps): Promise<Meta
  // Extract language code from URL params
  const languageCode = typeof searchParams.lang === "string" ? searchParams.lang : undefined;

-  return getMetadataForLinkSurvey(params.surveyId, languageCode);
+  try {
+    return await getMetadataForLinkSurvey(params.surveyId, languageCode);
+  } catch (error) {
+    logger.error(error, "Error fetching metadata for link survey");
+    notFound();
+  }
 };

 export const LinkSurveyPage = async (props: LinkSurveyPageProps) => {
@@ -6,7 +6,7 @@ import { Logger } from "@/lib/common/logger";
 import { getIsSetup, setIsSetup } from "@/lib/common/status";
 import { filterSurveys, getIsDebug, isNowExpired, wrapThrows } from "@/lib/common/utils";
 import { fetchEnvironmentState } from "@/lib/environment/state";
-import { closeSurvey, preloadSurveysScript } from "@/lib/survey/widget";
+import { closeSurvey } from "@/lib/survey/widget";
 import { DEFAULT_USER_STATE_NO_USER_ID } from "@/lib/user/state";
 import { sendUpdatesToBackend } from "@/lib/user/update";
 import {
@@ -316,9 +316,6 @@ export const setup = async (
  addEventListeners();
  addCleanupEventListeners();

-  // Preload surveys script so it's ready when a survey triggers
-  preloadSurveysScript(configInput.appUrl);
-
  setIsSetup(true);
  logger.debug("Set up complete");

@@ -11,7 +11,6 @@ import {
  handleHiddenFields,
  shouldDisplayBasedOnPercentage,
 } from "@/lib/common/utils";
-import { UpdateQueue } from "@/lib/user/update-queue";
 import { type TEnvironmentStateSurvey, type TUserState } from "@/types/config";
 import { type TTrackProperties } from "@/types/survey";

@@ -61,24 +60,6 @@ export const renderWidget = async (

  setIsSurveyRunning(true);

-  // Wait for pending user identification to complete before rendering
-  const updateQueue = UpdateQueue.getInstance();
-  if (updateQueue.hasPendingWork()) {
-    logger.debug("Waiting for pending user identification before rendering survey");
-    const identificationSucceeded = await updateQueue.waitForPendingWork();
-    if (!identificationSucceeded) {
-      const hasSegmentFilters = Array.isArray(survey.segment?.filters) && survey.segment.filters.length > 0;
-
-      if (hasSegmentFilters) {
-        logger.debug("User identification failed. Skipping survey with segment filters.");
-        setIsSurveyRunning(false);
-        return;
-      }
-
-      logger.debug("User identification failed but survey has no segment filters. Proceeding.");
-    }
-  }
-
  if (survey.delay) {
    logger.debug(`Delaying survey "${survey.name}" by ${survey.delay.toString()} seconds.`);
  }
@@ -106,15 +87,7 @@ export const renderWidget = async (
  const overlay = projectOverwrites.overlay ?? project.overlay;
  const placement = projectOverwrites.placement ?? project.placement;
  const isBrandingEnabled = project.inAppSurveyBranding;
-
-  let formbricksSurveys: TFormbricksSurveys;
-  try {
-    formbricksSurveys = await loadFormbricksSurveysExternally();
-  } catch (error) {
-    logger.error(`Failed to load surveys library: ${String(error)}`);
-    setIsSurveyRunning(false);
-    return;
-  }
+  const formbricksSurveys = await loadFormbricksSurveysExternally();

  const recaptchaSiteKey = config.get().environment.data.recaptchaSiteKey;
  const isSpamProtectionEnabled = Boolean(recaptchaSiteKey && survey.recaptcha?.enabled);
@@ -227,87 +200,30 @@ export const removeWidgetContainer = (): void => {
  document.getElementById(CONTAINER_ID)?.remove();
 };

-const SURVEYS_LOAD_TIMEOUT_MS = 10000;
-const SURVEYS_POLL_INTERVAL_MS = 200;
+const loadFormbricksSurveysExternally = (): Promise<typeof globalThis.window.formbricksSurveys> => {
+  const config = Config.getInstance();

-type TFormbricksSurveys = typeof globalThis.window.formbricksSurveys;
-
-let surveysLoadPromise: Promise<TFormbricksSurveys> | null = null;
-
-const waitForSurveysGlobal = (): Promise<TFormbricksSurveys> => {
  return new Promise((resolve, reject) => {
-    const startTime = Date.now();
-
-    const check = (): void => {
-      // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- Runtime check for surveys package availability
-      if (globalThis.window.formbricksSurveys) {
+    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- We need to check if the formbricksSurveys object exists
+    if (globalThis.window.formbricksSurveys) {
+      resolve(globalThis.window.formbricksSurveys);
+    } else {
+      const script = document.createElement("script");
+      script.src = `${config.get().appUrl}/js/surveys.umd.cjs`;
+      script.async = true;
+      script.onload = () => {
+        // Apply stored nonce if it was set before surveys package loaded
        const storedNonce = globalThis.window.__formbricksNonce;
        if (storedNonce) {
          globalThis.window.formbricksSurveys.setNonce(storedNonce);
        }
        resolve(globalThis.window.formbricksSurveys);
-        return;
-      }
-
-      if (Date.now() - startTime >= SURVEYS_LOAD_TIMEOUT_MS) {
-        reject(new Error("Formbricks Surveys library did not become available within timeout"));
-        return;
-      }
-
-      setTimeout(check, SURVEYS_POLL_INTERVAL_MS);
-    };
-
-    check();
+      };
+      script.onerror = (error) => {
+        console.error("Failed to load Formbricks Surveys library:", error);
+        reject(new Error(`Failed to load Formbricks Surveys library: ${error as string}`));
+      };
+      document.head.appendChild(script);
+    }
  });
 };
-
-const loadFormbricksSurveysExternally = (): Promise<TFormbricksSurveys> => {
-  // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- Runtime check for surveys package availability
-  if (globalThis.window.formbricksSurveys) {
-    return Promise.resolve(globalThis.window.formbricksSurveys);
-  }
-
-  if (surveysLoadPromise) {
-    return surveysLoadPromise;
-  }
-
-  surveysLoadPromise = new Promise<TFormbricksSurveys>((resolve, reject: (error: unknown) => void) => {
-    const config = Config.getInstance();
-    const script = document.createElement("script");
-    script.src = `${config.get().appUrl}/js/surveys.umd.cjs`;
-    script.async = true;
-    script.onload = () => {
-      waitForSurveysGlobal()
-        .then(resolve)
-        .catch((error: unknown) => {
-          surveysLoadPromise = null;
-          console.error("Failed to load Formbricks Surveys library:", error);
-          reject(new Error(`Failed to load Formbricks Surveys library`));
-        });
-    };
-    script.onerror = (error) => {
-      surveysLoadPromise = null;
-      console.error("Failed to load Formbricks Surveys library:", error);
-      reject(new Error(`Failed to load Formbricks Surveys library`));
-    };
-    document.head.appendChild(script);
-  });
-
-  return surveysLoadPromise;
-};
-
-let isPreloaded = false;
-
-export const preloadSurveysScript = (appUrl: string): void => {
-  // Don't preload if already loaded or already preloading
-  // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- Runtime check for surveys package availability
-  if (globalThis.window.formbricksSurveys) return;
-  if (isPreloaded) return;
-
-  isPreloaded = true;
-  const link = document.createElement("link");
-  link.rel = "preload";
-  link.as = "script";
-  link.href = `${appUrl}/js/surveys.umd.cjs`;
-  document.head.appendChild(link);
-};
@@ -8,9 +8,7 @@ export class UpdateQueue {
  private static instance: UpdateQueue | null = null;
  private updates: TUpdates | null = null;
  private debounceTimeout: NodeJS.Timeout | null = null;
-  private pendingFlush: Promise<void> | null = null;
  private readonly DEBOUNCE_DELAY = 500;
-  private readonly PENDING_WORK_TIMEOUT = 5000;

  private constructor() {}

@@ -65,45 +63,17 @@ export class UpdateQueue {
    return !this.updates;
  }

-  public hasPendingWork(): boolean {
-    return this.updates !== null || this.pendingFlush !== null;
-  }
-
-  public async waitForPendingWork(): Promise<boolean> {
-    if (!this.hasPendingWork()) return true;
-
-    const flush = this.pendingFlush ?? this.processUpdates();
-    try {
-      const succeeded = await Promise.race([
-        flush.then(() => true as const),
-        new Promise<false>((resolve) => {
-          setTimeout(() => {
-            resolve(false);
-          }, this.PENDING_WORK_TIMEOUT);
-        }),
-      ]);
-      return succeeded;
-    } catch {
-      return false;
-    }
-  }
-
  public async processUpdates(): Promise<void> {
    const logger = Logger.getInstance();
    if (!this.updates) {
      return;
    }

-    // If a flush is already in flight, reuse it instead of creating a new promise
-    if (this.pendingFlush) {
-      return this.pendingFlush;
-    }
-
    if (this.debounceTimeout) {
      clearTimeout(this.debounceTimeout);
    }

-    const flushPromise = new Promise<void>((resolve, reject) => {
+    return new Promise((resolve, reject) => {
      const handler = async (): Promise<void> => {
        try {
          let currentUpdates = { ...this.updates };
@@ -177,10 +147,8 @@ export class UpdateQueue {
          }

          this.clearUpdates();
-          this.pendingFlush = null;
          resolve();
        } catch (error: unknown) {
-          this.pendingFlush = null;
          logger.error(
            `Failed to process updates: ${error instanceof Error ? error.message : "Unknown error"}`
          );
@@ -190,8 +158,5 @@ export class UpdateQueue {

      this.debounceTimeout = setTimeout(() => void handler(), this.DEBOUNCE_DELAY);
    });
-
-    this.pendingFlush = flushPromise;
-    return flushPromise;
  }
 }
@@ -1,4 +1,4 @@
-import { sanitize } from "isomorphic-dompurify";
+import DOMPurify from "isomorphic-dompurify";
 import * as React from "react";
 import { cn, stripInlineStyles } from "@/lib/utils";

@@ -39,7 +39,7 @@ function Label({
  const isHtml = childrenString ? isValidHTML(strippedContent) : false;
  const safeHtml =
    isHtml && strippedContent
-      ? sanitize(strippedContent, {
+      ? DOMPurify.sanitize(strippedContent, {
          ADD_ATTR: ["target"],
          FORBID_ATTR: ["style"],
        })
@@ -1,5 +1,5 @@
 import { type ClassValue, clsx } from "clsx";
-import { sanitize } from "isomorphic-dompurify";
+import DOMPurify from "isomorphic-dompurify";
 import { extendTailwindMerge } from "tailwind-merge";

 const twMerge = extendTailwindMerge({
@@ -27,16 +27,14 @@ export function cn(...inputs: ClassValue[]): string {
 export const stripInlineStyles = (html: string): string => {
  if (!html) return html;

-  // Pre-strip style attributes from the raw string BEFORE DOMPurify parses it.
-  // DOMPurify internally uses innerHTML to parse HTML, which triggers CSP
-  // `style-src` violations at parse time — before FORBID_ATTR can strip them.
-  // The regex is O(n) safe: [^"]* and [^']* are negated classes bounded by
-  // fixed quote delimiters, so no backtracking can occur.
-  const preStripped = html.replaceAll(/ style="[^"]*"| style='[^']*'/gi, "");
-
-  return sanitize(preStripped, {
+  // Use DOMPurify to safely remove style attributes
+  // This is more secure than regex-based approaches and handles edge cases properly
+  return DOMPurify.sanitize(html, {
    FORBID_ATTR: ["style"],
+    // Preserve the target attribute (e.g. target="_blank" on links) which is not
+    // in DOMPurify's default allow-list but is explicitly required downstream.
    ADD_ATTR: ["target"],
+    // Keep other attributes and tags as-is, only remove style attributes
    KEEP_CONTENT: true,
  });
 };
@@ -4,7 +4,6 @@
    "baseUrl": ".",
    "isolatedModules": true,
    "jsx": "react-jsx",
-    "lib": ["DOM", "DOM.Iterable", "ES2020", "ES2021.String"],
    "noEmit": true,
    "paths": {
      "@/*": ["./src/*"]
@@ -10,16 +10,14 @@ import DOMPurify from "isomorphic-dompurify";
 export const stripInlineStyles = (html: string): string => {
  if (!html) return html;

-  // Pre-strip style attributes from the raw string BEFORE DOMPurify parses it.
-  // DOMPurify internally uses innerHTML to parse HTML, which triggers CSP
-  // `style-src` violations at parse time — before FORBID_ATTR can strip them.
-  // The regex is O(n) safe: [^"]* and [^']* are negated classes bounded by
-  // fixed quote delimiters, so no backtracking can occur.
-  const preStripped = html.replaceAll(/ style="[^"]*"| style='[^']*'/gi, "");
-
-  return DOMPurify.sanitize(preStripped, {
+  // Use DOMPurify to safely remove style attributes
+  // This is more secure than regex-based approaches and handles edge cases properly
+  return DOMPurify.sanitize(html, {
    FORBID_ATTR: ["style"],
+    // Preserve the target attribute (e.g. target="_blank" on links) which is not
+    // in DOMPurify's default allow-list but is explicitly required downstream.
    ADD_ATTR: ["target"],
+    // Keep other attributes and tags as-is, only remove style attributes
    KEEP_CONTENT: true,
  });
 };
Author	SHA1	Message	Date
Cursor Agent	11f635c1ff	test: add test case for survey not found in metadata generation	2026-03-16 15:00:10 +00:00
Cursor Agent	e5cd9e5117	fix: handle ResourceNotFoundError in generateMetadata for link surveys	2026-03-16 14:23:59 +00:00