Lines 734-774javascript
735 // do nothing, just continue
737 // Omit logging of browser console errors to reduce unnecessary verbosity
739 page.on('console', msg => {
740 const type = msg.type();
741 if (type === 'error') {
742 consoleLogger.error(msg.text());
744 consoleLogger.info(msg.text());
748 const disableOobee = ruleset.includes(RuleFlags.DISABLE_OOBEE);
749 const enableWcagAaa = ruleset.includes(RuleFlags.ENABLE_WCAG_AAA);
750 const gradingReadabilityFlag = await extractAndGradeText(page); // Ensure flag is obtained before proceeding
751 await playwrightUtils.injectFile(page, axeScript);
752 const results = await page.evaluate(async ({ selectors, saflyIconSelector, disableOobee, enableWcagAaa, gradingReadabilityFlag, evaluateAltTextFunctionString, escapeCssSelectorFunctionString, framesCheckFunctionString, findElementByCssSelectorFunctionString, getAxeConfigurationFunctionString, flagUnlabelledClickableElementsFunctionString, xPathToCssFunctionString, }) => {
754 // Load functions into the browser context
755 eval(evaluateAltTextFunctionString);
756 eval(escapeCssSelectorFunctionString);
LowEval
Package source references a known benign dynamic code generation pattern.
dist/crawlers/commonCrawlerFunc.jsView on unpkg · L754 757 eval(framesCheckFunctionString);
758 eval(findElementByCssSelectorFunctionString);
759 eval(flagUnlabelledClickableElementsFunctionString);
760 eval(xPathToCssFunctionString);
761 eval(getAxeConfigurationFunctionString);
762 // remove so that axe does not scan
763 document.querySelector(saflyIconSelector)?.remove();
764 const oobeeAccessibleLabelFlaggedXpaths = disableOobee
766 : (await flagUnlabelledClickableElements()).map(item => item.xpath);
767 const oobeeAccessibleLabelFlaggedCssSelectors = oobeeAccessibleLabelFlaggedXpaths
770 const cssSelector = xPathToCss(xpath);
774 console.error('Error converting XPath to CSS: ', xpath, e);