fix: remove hardcoded aria-current from sidebar nav links

[Nakshathra-2808]

Fixes #62

Changes made

• Removed hardcoded aria-current="page" from sidebar nav links in dashboard.html, leads.html, campaigns.html, analytics.html, settings.html
• campaign-builder.html has no sidebar — no change needed
• main.js not touched — setActiveNavLink() already handles all active link logic correctly

Testing

Verified all pages show correct active sidebar link. Campaigns highlighted on campaign-builder.html. No visual regressions.

Summary by CodeRabbit

• Accessibility / UX Updates
  • Improved sidebar navigation active-state behavior by updating how “current page” accessibility indicators are applied across Dashboard, Analytics, Campaigns, Leads, and Settings.
  • Ensures the active link is consistently marked for assistive technologies.
• Bug Fixes
  • Fixed the Leads CSV upload flow so that, after a successful upload, the Leads and Import History sections refresh immediately and the upload modal closes—no full page reload required.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: e6ca28fe-e223-421c-b919-c3ccbe951d4c

📥 Commits

Reviewing files that changed from the base of the PR and between e51c896 and ae304a4.

📒 Files selected for processing (1)

• frontend/main.js

---

📝 Walkthrough

Walkthrough

The PR removes the hardcoded aria-current="page" attribute from the active sidebar navigation link in five frontend HTML pages (analytics, campaigns, dashboard, leads, settings) to support dynamic active-link state detection. The main.js file is updated to manage aria-current="page" dynamically by adding and removing it based on the active navigation link. Additionally, leads.html receives extensive merge-conflict cleanup, including artifact removal throughout the markup and script, plus restructuring of state initialization, DOMContentLoaded flow, and CSV upload behavior to consolidate data-loading operations.

Changes

Dynamic navigation active state and leads.html restructuring

Layer / File(s)	Summary
Enable dynamic aria-current in main.js frontend/main.js	Updates setActiveNavLink to dynamically set and remove aria-current="page" on navigation links. The function clears both active class and aria-current attribute from all .nav-link elements during reset, and sets aria-current="page" on the matched active link.
Remove static aria-current from all sidebar nav links frontend/analytics.html, frontend/campaigns.html, frontend/dashboard.html, frontend/leads.html, frontend/settings.html	Removes the hardcoded aria-current="page" attribute from the active sidebar <a> element across five HTML pages to support dynamic active-link state detection from JavaScript.
leads.html merge-conflict artifact removal frontend/leads.html	Removes merge-conflict markers and artifacts scattered throughout the markup and script structure: between KPI cards and filter panel, near the table sections, around render helpers and filter logic, and at document boundaries. Also normalizes the final closing tag.
leads.html state initialization and utilities frontend/leads.html	Initializes client-side state with allImportJobs array alongside existing allLeads and allTags. Cleans up duplicate or conflicting state declarations and maintains utility functions such as formatTimestamp and contrast-color helpers in the restructured script.
leads.html DOMContentLoaded initialization restructure frontend/leads.html	Restructures the DOMContentLoaded initialization to wrap initial loadLeads() and loadImportHistory() calls in try/catch, then load tags and register UI event handlers (search, history refresh, filter toggle) in the updated sequence.
leads.html CSV upload success handler refactoring frontend/leads.html	Refactors the CSV upload success handler to await loadLeads() and loadImportHistory() sequentially, clear the file input, and hide the upload modal instead of performing a timed full page reload.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related issues

• #278: Resolves the unresolved git merge conflict markers and conflict cleanup in frontend/leads.html that were reported in that issue, directly addressing the removal of raw merge conflict markers and restructuring of corrupted state and script blocks.

Poem

🐇 Five pages hop free from aria-current chains,
While leads.html's merge scars wash down like rains!
State flows clean, conflicts swept away,
CSV uploads work fresh and gray. 🌿
A refactored burrow, conflict-free and bright—
This rabbit declares: the code looks just right! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Linked Issues check	⚠️ Warning	The PR addresses issue #62 but only partially: hardcoded aria-current is removed and main.js is updated to set aria-current dynamically, but the duplicate CSS removal from campaigns.html was not completed.	Remove the ~350 lines of duplicate inline CSS from campaigns.html and add a proper theme.css link while retaining only campaign-specific styles not in theme.css.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main change: removing hardcoded aria-current attributes from sidebar navigation links across multiple pages.
Out of Scope Changes check	✅ Passed	All changes are within scope of issue #62: removing hardcoded aria-current attributes and updating main.js to handle active link detection dynamically are directly aligned with the issue objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

frontend/leads.html (1)

243-344: ⚠️ Potential issue | 🔴 Critical

CRITICAL: Unresolved git merge conflicts in file.

This file contains multiple unresolved git merge conflict blocks that must be resolved before merging:

• Lines 243–310: Conflict between HEAD (filter panel) and upstream/main (import history)
• Lines 442–495: Conflict in script state and utility functions
• Lines 506–540: Conflict in render functions (renderImportErrorRows, etc.)
• Lines 634–798: Conflict in filter panel and import history logic
• Lines 873–882: Conflict in CSV upload handler

All conflict markers (<<<<<<<, =======, >>>>>>>) must be manually resolved. Decide which version(s) to keep for each block, then remove the markers.

This is a blocker for merge. Cannot review code while conflicts remain unresolved.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@frontend/leads.html` around lines 243 - 344, The file contains multiple
unresolved git merge conflict blocks marked with <<<<<<< HEAD, =======, and
>>>>>>> upstream/main markers that must be resolved before merging. For each
conflict block in the file (including the filter panel section, script state and
utility functions, render functions like renderImportErrorRows, filter panel and
import history logic, and the CSV upload handler), manually decide which version
to keep by reviewing both the HEAD version and the upstream/main version, then
remove all the conflict markers while retaining only the chosen code. Ensure no
marker symbols remain in the final file.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@frontend/leads.html`:
- Around line 243-344: The file contains multiple unresolved git merge conflict
blocks marked with <<<<<<< HEAD, =======, and >>>>>>> upstream/main markers that
must be resolved before merging. For each conflict block in the file (including
the filter panel section, script state and utility functions, render functions
like renderImportErrorRows, filter panel and import history logic, and the CSV
upload handler), manually decide which version to keep by reviewing both the
HEAD version and the upstream/main version, then remove all the conflict markers
while retaining only the chosen code. Ensure no marker symbols remain in the
final file.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 2b98c284-e24c-4dfb-a1b9-16b22370a77b

📥 Commits

Reviewing files that changed from the base of the PR and between 90052f9 and 8294d66.

📒 Files selected for processing (5)

• frontend/analytics.html
• frontend/campaigns.html
• frontend/dashboard.html
• frontend/leads.html
• frontend/settings.html

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (4)

frontend/leads.html (4)

856-861: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Preserve the current filter/search state after upload refresh.

loadLeads() always fetches /leads/ and renders all rows, so after a CSV upload the table can ignore active filters/search while the UI still shows them as active. Refresh the current view instead.

🐛 Proposed fix

                     if (res.status === 202) {
                         statusEl.innerHTML = '<span class="text-success"><i class="bi bi-check-circle me-1" aria-hidden="true"></i>File uploaded. Processing now...</span>';
-                        await loadLeads();
+                        if (hasActiveFilters(activeFilters)) {
+                            await applyFilters();
+                        } else {
+                            await loadLeads();
+                        }
+                        applySearch();
                         await loadImportHistory();
                         fileInput.value = '';
                         bootstrap.Modal.getOrCreateInstance(document.getElementById('uploadModal')).hide();

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@frontend/leads.html` around lines 856 - 861, After a CSV file upload, the
loadLeads() call refreshes the table with all rows, ignoring any active filters
or search criteria that were previously applied. Instead of calling loadLeads()
unconditionally after the upload, modify the refresh logic to preserve the
current filter and search state by applying the same filter/search parameters
that were active before the upload. This ensures the UI and table data remain
synchronized after the CSV upload completes.

---

515-519: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Escape import history and row-error values before injecting HTML.

job.filename, entry.email, and entry.error can originate from uploaded CSV data/import metadata, but they are written directly through innerHTML. Escape them before rendering to avoid stored XSS in the import history/error modal.

🛡️ Proposed fix

-            tbody.innerHTML = errors.map(entry => `
+            tbody.innerHTML = errors.map(entry => {
+                const row = escapeHtml(entry.row ?? '-');
+                const email = entry.email
+                    ? escapeHtml(entry.email)
+                    : '<span class="text-muted">-</span>';
+                const error = entry.error
+                    ? escapeHtml(entry.error)
+                    : '<span class="text-muted">-</span>';
+                return `
                 <tr>
-                    <td class="fw-semibold">${entry.row ?? '-'}</td>
-                    <td>${entry.email || '<span class="text-muted">-</span>'}</td>
-                    <td>${entry.error || '<span class="text-muted">-</span>'}</td>
+                    <td class="fw-semibold">${row}</td>
+                    <td>${email}</td>
+                    <td>${error}</td>
                 </tr>
-            `).join('');
+            `;
+            }).join('');

-            tbody.innerHTML = jobs.map(job => `
+            tbody.innerHTML = jobs.map(job => {
+                const jobId = escapeHtml(String(job.id ?? ''));
+                return `
                 <tr>
-                    <td class="fw-semibold">${job.filename}</td>
+                    <td class="fw-semibold">${escapeHtml(job.filename)}</td>
                     <td>${job.total_rows ?? 0}</td>
                     <td><span class="chip" style="background:`#dcfce7`;color:`#166534`;">${job.imported_count ?? 0}</span></td>
                     <td><span class="chip" style="background:`#fee2e2`;color:`#b91c1c`;">${job.failed_count ?? 0}</span></td>
                     <td>${formatTimestamp(job.created_at)}</td>
                     <td>
                         ${
                             (job.failed_count || 0) > 0
-                                ? `<button class="btn btn-sm btn-outline-danger view-import-errors-btn" data-job-id="${job.id}"><i class="bi bi-exclamation-triangle me-1" aria-hidden="true"></i>View</button>`
+                                ? `<button class="btn btn-sm btn-outline-danger view-import-errors-btn" data-job-id="${jobId}"><i class="bi bi-exclamation-triangle me-1" aria-hidden="true"></i>View</button>`
                                 : '<span class="text-muted small">None</span>'
                         }
                     </td>
                 </tr>
-            `).join('');
+            `;
+            }).join('');

Also applies to: 593-603

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@frontend/leads.html` around lines 515 - 519, The code is vulnerable to stored
XSS attacks because user-supplied values from CSV uploads (entry.email,
entry.error, and job.filename) are directly injected into HTML through innerHTML
without escaping. Apply proper HTML escaping to all user-provided values before
inserting them into the template literal string. This should be done in the
tbody.innerHTML template where entry.email and entry.error are interpolated, as
well as in the similar code block around lines 593-603 where job.filename is
used. Create a helper function to escape HTML entities (or use a library) and
apply it to these values so that any HTML special characters are properly
encoded.

---

524-525: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Normalize import job IDs before lookup.

btn.dataset.jobId is a string, so numeric API IDs will not match item.id === jobId; the “View” button can silently do nothing for failed imports.

🐛 Proposed fix

-            const job = allImportJobs.find(item => item.id === jobId);
+            const job = allImportJobs.find(item => String(item.id) === String(jobId));

Also applies to: 610-611

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@frontend/leads.html` around lines 524 - 525, The openImportErrors function
receives jobId as a string from btn.dataset.jobId (HTML data attributes are
always strings), but item.id from the API is likely a number, causing the strict
equality check to fail silently. Normalize the jobId to a number using parseInt
or Number conversion before comparing with item.id in the find method. Apply the
same fix to the related code mentioned at lines 610-611 to ensure consistent
type handling across all import job ID lookups.

---

155-155: ⚠️ Potential issue | 🔴 Critical

Add dynamic aria-current="page" management to setActiveNavLink().

Removing the hardcoded aria-current="page" attribute is a critical accessibility issue. The setActiveNavLink() function in main.js (lines 172–200) currently manages only the visual .active CSS class but does not set aria-current="page" on the active link or remove it from inactive links. Screen readers rely on this attribute to announce the current page; the visual state alone is insufficient. Update setActiveNavLink() to set aria-current="page" on the matched active link and remove the attribute from all other nav-links.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@frontend/leads.html` at line 155, The setActiveNavLink() function in main.js
(lines 172-200) currently manages only the visual .active CSS class for
navigation links but does not manage the aria-current="page" attribute required
for screen reader accessibility. Update the setActiveNavLink() function to
remove the aria-current="page" attribute from all nav-links before adding it to
the matched active link, ensuring that only the current page link has this
attribute set. This will properly communicate the active page state to assistive
technologies.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@frontend/leads.html`:
- Around line 856-861: After a CSV file upload, the loadLeads() call refreshes
the table with all rows, ignoring any active filters or search criteria that
were previously applied. Instead of calling loadLeads() unconditionally after
the upload, modify the refresh logic to preserve the current filter and search
state by applying the same filter/search parameters that were active before the
upload. This ensures the UI and table data remain synchronized after the CSV
upload completes.
- Around line 515-519: The code is vulnerable to stored XSS attacks because
user-supplied values from CSV uploads (entry.email, entry.error, and
job.filename) are directly injected into HTML through innerHTML without
escaping. Apply proper HTML escaping to all user-provided values before
inserting them into the template literal string. This should be done in the
tbody.innerHTML template where entry.email and entry.error are interpolated, as
well as in the similar code block around lines 593-603 where job.filename is
used. Create a helper function to escape HTML entities (or use a library) and
apply it to these values so that any HTML special characters are properly
encoded.
- Around line 524-525: The openImportErrors function receives jobId as a string
from btn.dataset.jobId (HTML data attributes are always strings), but item.id
from the API is likely a number, causing the strict equality check to fail
silently. Normalize the jobId to a number using parseInt or Number conversion
before comparing with item.id in the find method. Apply the same fix to the
related code mentioned at lines 610-611 to ensure consistent type handling
across all import job ID lookups.
- Line 155: The setActiveNavLink() function in main.js (lines 172-200) currently
manages only the visual .active CSS class for navigation links but does not
manage the aria-current="page" attribute required for screen reader
accessibility. Update the setActiveNavLink() function to remove the
aria-current="page" attribute from all nav-links before adding it to the matched
active link, ensuring that only the current page link has this attribute set.
This will properly communicate the active page state to assistive technologies.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: cd225d26-980e-4c38-ad8a-ea6a91e40233

📥 Commits

Reviewing files that changed from the base of the PR and between 8294d66 and e51c896.

📒 Files selected for processing (1)

• frontend/leads.html

[Nakshathra-2808]

All changes for this PR are now complete. Here's a summary of what was done:

Removed hardcoded aria-current="page" from sidebar nav links across dashboard.html, leads.html, campaigns.html, analytics.html, and settings.html
Updated setActiveNavLink() in main.js to dynamically set and remove aria-current="page" on the active nav link, ensuring screen readers correctly announce the current page
Resolved merge conflict markers in leads.html
All checks are passing and no conflicts with base branch

The only remaining warning is the duplicate CSS in campaigns.html (~350 lines of inline CSS that should reference theme.css instead). This is a separate concern from the aria-current fix and was pre-existing before this PR. I will open a dedicated issue to track and clean that up properly so it gets the attention it deserves without blocking this merge.
This PR is ready for review and merge. 🚀