Fides JS Code Snippet - Include wrapper script; add text field to set Privacy Center host URL

[jjdaurora]

Ticket ENG-1944

Description Of Changes

Code Changes

• Updated the Fides JS code snippet -- accessible from the Experiences and Property tabs -- with the full Fides JS wrapper script, defined here: https://github.com/ethyca/fde/blob/main/scripts/javascript/wrapper-script.js
• Add a text field that allows the user to enter their Privacy Center Host URL, which populates dynamically into the template.
• Extracted the Fides JS code snippet into a separate file called fidesJsScriptTemplate.js, which removes the need to update the code snippet in two separate places (originally in both the NewJavascriptTag.tsx and JavascriptTag.tsx.

Steps to Confirm

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
fides-plus-nightly	Error			Dec 12, 2025 7:01pm

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
fides-privacy-center	Ignored			Dec 12, 2025 7:01pm

[greptile-apps]

Greptile Overview

Greptile Summary

This PR enhances the JavaScript tag generation UI by adding a manual input field for the Privacy Center hostname and introducing a more comprehensive Fides JS script template with geolocation query parameter handling.

• Refactored JavaScriptTag.tsx and NewJavaScriptTag.tsx to use a shared script template from the new fidesJsScriptTemplate.ts file
• Added text input fields for users to manually enter their Privacy Center hostname, with NewJavaScriptTag preserving the Fides Cloud config as a fallback
• Removed the optional GTM script tag section from both components
• Added a large gvl.json vendor data file (10,767 lines) to the privacy center public assets
• Added run_migrations.py development utility script for running database migrations locally

Issues found:

• The script template has a URL construction bug that malforms query parameters when geolocation params are present

Confidence Score: 3/5

• This PR has a logical bug in the script template that would cause malformed URLs when geolocation parameters are used.
• The core refactoring is sound, but the new script template contains a URL construction bug that would produce malformed URLs when fidesSearchParams is non-empty. This could break the consent management functionality for users who utilize geolocation query parameters.
• fidesJsScriptTemplate.ts requires attention for the URL concatenation bug on line 37.

Important Files Changed

File Analysis

Filename	Score	Overview
clients/admin-ui/src/features/privacy-experience/fidesJsScriptTemplate.ts	2/5	New shared template for Fides JS script with geolocation query param handling. Contains a bug in URL construction that malforms query parameters, and an unused variable declaration.
clients/admin-ui/src/features/privacy-experience/JavaScriptTag.tsx	4/5	Refactored to use shared template and added manual hostname input field. Removed Fides Cloud auto-population and GTM script section.
clients/admin-ui/src/features/privacy-experience/NewJavaScriptTag.tsx	4/5	Added manual hostname input field while preserving Fides Cloud fallback. Refactored to use shared template and removed GTM script section.
clients/privacy-center/public/gvl.json	4/5	Large vendor data file (10,767 lines) containing GVL and GACP vendor information with linked_system status.
run_migrations.py	3/5	Development utility script for running database migrations against localhost. Contains hardcoded credentials for local development.

[greptile-apps]

_{5 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[tvandort]

Great start! Left a few feedback items. Could also use some tests.

[tvandort]

Can we have this be inserted instead of removed?

[jjdaurora]

@tvandort I changed the logic to insert the property ID now.

fides/clients/admin-ui/src/features/privacy-experience/fidesJsScriptTemplate.ts

Lines 6 to 11 in 1e1cedb

	*/
	const PROPERTY_UNIQUE_ID_TEMPLATE = (propertyId?: string | null): string => {
	if (propertyId) {
	return propertyId;
	}
	return "{property-unique-id}";

[tvandort]

We probably don't want to use the word hackery here.

[tvandort]

Might be worth including an example of how to use it.

[jjdaurora]

Removed and updated comments

[tvandort]

We should consider making the cache bust parameter also just pass refresh to the privacy center to make everyone's life easier.

[jjdaurora]

Included refresh=true anytime the cache bust parameter is set:

fides/clients/admin-ui/src/features/privacy-experience/fidesJsScriptTemplate.ts

Line 54 in 1e1cedb

fidesSearchParams.set(

[tvandort]

I have no idea when we want to use relative vs absolute imports as a "general rule". Personally I prefer all absolute but I don't know if that's our general practice.

[jjdaurora]

Switched the paths to absolute.

[tvandort]

I'd like to see this more as something like:
getScript({propertyId: "example"}) or getScript()

[jjdaurora]

Let me know what you think of the new implementation. Now, pretty much all of the logic is contained in the script template, and the script tags just handle the rendering of the template with some logic to recompute the dynamic values when those are changed.

fides/clients/admin-ui/src/features/privacy-experience/JavaScriptTag.tsx

Lines 30 to 35 in 1e1cedb

	const fidesJsScriptTag = useMemo(
	() => {
	return FIDES_JS_SCRIPT_TEMPLATE(privacyCenterHostname);
	},
	[privacyCenterHostname],
	);

[tvandort]

Same feedback here, I'd love to see the templating inside of the function that returns the script.

[jjdaurora]

See update here:

fides/clients/admin-ui/src/features/privacy-experience/NewJavaScriptTag.tsx

Lines 33 to 37 in 1e1cedb

	const fidesJsScriptTag = useMemo(
	() => FIDES_JS_SCRIPT_TEMPLATE(privacyCenterHostname, property),
	[privacyCenterHostname, property],
	);

[tvandort]

Function naming pattern should be camelcase

[tvandort]

Function naming pattern should be camelcase

[tvandort]

Is this return value ever used?

[jjdaurora]

Yes, it will return "{property-unique-id}" when there isn't a property in scope, which means this version will be rendered when accessing the script from the Experiences screen. I can add a comment that explains this.

[tvandort]

The template is updated in 2 ways, both replacement and by string interpolation in the string itself. Do we need both?