Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(utils): exclude invalid URL chars #4262

Merged
merged 5 commits into from Nov 12, 2021

Conversation

danielroe
Copy link
Contributor

This PR contains:

  • bugfix
  • feature
  • refactor
  • documentation
  • other

Are tests included?

  • yes (bugfixes and features will not be merged without tests)
  • no

Breaking Changes?

  • yes (breaking changes will not be merged unless absolutely necessary)
  • no

List any relevant issue numbers:

resolves #4222
context: nuxt/nuxt#12606

Description

This PR removes characters that are excluded from valid URLs (see RFC 2396). As rollup-produced files may be consumed by browsers, this is one approach to provide broader ecosystem safety without requiring URL encoding.

The context is this issue. I'm aware we can simply sanitize downstream with output.sanitizeFilename, but felt that RFC2396 might be a reasonable standards-based reasong for excluding these characters.

This PR also serves to solve the issue (solely replicable in ESM context) where # in filenames breaks imports: #4222.

In response to #4222, @lukastaegert observed:

But this might break legitimate usages of the hash character for others (not sure how big the risk is, though).

I've marked this as non-breaking as I can't see how a chunk filename could be depended upon, but happily will defer. I'm also happy for this to be closed and to implement this instead with configuration with output.sanitizeFilename.

Copy link
Member

@lukastaegert lukastaegert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As we are sanitizing anyway and you can easily opt out by providing your own custom sanitizer, I agree that this is a reasonable default 👍

@codecov
Copy link

codecov bot commented Nov 6, 2021

Codecov Report

Merging #4262 (122a30e) into master (66b3139) will increase coverage by 0.00%.
The diff coverage is 100.00%.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    nuxt/framework#4262   +/-   ##
=======================================
  Coverage   98.39%   98.39%           
=======================================
  Files         204      204           
  Lines        7288     7289    +1     
  Branches     2081     2081           
=======================================
+ Hits         7171     7172    +1     
  Misses         58       58           
  Partials       59       59           
Impacted Files Coverage Δ
src/utils/sanitizeFileName.ts 75.00% <100.00%> (+8.33%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 66b3139...122a30e. Read the comment docs.

@danielroe
Copy link
Contributor Author

Would you welcome including these other characters too? If so I can update 👍

https://datatracker.ietf.org/doc/html/rfc2396#section-2.2

@lukastaegert
Copy link
Member

Should probably be fine to include as well

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Rollup can generate chunks that are non-importable in a module context
2 participants