From b400def974d85f68412a88a81c62758695e15b39 Mon Sep 17 00:00:00 2001 From: Daniel Roe Date: Tue, 2 Nov 2021 12:57:13 +0000 Subject: [PATCH 1/5] fix(utils): exclude invalid URL chars * see [URL syntax: RFC 2396](https://datatracker.ietf.org/doc/html/rfc2396) * closes #4222 --- src/utils/sanitizeFileName.ts | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/utils/sanitizeFileName.ts b/src/utils/sanitizeFileName.ts index 2405b424df4..29f7acc966c 100644 --- a/src/utils/sanitizeFileName.ts +++ b/src/utils/sanitizeFileName.ts @@ -1,8 +1,11 @@ -export function sanitizeFileName(name: string): string { - const match = /^[a-z]:/i.exec(name); - const driveLetter = match ? match[0] : ''; +// https://datatracker.ietf.org/doc/html/rfc2396 +const INVALID_CHAR_RE = /[?*:\x00-\x1f\x7f<>#"{}|\^[\]`]/g + +export function sanitizeFileName (name: string): string { + const match = /^[a-z]:/i.exec(name) + const driveLetter = match ? match[0] : '' // A `:` is only allowed as part of a windows drive letter (ex: C:\foo) // Otherwise, avoid them because they can refer to NTFS alternate data streams. - return driveLetter + name.substr(driveLetter.length).replace(/[\0?*:]/g, '_'); + return driveLetter + name.substr(driveLetter.length).replace(INVALID_CHAR_RE, '_') } From b2a5fd02744d18ce902c5d7075be42b61b520522 Mon Sep 17 00:00:00 2001 From: Daniel Roe Date: Tue, 2 Nov 2021 13:16:49 +0000 Subject: [PATCH 2/5] fix: correct lint errors --- src/utils/sanitizeFileName.ts | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/utils/sanitizeFileName.ts b/src/utils/sanitizeFileName.ts index 29f7acc966c..79682d48527 100644 --- a/src/utils/sanitizeFileName.ts +++ b/src/utils/sanitizeFileName.ts @@ -1,11 +1,12 @@ // https://datatracker.ietf.org/doc/html/rfc2396 -const INVALID_CHAR_RE = /[?*:\x00-\x1f\x7f<>#"{}|\^[\]`]/g +// eslint-disable-next-line no-control-regex +const INVALID_CHAR_RE = /[?*:\x00-\x1f\x7f<>#"{}|\\^[\]`]/g; -export function sanitizeFileName (name: string): string { - const match = /^[a-z]:/i.exec(name) - const driveLetter = match ? match[0] : '' +export function sanitizeFileName(name: string): string { + const match = /^[a-z]:/i.exec(name); + const driveLetter = match ? match[0] : ''; // A `:` is only allowed as part of a windows drive letter (ex: C:\foo) // Otherwise, avoid them because they can refer to NTFS alternate data streams. - return driveLetter + name.substr(driveLetter.length).replace(INVALID_CHAR_RE, '_') + return driveLetter + name.substr(driveLetter.length).replace(INVALID_CHAR_RE, '_'); } From 8ba7c25ffc57a5cce45d160b9d0531426ab0354f Mon Sep 17 00:00:00 2001 From: Daniel Roe Date: Tue, 2 Nov 2021 13:28:43 +0000 Subject: [PATCH 3/5] test: add more test cases --- .../samples/sanitize-chunk-names/_config.js | 2 +- .../_expected/amd/another-_slug_-_result.js | 7 +++++++ .../_expected/cjs/another-_slug_-_result.js | 5 +++++ .../_expected/es/another-_slug_-_result.js | 3 +++ .../_expected/system/another-_slug_-_result.js | 10 ++++++++++ 5 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 test/chunking-form/samples/sanitize-chunk-names/_expected/amd/another-_slug_-_result.js create mode 100644 test/chunking-form/samples/sanitize-chunk-names/_expected/cjs/another-_slug_-_result.js create mode 100644 test/chunking-form/samples/sanitize-chunk-names/_expected/es/another-_slug_-_result.js create mode 100644 test/chunking-form/samples/sanitize-chunk-names/_expected/system/another-_slug_-_result.js diff --git a/test/chunking-form/samples/sanitize-chunk-names/_config.js b/test/chunking-form/samples/sanitize-chunk-names/_config.js index ef6faaae57c..a7be50fa92d 100644 --- a/test/chunking-form/samples/sanitize-chunk-names/_config.js +++ b/test/chunking-form/samples/sanitize-chunk-names/_config.js @@ -5,7 +5,7 @@ module.exports = { plugins: [ { options(options) { - options.input = ['\0virtual:entry-1', '\0virtual:entry-2']; + options.input = ['\0virtual:entry-1', '\0virtual:entry-2', 'another-[slug]-#result']; return options; }, resolveId(id) { diff --git a/test/chunking-form/samples/sanitize-chunk-names/_expected/amd/another-_slug_-_result.js b/test/chunking-form/samples/sanitize-chunk-names/_expected/amd/another-_slug_-_result.js new file mode 100644 index 00000000000..8084d5299ae --- /dev/null +++ b/test/chunking-form/samples/sanitize-chunk-names/_expected/amd/another-_slug_-_result.js @@ -0,0 +1,7 @@ +define((function () { 'use strict'; + + var another__slug___result = "another-[slug]-#result"; + + return another__slug___result; + +})); diff --git a/test/chunking-form/samples/sanitize-chunk-names/_expected/cjs/another-_slug_-_result.js b/test/chunking-form/samples/sanitize-chunk-names/_expected/cjs/another-_slug_-_result.js new file mode 100644 index 00000000000..f65b7e77854 --- /dev/null +++ b/test/chunking-form/samples/sanitize-chunk-names/_expected/cjs/another-_slug_-_result.js @@ -0,0 +1,5 @@ +'use strict'; + +var another__slug___result = "another-[slug]-#result"; + +module.exports = another__slug___result; diff --git a/test/chunking-form/samples/sanitize-chunk-names/_expected/es/another-_slug_-_result.js b/test/chunking-form/samples/sanitize-chunk-names/_expected/es/another-_slug_-_result.js new file mode 100644 index 00000000000..1e0602cfd60 --- /dev/null +++ b/test/chunking-form/samples/sanitize-chunk-names/_expected/es/another-_slug_-_result.js @@ -0,0 +1,3 @@ +var another__slug___result = "another-[slug]-#result"; + +export { another__slug___result as default }; diff --git a/test/chunking-form/samples/sanitize-chunk-names/_expected/system/another-_slug_-_result.js b/test/chunking-form/samples/sanitize-chunk-names/_expected/system/another-_slug_-_result.js new file mode 100644 index 00000000000..3c18358edd3 --- /dev/null +++ b/test/chunking-form/samples/sanitize-chunk-names/_expected/system/another-_slug_-_result.js @@ -0,0 +1,10 @@ +System.register([], (function (exports) { + 'use strict'; + return { + execute: (function () { + + var another__slug___result = exports('default', "another-[slug]-#result"); + + }) + }; +})); From e50978c6158c58161a25a64d1d74a926f5a70f46 Mon Sep 17 00:00:00 2001 From: Daniel Roe Date: Tue, 2 Nov 2021 16:18:31 +0000 Subject: [PATCH 4/5] fix: remove path separator from regex --- src/utils/sanitizeFileName.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/utils/sanitizeFileName.ts b/src/utils/sanitizeFileName.ts index 79682d48527..22ee05188a9 100644 --- a/src/utils/sanitizeFileName.ts +++ b/src/utils/sanitizeFileName.ts @@ -1,6 +1,6 @@ // https://datatracker.ietf.org/doc/html/rfc2396 // eslint-disable-next-line no-control-regex -const INVALID_CHAR_RE = /[?*:\x00-\x1f\x7f<>#"{}|\\^[\]`]/g; +const INVALID_CHAR_RE = /[?*:\x00-\x1f\x7f<>#"{}|^[\]`]/g; export function sanitizeFileName(name: string): string { const match = /^[a-z]:/i.exec(name); From 122a30e15f0725d6df262411814b2e021753384f Mon Sep 17 00:00:00 2001 From: Daniel Roe Date: Mon, 8 Nov 2021 09:19:35 +0000 Subject: [PATCH 5/5] fix: exclude other reserved characters (with exception of `@`) https://datatracker.ietf.org/doc/html/rfc2396#section-2.2 --- src/utils/sanitizeFileName.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/utils/sanitizeFileName.ts b/src/utils/sanitizeFileName.ts index 22ee05188a9..17585c3e2ba 100644 --- a/src/utils/sanitizeFileName.ts +++ b/src/utils/sanitizeFileName.ts @@ -1,6 +1,6 @@ // https://datatracker.ietf.org/doc/html/rfc2396 // eslint-disable-next-line no-control-regex -const INVALID_CHAR_RE = /[?*:\x00-\x1f\x7f<>#"{}|^[\]`]/g; +const INVALID_CHAR_RE = /[\x00-\x1F\x7F<>*#"{}|^[\]`;?:&=+$,]/g; export function sanitizeFileName(name: string): string { const match = /^[a-z]:/i.exec(name);