Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(rspack): support getPublicPath #3422

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Conversation

2heal1
Copy link
Member

@2heal1 2heal1 commented Jan 3, 2025

Description

rspack plugin support getPublicPath

Related Issue

Types of changes

  • Docs change / refactoring / dependency upgrade
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • I have updated the documentation.

Copy link

changeset-bot bot commented Jan 3, 2025

🦋 Changeset detected

Latest commit: f07aee4

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 29 packages
Name Type
@module-federation/rspack Patch
@module-federation/enhanced Patch
@module-federation/modern-js Patch
@module-federation/nextjs-mf Patch
@module-federation/node Patch
@module-federation/rsbuild-plugin Patch
@module-federation/storybook-addon Patch
@module-federation/modernjsapp Patch
@module-federation/runtime Patch
@module-federation/webpack-bundler-runtime Patch
@module-federation/sdk Patch
@module-federation/runtime-tools Patch
@module-federation/managers Patch
@module-federation/manifest Patch
@module-federation/dts-plugin Patch
@module-federation/third-party-dts-extractor Patch
@module-federation/devtools Patch
@module-federation/bridge-react Patch
@module-federation/bridge-vue3 Patch
@module-federation/bridge-shared Patch
@module-federation/bridge-react-webpack-plugin Patch
@module-federation/retry-plugin Patch
@module-federation/data-prefetch Patch
@module-federation/error-codes Patch
@module-federation/inject-external-runtime-core-plugin Patch
@module-federation/esbuild Patch
@module-federation/runtime-core Patch
@module-federation/utilities Patch
website-new Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

Copy link

netlify bot commented Jan 3, 2025

Deploy Preview for module-federation-docs ready!

Name Link
🔨 Latest commit f07aee4
🔍 Latest deploy log https://app.netlify.com/sites/module-federation-docs/deploys/677b46c2f35692000880fd11
😎 Deploy Preview https://deploy-preview-3422--module-federation-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

} else {
code = `(${this._getPublicPath})()`;
code = `${
Copy link
Member Author

@2heal1 2heal1 Jan 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ScriptedAlchemy hey , i see this just call the function before , not sure whether you forget add webpackRequire.p = function(){} or you want to users pass getPublicPath and assign by themself like getPublicPath: function(){ webpackRequire.p = 'https://' }

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

originally i had implemented it with the ability to accept arguments, but i think you were concerned about backward compat, so we did not add arguments to the function call. But originally i had intended for this capability to exist, and removed it after you raised some concern many months ago

if (!this._getPublicPath.startsWith('function')) {
code = `${
compiler.webpack.RuntimeGlobals.publicPath
} = new Function(${JSON.stringify(this._getPublicPath)})()`;
} = new Function(${JSON.stringify(sanitizedPublicPath)})()`;

Check warning

Code scanning / CodeQL

Improper code sanitization Medium

Code construction depends on an
improperly sanitized value
.

Copilot Autofix AI 16 days ago

To fix the problem, we need to ensure that the sanitizedPublicPath value is properly sanitized to prevent any potential code injection. We can achieve this by using a more robust sanitization method that escapes all potentially dangerous characters. Additionally, we should ensure that the JSON.stringify method is used correctly to handle the sanitized value.

  • Update the escapeUnsafeChars function to include all potentially dangerous characters.
  • Ensure that the sanitizedPublicPath value is properly escaped before using it in the JSON.stringify method.
Suggested changeset 1
packages/rspack/src/RemoteEntryPlugin.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/rspack/src/RemoteEntryPlugin.ts b/packages/rspack/src/RemoteEntryPlugin.ts
--- a/packages/rspack/src/RemoteEntryPlugin.ts
+++ b/packages/rspack/src/RemoteEntryPlugin.ts
@@ -20,3 +20,3 @@
 function escapeUnsafeChars(str: string) {
-  return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029\\]/g, (x) => charMap[x]);
+  return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029/\\]/g, (x) => charMap[x]);
 }
@@ -40,3 +40,3 @@
         compiler.webpack.RuntimeGlobals.publicPath
-      } = new Function(${JSON.stringify(sanitizedPublicPath)})()`;
+      } = new Function(${JSON.stringify(escapeUnsafeChars(sanitizedPublicPath))})()`;
     } else {
EOF
@@ -20,3 +20,3 @@
function escapeUnsafeChars(str: string) {
return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029\\]/g, (x) => charMap[x]);
return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029/\\]/g, (x) => charMap[x]);
}
@@ -40,3 +40,3 @@
compiler.webpack.RuntimeGlobals.publicPath
} = new Function(${JSON.stringify(sanitizedPublicPath)})()`;
} = new Function(${JSON.stringify(escapeUnsafeChars(sanitizedPublicPath))})()`;
} else {
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants