Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(rspack): support getPublicPath #3422

Merged
merged 2 commits into from
Mar 17, 2025
Merged

fix(rspack): support getPublicPath #3422

merged 2 commits into from
Mar 17, 2025
+803 −1,812

Conversation

2heal1
Copy link
Member

@2heal1 2heal1 commented Jan 3, 2025

Description

rspack plugin support getPublicPath

Related Issue

Types of changes

  • Docs change / refactoring / dependency upgrade
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • I have updated the documentation.

Sorry, something went wrong.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jan 3, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 4e8ba83

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 30 packages
Name Type
@module-federation/rspack Patch
@module-federation/enhanced Patch
@module-federation/modern-js Patch
@module-federation/nextjs-mf Patch
@module-federation/node Patch
@module-federation/rsbuild-plugin Patch
@module-federation/storybook-addon Patch
@module-federation/modernjsapp Patch
@module-federation/runtime Patch
@module-federation/webpack-bundler-runtime Patch
@module-federation/sdk Patch
@module-federation/runtime-tools Patch
@module-federation/managers Patch
@module-federation/manifest Patch
@module-federation/dts-plugin Patch
@module-federation/third-party-dts-extractor Patch
@module-federation/devtools Patch
@module-federation/bridge-react Patch
@module-federation/bridge-vue3 Patch
@module-federation/bridge-shared Patch
@module-federation/bridge-react-webpack-plugin Patch
@module-federation/retry-plugin Patch
@module-federation/data-prefetch Patch
@module-federation/error-codes Patch
@module-federation/inject-external-runtime-core-plugin Patch
@module-federation/runtime-core Patch
create-module-federation Patch
@module-federation/esbuild Patch
@module-federation/utilities Patch
website-new Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@netlify Netlify
Copy link

netlify bot commented Jan 3, 2025
edited
Loading

Deploy Preview for module-federation-docs ready!

Name Link
🔨 Latest commit 4e8ba83
🔍 Latest deploy log https://app.netlify.com/sites/module-federation-docs/deploys/67d7ef1934deea0008549cd6
😎 Deploy Preview https://deploy-preview-3422--module-federation-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

2heal1
2heal1 commented Jan 3, 2025
View reviewed changes
packages/rspack/src/RemoteEntryPlugin.ts Outdated
} else {
code = `(${this._getPublicPath})()`;
code = `${
Copy link
Member Author

@2heal1 2heal1 Jan 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ScriptedAlchemy hey , i see this just call the function before , not sure whether you forget add webpackRequire.p = function(){} or you want to users pass getPublicPath and assign by themself like getPublicPath: function(){ webpackRequire.p = 'https://' }

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

originally i had implemented it with the ability to accept arguments, but i think you were concerned about backward compat, so we did not add arguments to the function call. But originally i had intended for this capability to exist, and removed it after you raised some concern many months ago

@github-actions GitHub Actions
Copy link
Contributor

Stale pull request message

@2heal1 2heal1 force-pushed the fix/rspack-getpublicpath branch 3 times, most recently from 522f3ec to d916eed Compare March 17, 2025 08:52
@2heal1
fix(rspack): support getPublicPath
Loading
Loading status checks…
c13b942
@2heal1 2heal1 force-pushed the fix/rspack-getpublicpath branch from d916eed to c13b942 Compare March 17, 2025 09:06
@2heal1
fix: no pass original publicpath
Loading
Loading status checks…
4e8ba83
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 17, 2025
View reviewed changes
packages/rspack/src/RemoteEntryPlugin.ts
if (!this._getPublicPath.startsWith('function')) {
code = `${
compiler.webpack.RuntimeGlobals.publicPath
} = new Function(${JSON.stringify(this._getPublicPath)})()`;
} = new Function(${JSON.stringify(sanitizedPublicPath)})()`;

Check warning

Code scanning / CodeQL

Improper code sanitization Medium

Code construction depends on an
improperly sanitized value
Loading
.

Copilot Autofix AI 14 days ago

To fix the problem, we need to ensure that the sanitizedPublicPath is properly sanitized before being used in the dynamic code execution. We can enhance the escapeUnsafeChars function to cover a broader range of potentially dangerous characters and sequences. Additionally, we should ensure that the sanitizedPublicPath is properly escaped before being passed to JSON.stringify.

  • Enhance the escapeUnsafeChars function to cover more potentially dangerous characters.
  • Use the enhanced escapeUnsafeChars function to sanitize this._getPublicPath.
  • Ensure that the sanitized value is properly escaped before being used in dynamic code execution.
Suggested changeset 1
packages/rspack/src/RemoteEntryPlugin.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/rspack/src/RemoteEntryPlugin.ts b/packages/rspack/src/RemoteEntryPlugin.ts
--- a/packages/rspack/src/RemoteEntryPlugin.ts
+++ b/packages/rspack/src/RemoteEntryPlugin.ts
@@ -20,3 +20,3 @@
 function escapeUnsafeChars(str: string) {
-  return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029\\]/g, (x) => charMap[x]);
+  return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029\\]/g, (x) => charMap[x]).replace(/['"]/g, (x) => '\\' + x);
 }
@@ -40,3 +40,3 @@
         compiler.webpack.RuntimeGlobals.publicPath
-      } = new Function(${JSON.stringify(sanitizedPublicPath)})()`;
+      } = new Function(${JSON.stringify(escapeUnsafeChars(sanitizedPublicPath))})()`;
     } else {
EOF
@@ -20,3 +20,3 @@
function escapeUnsafeChars(str: string) {
return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029\\]/g, (x) => charMap[x]);
return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029\\]/g, (x) => charMap[x]).replace(/['"]/g, (x) => '\\' + x);
}
@@ -40,3 +40,3 @@
compiler.webpack.RuntimeGlobals.publicPath
} = new Function(${JSON.stringify(sanitizedPublicPath)})()`;
} = new Function(${JSON.stringify(escapeUnsafeChars(sanitizedPublicPath))})()`;
} else {
Copilot is powered by AI and may make mistakes. Always verify output.
@2heal1 2heal1 merged commit c01715a into main Mar 17, 2025
16 checks passed
@2heal1 2heal1 deleted the fix/rspack-getpublicpath branch March 17, 2025 11:27
@2heal1 2heal1 mentioned this pull request Mar 18, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ScriptedAlchemy ScriptedAlchemy

@zhoushaw zhoushaw

Assignees
No one assigned
Labels
change: fix no-pr-activity
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@2heal1 @ScriptedAlchemy