Skip to content

fix(rspack): support getPublicPath#3422

Merged
2heal1 merged 2 commits intomainfrom
fix/rspack-getpublicpath
Mar 17, 2025
Merged

fix(rspack): support getPublicPath#3422
2heal1 merged 2 commits intomainfrom
fix/rspack-getpublicpath

Conversation

@2heal1
Copy link
Member

@2heal1 2heal1 commented Jan 3, 2025

Description

rspack plugin support getPublicPath

Related Issue

Types of changes

  • Docs change / refactoring / dependency upgrade
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • I have updated the documentation.

@changeset-bot
Copy link

changeset-bot bot commented Jan 3, 2025

🦋 Changeset detected

Latest commit: 4e8ba83

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 30 packages
Name Type
@module-federation/rspack Patch
@module-federation/enhanced Patch
@module-federation/modern-js Patch
@module-federation/nextjs-mf Patch
@module-federation/node Patch
@module-federation/rsbuild-plugin Patch
@module-federation/storybook-addon Patch
@module-federation/modernjsapp Patch
@module-federation/runtime Patch
@module-federation/webpack-bundler-runtime Patch
@module-federation/sdk Patch
@module-federation/runtime-tools Patch
@module-federation/managers Patch
@module-federation/manifest Patch
@module-federation/dts-plugin Patch
@module-federation/third-party-dts-extractor Patch
@module-federation/devtools Patch
@module-federation/bridge-react Patch
@module-federation/bridge-vue3 Patch
@module-federation/bridge-shared Patch
@module-federation/bridge-react-webpack-plugin Patch
@module-federation/retry-plugin Patch
@module-federation/data-prefetch Patch
@module-federation/error-codes Patch
@module-federation/inject-external-runtime-core-plugin Patch
@module-federation/runtime-core Patch
create-module-federation Patch
@module-federation/esbuild Patch
@module-federation/utilities Patch
website-new Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@netlify
Copy link

netlify bot commented Jan 3, 2025

Deploy Preview for module-federation-docs ready!

Name Link
🔨 Latest commit 4e8ba83
🔍 Latest deploy log https://app.netlify.com/sites/module-federation-docs/deploys/67d7ef1934deea0008549cd6
😎 Deploy Preview https://deploy-preview-3422--module-federation-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

} = new Function(${JSON.stringify(sanitizedPublicPath)})()`;
} else {
code = `(${this._getPublicPath})()`;
code = `${
Copy link
Member Author

@2heal1 2heal1 Jan 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ScriptedAlchemy hey , i see this just call the function before , not sure whether you forget add webpackRequire.p = function(){} or you want to users pass getPublicPath and assign by themself like getPublicPath: function(){ webpackRequire.p = 'https://' }

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

originally i had implemented it with the ability to accept arguments, but i think you were concerned about backward compat, so we did not add arguments to the function call. But originally i had intended for this capability to exist, and removed it after you raised some concern many months ago

@github-actions
Copy link
Contributor

Stale pull request message

@2heal1 2heal1 force-pushed the fix/rspack-getpublicpath branch 3 times, most recently from 522f3ec to d916eed Compare March 17, 2025 08:52
@2heal1 2heal1 force-pushed the fix/rspack-getpublicpath branch from d916eed to c13b942 Compare March 17, 2025 09:06
code = `${
compiler.webpack.RuntimeGlobals.publicPath
} = new Function(${JSON.stringify(this._getPublicPath)})()`;
} = new Function(${JSON.stringify(sanitizedPublicPath)})()`;

Check warning

Code scanning / CodeQL

Improper code sanitization Medium

Code construction depends on an
improperly sanitized value
.

Copilot Autofix

AI 11 months ago

To fix the problem, we need to ensure that the sanitizedPublicPath is properly sanitized before being used in the dynamic code execution. We can enhance the escapeUnsafeChars function to cover a broader range of potentially dangerous characters and sequences. Additionally, we should ensure that the sanitizedPublicPath is properly escaped before being passed to JSON.stringify.

  • Enhance the escapeUnsafeChars function to cover more potentially dangerous characters.
  • Use the enhanced escapeUnsafeChars function to sanitize this._getPublicPath.
  • Ensure that the sanitized value is properly escaped before being used in dynamic code execution.
Suggested changeset 1
packages/rspack/src/RemoteEntryPlugin.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/rspack/src/RemoteEntryPlugin.ts b/packages/rspack/src/RemoteEntryPlugin.ts
--- a/packages/rspack/src/RemoteEntryPlugin.ts
+++ b/packages/rspack/src/RemoteEntryPlugin.ts
@@ -20,3 +20,3 @@
 function escapeUnsafeChars(str: string) {
-  return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029\\]/g, (x) => charMap[x]);
+  return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029\\]/g, (x) => charMap[x]).replace(/['"]/g, (x) => '\\' + x);
 }
@@ -40,3 +40,3 @@
         compiler.webpack.RuntimeGlobals.publicPath
-      } = new Function(${JSON.stringify(sanitizedPublicPath)})()`;
+      } = new Function(${JSON.stringify(escapeUnsafeChars(sanitizedPublicPath))})()`;
     } else {
EOF
@@ -20,3 +20,3 @@
function escapeUnsafeChars(str: string) {
return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029\\]/g, (x) => charMap[x]);
return str.replace(/[<>\b\f\n\r\t\0\u2028\u2029\\]/g, (x) => charMap[x]).replace(/['"]/g, (x) => '\\' + x);
}
@@ -40,3 +40,3 @@
compiler.webpack.RuntimeGlobals.publicPath
} = new Function(${JSON.stringify(sanitizedPublicPath)})()`;
} = new Function(${JSON.stringify(escapeUnsafeChars(sanitizedPublicPath))})()`;
} else {
Copilot is powered by AI and may make mistakes. Always verify output.
@2heal1 2heal1 merged commit c01715a into main Mar 17, 2025
16 checks passed
@2heal1 2heal1 deleted the fix/rspack-getpublicpath branch March 17, 2025 11:27
@2heal1 2heal1 mentioned this pull request Mar 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants