New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(utils): exclude invalid URL chars #4262
Conversation
* see [URL syntax: RFC 2396](https://datatracker.ietf.org/doc/html/rfc2396) * closes rollup#4222
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As we are sanitizing anyway and you can easily opt out by providing your own custom sanitizer, I agree that this is a reasonable default 👍
Codecov Report
@@ Coverage Diff @@
## master nuxt/framework#4262 +/- ##
=======================================
Coverage 98.39% 98.39%
=======================================
Files 204 204
Lines 7288 7289 +1
Branches 2081 2081
=======================================
+ Hits 7171 7172 +1
Misses 58 58
Partials 59 59
Continue to review full report at Codecov.
|
Would you welcome including these other characters too? If so I can update 👍 |
Should probably be fine to include as well |
027862d
to
122a30e
Compare
This PR contains:
Are tests included?
Breaking Changes?
List any relevant issue numbers:
resolves #4222
context: nuxt/nuxt#12606
Description
This PR removes characters that are excluded from valid URLs (see RFC 2396). As rollup-produced files may be consumed by browsers, this is one approach to provide broader ecosystem safety without requiring URL encoding.
The context is this issue. I'm aware we can simply sanitize downstream with output.sanitizeFilename, but felt that RFC2396 might be a reasonable standards-based reasong for excluding these characters.
This PR also serves to solve the issue (solely replicable in ESM context) where
#
in filenames breaks imports: #4222.In response to #4222, @lukastaegert observed:
I've marked this as non-breaking as I can't see how a chunk filename could be depended upon, but happily will defer. I'm also happy for this to be closed and to implement this instead with configuration with
output.sanitizeFilename
.