Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong sanitization between inputBase and module ID #5446

Open
jangxyz opened this issue Mar 28, 2024 · 2 comments
Open

Wrong sanitization between inputBase and module ID #5446

jangxyz opened this issue Mar 28, 2024 · 2 comments
Labels
t¹ 🐞 bug t⁸ ⋅ triage

Comments

@jangxyz
Copy link

jangxyz commented Mar 28, 2024

Rollup Version

v4.13.1

Operating System (or Browser)

macos

Node Version (if applicable)

v21

Link To Reproduction

https://stackblitz.com/edit/rollup-repro-s7capj?file=projects%2F%5Bsubject%5D%2Frollup-sanitize%2Frollup.config.js&view=editor

Expected Behaviour

While trying to bundle with an external dependency, I found that the build fails when the absolute path contains some sanitizable characters -- I had square brackets ([]) somewhere in the parent directory.

Setup:

  • project lies in ~/project/[subject]/rollup-sanitize-1
  • build two bundles, app and lib, where app declares lib as external.

[!] RollupError: Invalid substitution "../../../../_subject_/rollup-sanitize-1/src/app/my_app" for placeholder "[name]" in "output.entryFileNames" pattern, can be neither absolute nor relative path.

(See screenshot below)

Actual Behaviour

Screenshot image

Screenshot of https://stackblitz.com/edit/rollup-repro-s7capj?file=projects%2F%5Bsubject%5D%2Frollup-sanitize%2Frollup.config.js&view=editor.

cd "projects/[subject]/rollup-sanitize-1"
npm install
npx rollup -c

Note there is a separate project folder in projects/_subject_/rollup-sanitize-2, which works.

Digging through the code, I've noticed there is a mismatch between sanitized module ID and inputBase(not sanitized). The code is in Chunk.ts:

class Chunk {
  getPreserveModulesChunkNameFromModule(module) {
    // ...
    const sanitizedId = sanitizeFileName(normalize(module.id.split(QUERY_HASH_REGEX, 1)[0]))
    // ...
    relative(this.inputBase, idWithoutExtension)
    // ...
  }
}

inputBase is assigned as a normal filepath (from generateChunks function in Bundle.ts) which is not sanizited, while idWithoutExtension has.

Hence while trying to find out the relative path from "[subject]/rollup-sanitize-1/src/app/" (not sanitized) to "_subject_/rollup-sanitize-1/src/app/my_app" (sanitized), it comes up with "../../../../_subject_/rollup-sanitize-1/src/app/my_app"

Technically, I could fix this on my side by:

  • not making any parent directories with unwise characters, or
  • passing --no-sanitizeFileName option.

Both approach are shown in the screenshot above,
where on the right panel you are building on a separate project directory (/_subject_/rollup-sanitize-2 instead of [subject]/rollup-sanitize-1),
and on the bottom you succeed with giving the --no-sanitizeFileName option.

I didn't know rollup was performing sanitization for the full path -- nor that it uses RFC 2396, and they declare some characters as 'unwise'(section 2.4.3). It would probably make more sense that rollup applies sanitizeFileName() for both module ID and inputBase, before performing relative()?
@MIDZTECHNOLOGY
Copy link

Please I would like to work on this

@lukastaegert
Copy link
Member

Yes, I agree this should be symmetric between inputBase and the ids, so inputBase should be sanitized too. PR welcome, @MIDZTECHNOLOGY!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
t¹ 🐞 bug t⁸ ⋅ triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jangxyz @lukastaegert @MIDZTECHNOLOGY