Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vite does not sanitize path leading up to glob before handing it to fast-glob #9833

Closed
7 tasks done
dummdidumm opened this issue Aug 25, 2022 · 2 comments
Closed
7 tasks done

Vite does not sanitize path leading up to glob before handing it to fast-glob #9833

dummdidumm opened this issue Aug 25, 2022 · 2 comments
Labels
p3-downstream-blocker Blocking the downstream ecosystem to work properly (priority)

Comments

@dummdidumm
Copy link
Contributor

dummdidumm commented Aug 25, 2022
edited

Describe the bug

import.meta.glob does not work when executing inside a path that has braces, the files to glob are not found because of a missing glob sanitization.

Example:

|- (blog)
  |- post.md
  |- find-posts.js

If I do import.meta.glob('./*.md') the file isn't found. The culprit is the toAbsoluteGlob function in the Vite codebase not sanitizing the path leading up to the glob. That path could contain characters that are special to fast-glob, like (, ), [, ].

This affects SvelteKit users since the layout rework because folders starting with ( and ending with ) like (group) have special meaning now, which means people start using that, and all import.meta.glob invocations inside such folders won't work: sveltejs/kit#6239

Reproduction

https://stackblitz.com/edit/vitejs-vite-brmhvp?file=main.js,(blog)%2Ffind-posts.js,blog%2Ffind-posts.js&terminal=dev

System Info

System:
    OS: Windows 10 10.0.19044
    CPU: (8) x64 11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz
    Memory: 18.71 GB / 31.85 GB
  Binaries:
    Node: 16.16.0 - C:\Program Files\nodejs\node.EXE
    Yarn: 1.22.19 - ~\AppData\Roaming\npm\yarn.CMD
    npm: 8.11.0 - C:\Program Files\nodejs\npm.CMD
  Browsers:
    Edge: Spartan (44.19041.1266.0), Chromium (104.0.1293.63)
    Internet Explorer: 11.0.19041.1566
  npmPackages:
    vite: ^3.0.9 => 3.0.9

Used Package Manager

pnpm

Logs

No response

Validations
@dummdidumm dummdidumm mentioned this issue Aug 25, 2022
Closed
@benmccann benmccann added bug p3-downstream-blocker Blocking the downstream ecosystem to work properly (priority) and removed pending triage labels Aug 25, 2022
@dominikg
Copy link
Contributor

The code mentioned is here https://github.com/vitejs/vite/blob/main/packages/vite/src/node/plugins/importMetaGlob.ts#L478-L484

Currently discussing a problem where globs using aliases are making it hard to impossible to tell which part of the resolved path is the glob.

@dominikg dominikg mentioned this issue Aug 25, 2022
Merged
9 tasks
@patak-dev
Copy link
Member

fixed by #9842

@github-actions github-actions bot locked and limited conversation to collaborators Sep 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
p3-downstream-blocker Blocking the downstream ecosystem to work properly (priority)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@benmccann @patak-dev @dominikg @dummdidumm