jsDeliver packages that use special characters in their 'import' statements fail the IMPORT_REGEX test in jsDelivrEsmResolver.php #57969
Comments
|
I started something some time ago, maybe it's time to rework on it #54134 |
|
For the immediate need, And this is an immediate need. |
|
Do you want to open a PR with your suggestion? |
|
I do not. I am not well-positioned to contribute to OSS projects in this role. |
|
Can you check if this PR solves your problem ? #58046 |
|
That PR Resolves my issue, thanks! |
This PR was merged into the 6.4 branch. Discussion ---------- [AssetMapper] Fix JsDeliver import regexp | Q | A | ------------- | --- | Branch? | 6.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix #57969 | License | MIT Following import were not handled in the JSDeliverEsmResolver, due to the `$` character. ```js import jQuery$1 from "/npm/[email protected]/+esm"; ``` This PR updates the regex to handle this case. Commits ------- 45f3835 [AssetMapper] Fix JsDeliver import regexp
|
This bug also affects 7.x |
|
Yep, this PR targets the lowest maintained version concerned by the bug (6.4), and symfony mergers will propagate the fix up to the most recent one (7.1 & 7.2) https://symfony.com/doc/current/_build/maintainer_guide.html#step-3-merge-it-into-the-other-branches It's just a matter of time ;) |
Symfony version(s) affected
6.4 and upward
Description
The package
@progress/kendo-uiimports jQuery asjQuery$1(url https://cdn.jsdelivr.net/npm/@progress/[email protected]/+esm )This breaks the regex at https://github.com/symfony/asset-mapper/blob/7.1/ImportMap/Resolver/JsDelivrEsmResolver.php#L31
How to reproduce
Try to require any package where the
importstatement uses a valid javascript variable name (any char, number class plus $, _) that doesn't match the regex\w. as an example,@progress/kendo-uiwhich requires jsQuery using the variable namejQuery$1Possible Solution
The regex could be rewritten to
'#(?:import\s*(?:[\w\$\d]+,)?(?:(?:\{[^}]*\}|[\w\$\d]+|\*\s*as\s+\w+)\s*\bfrom\s*)?|export\s*(?:\{[^}]*\}|\*)\s*from\s*)("/npm/((?:@[^/]+/)?[^@]+?)(?:@([^/]+))?((?:/[^/]+)*?)/\+esm")#'to capture $, but this is still fraught with danger as javascript variable names may include Unicode surprises.Additional Context
Additionally, if the content is very large, there may be pcre.backtrack_limit errors. (trying to replace the
[\w\$\d]references with[^\s]references would lead to NULL results in preg_replace_callback due to backtrack errors in the regex.)This feature may need to be completely rewritten to avoid regular expressions.
The text was updated successfully, but these errors were encountered: