fix: escape % if URI malformed (#5535)

* fix: escape % if URI malformed

* refactor: We recognize that decodeURIComponent exists in most of environment

* revert sanitize-chunk-names test

* fix: define internal functions to prevent being tree-shaken

* add tests

* add % to INVALID_CHAR_REGEX

---------

Co-authored-by: Lukas Taegert-Atkinson <[email protected]>

src/utils/sanitizeFileName.ts

@@ -1,6 +1,6 @@
 // https://datatracker.ietf.org/doc/html/rfc2396
 // eslint-disable-next-line no-control-regex
-const INVALID_CHAR_REGEX = /[\u0000-\u001F"#$&*+,:;<=>?[\]^`{|}\u007F]/g;
+const INVALID_CHAR_REGEX = /[\u0000-\u001F"#$%&*+,:;<=>?[\]^`{|}\u007F]/g;
 const DRIVE_LETTER_REGEX = /^[a-z]:/i;
 
 export function sanitizeFileName(name: string): string {

test/chunking-form/samples/sanitize-percent-encoding1/_config.js

@@ -0,0 +1,6 @@
+module.exports = defineTest({
+	description: 'make sure illegal percent encoding is sanitized',
+	options: {
+		input: ['main.js']
+	}
+});

test/chunking-form/samples/sanitize-percent-encoding1/_expected/amd/main.js

@@ -0,0 +1,24 @@
+define((function () { 'use strict';
+
+	function module1() {
+		console.log('foo%20bar');
+	}
+
+	function module2() {
+		console.log('foo%bar');
+	}
+
+	function module3() {
+		console.log('foo%E3%81%82bar');
+	}
+
+	function module4() {
+		console.log('foo%E3%81bar');
+	}
+
+	module1();
+	module2();
+	module3();
+	module4();
+
+}));

test/chunking-form/samples/sanitize-percent-encoding1/_expected/cjs/main.js

@@ -0,0 +1,22 @@
+'use strict';
+
+function module1() {
+	console.log('foo%20bar');
+}
+
+function module2() {
+	console.log('foo%bar');
+}
+
+function module3() {
+	console.log('foo%E3%81%82bar');
+}
+
+function module4() {
+	console.log('foo%E3%81bar');
+}
+
+module1();
+module2();
+module3();
+module4();

test/chunking-form/samples/sanitize-percent-encoding1/_expected/es/main.js

@@ -0,0 +1,20 @@
+function module1() {
+	console.log('foo%20bar');
+}
+
+function module2() {
+	console.log('foo%bar');
+}
+
+function module3() {
+	console.log('foo%E3%81%82bar');
+}
+
+function module4() {
+	console.log('foo%E3%81bar');
+}
+
+module1();
+module2();
+module3();
+module4();

test/chunking-form/samples/sanitize-percent-encoding1/_expected/system/main.js

@@ -0,0 +1,29 @@
+System.register([], (function () {
+	'use strict';
+	return {
+		execute: (function () {
+
+			function module1() {
+				console.log('foo%20bar');
+			}
+
+			function module2() {
+				console.log('foo%bar');
+			}
+
+			function module3() {
+				console.log('foo%E3%81%82bar');
+			}
+
+			function module4() {
+				console.log('foo%E3%81bar');
+			}
+
+			module1();
+			module2();
+			module3();
+			module4();
+
+		})
+	};
+}));

test/chunking-form/samples/sanitize-percent-encoding1/foo%20bar.js

@@ -0,0 +1,3 @@
+export function module1() {
+	console.log('foo%20bar');
+}

test/chunking-form/samples/sanitize-percent-encoding1/foo%E3%81%82bar.js

@@ -0,0 +1,3 @@
+export function module3() {
+	console.log('foo%E3%81%82bar');
+}

test/chunking-form/samples/sanitize-percent-encoding1/foo%E3%81bar.js

@@ -0,0 +1,3 @@
+export function module4() {
+	console.log('foo%E3%81bar');
+}

test/chunking-form/samples/sanitize-percent-encoding1/foo%bar.js

@@ -0,0 +1,3 @@
+export function module2() {
+	console.log('foo%bar');
+}

test/chunking-form/samples/sanitize-percent-encoding1/main.js

@@ -0,0 +1,9 @@
+import { module1 } from './foo%20bar';
+import { module2 } from './foo%bar';
+import { module3 } from './foo%E3%81%82bar';
+import { module4 } from './foo%E3%81bar';
+
+module1();
+module2();
+module3();
+module4();

test/chunking-form/samples/sanitize-percent-encoding2/_config.js

@@ -0,0 +1,6 @@
+module.exports = defineTest({
+	description: 'make sure illegal percent encoding is sanitized for dynamic imports',
+	options: {
+		input: ['main.js']
+	}
+});

test/chunking-form/samples/sanitize-percent-encoding2/_expected/amd/generated-foo_20bar.js

@@ -0,0 +1,5 @@
+define((function () { 'use strict';
+
+	console.log('foo%20bar');
+
+}));

test/chunking-form/samples/sanitize-percent-encoding2/_expected/amd/generated-foo_E3_81_82bar.js

@@ -0,0 +1,5 @@
+define((function () { 'use strict';
+
+	console.log('foo%E3%81%82bar');
+
+}));

test/chunking-form/samples/sanitize-percent-encoding2/_expected/amd/generated-foo_E3_81bar.js

@@ -0,0 +1,5 @@
+define((function () { 'use strict';
+
+	console.log('foo%E3%81bar');
+
+}));

test/chunking-form/samples/sanitize-percent-encoding2/_expected/amd/generated-foo_bar.js

@@ -0,0 +1,5 @@
+define((function () { 'use strict';
+
+	console.log('foo%bar');
+
+}));

test/chunking-form/samples/sanitize-percent-encoding2/_expected/amd/main.js

@@ -0,0 +1,13 @@
+define(['require', 'exports'], (function (require, exports) { 'use strict';
+
+	const lazy1 = new Promise(function (resolve, reject) { require(['./generated-foo_20bar'], resolve, reject); });
+	const lazy2 = new Promise(function (resolve, reject) { require(['./generated-foo_bar'], resolve, reject); });
+	const lazy3 = new Promise(function (resolve, reject) { require(['./generated-foo_E3_81_82bar'], resolve, reject); });
+	const lazy4 = new Promise(function (resolve, reject) { require(['./generated-foo_E3_81bar'], resolve, reject); });
+
+	exports.lazy1 = lazy1;
+	exports.lazy2 = lazy2;
+	exports.lazy3 = lazy3;
+	exports.lazy4 = lazy4;
+
+}));

test/chunking-form/samples/sanitize-percent-encoding2/_expected/cjs/generated-foo_20bar.js

@@ -0,0 +1,3 @@
+'use strict';
+
+console.log('foo%20bar');

test/chunking-form/samples/sanitize-percent-encoding2/_expected/cjs/generated-foo_E3_81_82bar.js

@@ -0,0 +1,3 @@
+'use strict';
+
+console.log('foo%E3%81%82bar');

test/chunking-form/samples/sanitize-percent-encoding2/_expected/cjs/generated-foo_E3_81bar.js

@@ -0,0 +1,3 @@
+'use strict';
+
+console.log('foo%E3%81bar');

test/chunking-form/samples/sanitize-percent-encoding2/_expected/cjs/generated-foo_bar.js

@@ -0,0 +1,3 @@
+'use strict';
+
+console.log('foo%bar');

test/chunking-form/samples/sanitize-percent-encoding2/_expected/cjs/main.js

@@ -0,0 +1,11 @@
+'use strict';
+
+const lazy1 = Promise.resolve().then(function () { return require('./generated-foo_20bar.js'); });
+const lazy2 = Promise.resolve().then(function () { return require('./generated-foo_bar.js'); });
+const lazy3 = Promise.resolve().then(function () { return require('./generated-foo_E3_81_82bar.js'); });
+const lazy4 = Promise.resolve().then(function () { return require('./generated-foo_E3_81bar.js'); });
+
+exports.lazy1 = lazy1;
+exports.lazy2 = lazy2;
+exports.lazy3 = lazy3;
+exports.lazy4 = lazy4;

test/chunking-form/samples/sanitize-percent-encoding2/_expected/es/generated-foo_20bar.js

@@ -0,0 +1 @@
+console.log('foo%20bar');

test/chunking-form/samples/sanitize-percent-encoding2/_expected/es/generated-foo_E3_81_82bar.js

@@ -0,0 +1 @@
+console.log('foo%E3%81%82bar');

test/chunking-form/samples/sanitize-percent-encoding2/_expected/es/generated-foo_E3_81bar.js

@@ -0,0 +1 @@
+console.log('foo%E3%81bar');

test/chunking-form/samples/sanitize-percent-encoding2/_expected/es/generated-foo_bar.js

@@ -0,0 +1 @@
+console.log('foo%bar');

test/chunking-form/samples/sanitize-percent-encoding2/_expected/es/main.js

@@ -0,0 +1,6 @@
+const lazy1 = import('./generated-foo_20bar.js');
+const lazy2 = import('./generated-foo_bar.js');
+const lazy3 = import('./generated-foo_E3_81_82bar.js');
+const lazy4 = import('./generated-foo_E3_81bar.js');
+
+export { lazy1, lazy2, lazy3, lazy4 };

test/chunking-form/samples/sanitize-percent-encoding2/_expected/system/generated-foo_20bar.js

@@ -0,0 +1,10 @@
+System.register([], (function () {
+	'use strict';
+	return {
+		execute: (function () {
+
+			console.log('foo%20bar');
+
+		})
+	};
+}));

test/chunking-form/samples/sanitize-percent-encoding2/_expected/system/generated-foo_E3_81_82bar.js

@@ -0,0 +1,10 @@
+System.register([], (function () {
+	'use strict';
+	return {
+		execute: (function () {
+
+			console.log('foo%E3%81%82bar');
+
+		})
+	};
+}));

test/chunking-form/samples/sanitize-percent-encoding2/_expected/system/generated-foo_E3_81bar.js

@@ -0,0 +1,10 @@
+System.register([], (function () {
+	'use strict';
+	return {
+		execute: (function () {
+
+			console.log('foo%E3%81bar');
+
+		})
+	};
+}));

test/chunking-form/samples/sanitize-percent-encoding2/_expected/system/generated-foo_bar.js

@@ -0,0 +1,10 @@
+System.register([], (function () {
+	'use strict';
+	return {
+		execute: (function () {
+
+			console.log('foo%bar');
+
+		})
+	};
+}));

test/chunking-form/samples/sanitize-percent-encoding2/_expected/system/main.js

@@ -0,0 +1,13 @@
+System.register([], (function (exports, module) {
+	'use strict';
+	return {
+		execute: (function () {
+
+			const lazy1 = exports("lazy1", module.import('./generated-foo_20bar.js'));
+			const lazy2 = exports("lazy2", module.import('./generated-foo_bar.js'));
+			const lazy3 = exports("lazy3", module.import('./generated-foo_E3_81_82bar.js'));
+			const lazy4 = exports("lazy4", module.import('./generated-foo_E3_81bar.js'));
+
+		})
+	};
+}));

test/chunking-form/samples/sanitize-percent-encoding2/foo%20bar.js

@@ -0,0 +1 @@
+console.log('foo%20bar');

test/chunking-form/samples/sanitize-percent-encoding2/foo%E3%81%82bar.js

@@ -0,0 +1 @@
+console.log('foo%E3%81%82bar');

test/chunking-form/samples/sanitize-percent-encoding2/foo%E3%81bar.js

@@ -0,0 +1 @@
+console.log('foo%E3%81bar');

test/chunking-form/samples/sanitize-percent-encoding2/foo%bar.js

@@ -0,0 +1 @@
+console.log('foo%bar');

test/chunking-form/samples/sanitize-percent-encoding2/main.js

@@ -0,0 +1,4 @@
+export const lazy1 = import('./foo%20bar');
+export const lazy2 = import('./foo%bar');
+export const lazy3 = import('./foo%E3%81%82bar');
+export const lazy4 = import('./foo%E3%81bar');

test/chunking-form/samples/sanitize-percent-encoding3/_config.js

@@ -0,0 +1,20 @@
+module.exports = defineTest({
+	description: 'make sure illegal percent encoding is sanitized for virtual entry points',
+	options: {
+		input: ['main'],
+		plugins: [
+			{
+				options(options) {
+					options.input = ['foo%bar', 'foo%20bar', 'foo%E3%81%82bar', 'foo%E3%81bar'];
+					return options;
+				},
+				resolveId(id) {
+					return id;
+				},
+				load(id) {
+					return 'export default ' + JSON.stringify(id);
+				}
+			}
+		]
+	}
+});

test/chunking-form/samples/sanitize-percent-encoding3/_expected/amd/foo_20bar.js

@@ -0,0 +1,7 @@
+define((function () { 'use strict';
+
+	var foo_20bar = "foo%20bar";
+
+	return foo_20bar;
+
+}));

test/chunking-form/samples/sanitize-percent-encoding3/_expected/amd/foo_E3_81_82bar.js

@@ -0,0 +1,7 @@
+define((function () { 'use strict';
+
+	var foo_E3_81_82bar = "foo%E3%81%82bar";
+
+	return foo_E3_81_82bar;
+
+}));

test/chunking-form/samples/sanitize-percent-encoding3/_expected/amd/foo_E3_81bar.js

@@ -0,0 +1,7 @@
+define((function () { 'use strict';
+
+	var foo_E3_81bar = "foo%E3%81bar";
+
+	return foo_E3_81bar;
+
+}));

test/chunking-form/samples/sanitize-percent-encoding3/_expected/amd/foo_bar.js

@@ -0,0 +1,7 @@
+define((function () { 'use strict';
+
+	var foo_bar = "foo%bar";
+
+	return foo_bar;
+
+}));

test/chunking-form/samples/sanitize-percent-encoding3/_expected/cjs/foo_20bar.js

@@ -0,0 +1,5 @@
+'use strict';
+
+var foo_20bar = "foo%20bar";
+
+module.exports = foo_20bar;

test/chunking-form/samples/sanitize-percent-encoding3/_expected/cjs/foo_E3_81_82bar.js

@@ -0,0 +1,5 @@
+'use strict';
+
+var foo_E3_81_82bar = "foo%E3%81%82bar";
+
+module.exports = foo_E3_81_82bar;

test/chunking-form/samples/sanitize-percent-encoding3/_expected/cjs/foo_E3_81bar.js

@@ -0,0 +1,5 @@
+'use strict';
+
+var foo_E3_81bar = "foo%E3%81bar";
+
+module.exports = foo_E3_81bar;

test/chunking-form/samples/sanitize-percent-encoding3/_expected/cjs/foo_bar.js

@@ -0,0 +1,5 @@
+'use strict';
+
+var foo_bar = "foo%bar";
+
+module.exports = foo_bar;

test/chunking-form/samples/sanitize-percent-encoding3/_expected/es/foo_20bar.js

@@ -0,0 +1,3 @@
+var foo_20bar = "foo%20bar";
+
+export { foo_20bar as default };

test/chunking-form/samples/sanitize-percent-encoding3/_expected/es/foo_E3_81_82bar.js

@@ -0,0 +1,3 @@
+var foo_E3_81_82bar = "foo%E3%81%82bar";
+
+export { foo_E3_81_82bar as default };

test/chunking-form/samples/sanitize-percent-encoding3/_expected/es/foo_E3_81bar.js

@@ -0,0 +1,3 @@
+var foo_E3_81bar = "foo%E3%81bar";
+
+export { foo_E3_81bar as default };

test/chunking-form/samples/sanitize-percent-encoding3/_expected/es/foo_bar.js

@@ -0,0 +1,3 @@
+var foo_bar = "foo%bar";
+
+export { foo_bar as default };