Skip to content

observable build allows files outside of the source root to be copied #99

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mbostock opened this issue Nov 4, 2023 · 0 comments · Fixed by #103
Closed

observable build allows files outside of the source root to be copied #99

mbostock opened this issue Nov 4, 2023 · 0 comments · Fixed by #103
Assignees
@Fil
Labels
bug Something isn’t working

Comments

@mbostock
Copy link
Member

mbostock commented Nov 4, 2023

This appears to be a regression in #89 which removed the isLocalFile check here:

e715830#diff-af4191cdea0d822d0199df1884ab420fd59f9db884a921be717ee21b20028248

As an example, consider this docs/index.md:

```js
const data = FileAttachment("../README.md").text();
```

Running observable build results in:

% yarn build
yarn run v1.22.19
$ rm -rf dist && ./bin/observable.ts build
render docs/contributing.md → dist/contributing.html
render docs/index.md → dist/index.html
render docs/javascript.md → dist/javascript.html
render docs/markdown.md → dist/markdown.html
copy public/client.js → dist/_observablehq/client.js
copy public/database.js → dist/_observablehq/database.js
copy public/style.css → dist/_observablehq/style.css
copy README.md → dist/README.md
copy docs/gistemp.csv → dist/_file/gistemp.csv
copy node_modules/@observablehq/runtime/dist/runtime.js → dist/_observablehq/runtime.js
✨  Done in 0.79s.

Note the copy README.md → dist/README.md. This should not be allowed.
@mbostock mbostock added the bug Something isn’t working label Nov 4, 2023
@Fil Fil self-assigned this Nov 6, 2023
Fil added a commit that referenced this issue Nov 6, 2023
@Fil
build filters files outside the root
5011e82 
reverts part of #89

fixes #99
@Fil Fil mentioned this issue Nov 6, 2023
Merged
1 task
mbostock added a commit that referenced this issue Nov 9, 2023
@Fil @mbostock
build filters files outside the root (#103)
9c399c7 
* build filters files outside the root
reverts part of #89

fixes #99

* fix tests and test imports of non-existing files

* more tests but I'm not sure if I'm using this correctly

* Update test/input/bar.js

Co-authored-by: Mike Bostock <[email protected]>

* fix test

* fix test, align signatures

* don’t canReadSync in isLocalPath

* syntax error on non-local file path

---------

Co-authored-by: Mike Bostock <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Fil Fil

Labels
bug Something isn’t working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

build filters files outside the root observablehq/framework
2 participants
@Fil @mbostock