-
-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow modules and other attributes in script tags when copied #14038
Comments
👋 I like the idea and think it makes sense, however, yes, there would most definitely need to be an allowlist for both which attributes we allow and the values we allow for them. An example package config might look something like this on cdnjs, currently: {
"name": "a-happy-tyler",
"description": "Tyler is happy. Be like Tyler.",
"keywords": [
"tyler",
"happy"
],
"license": "MIT",
"repository": {
"type": "git",
"url": "git://github.com/tc80/a-happy-tyler.git"
},
"filename": "happy.js",
"autoupdate": {
"source": "git",
"target": "git://github.com/tc80/a-happy-tyler.git",
"fileMap": [
{
"basePath": "src",
"files": [
"*"
]
}
]
},
"authors": [
{
"name": "Tyler Caslin",
"email": "tylercaslin47@gmail.com"
}
]
} I don't think it'd make sense for this data to live inside the fileMap property as it doesn't inherently need to be tied to the auto-update mechanism -- although we no longer permit it, a library can not have an auto-update config and it makes sense for it to still be able to set attributes on files it has (that've been manually added). To me, it'd make sense to have it be a top-level structure in the JSON that defines attributes for specific files (or globs): {
"name": "a-happy-tyler",
"description": "Tyler is happy. Be like Tyler.",
"keywords": [
"tyler",
"happy"
],
"license": "MIT",
"repository": {
"type": "git",
"url": "git://github.com/tc80/a-happy-tyler.git"
},
"filename": "happy.js",
"autoupdate": {
"source": "git",
"target": "git://github.com/tc80/a-happy-tyler.git",
"fileMap": [
{
"basePath": "src",
"files": [
"*"
]
}
]
},
"attributes": [
{
"file": "test.js",
"attrs": {
"defer": true
}
},
{
"file": "*.@(module.js|mjs)",
"attrs": {
"type": "module"
}
}
],
"authors": [
{
"name": "Tyler Caslin",
"email": "tylercaslin47@gmail.com"
}
]
} We would also want to have an allowlist of extensions that must be at the end of the What do you think of that? |
I like the idea of an
All of the other attributes are for what information to send to the server, such as |
Whoops, I clicked "Close with comment" 😐 |
👍 Those four attributes make sense to me for now -- the first step in making this reality will be to create a PR that updates https://github.com/cdnjs/tools/blob/master/schema_human.json and https://github.com/cdnjs/tools/blob/master/schema_non_human.json to include the schema for the new attributes property :)
We already set
No -- we do not and will not ever support modifying the response sent back for an asset as this would invalidate the SRI hash that we inject. |
Sounds good!
But is there any use setting
Oh cool! I didn't know! |
We don't do anything with it :) |
If someone wants to put a module on CDNJS, then currently when clicking "Copy script tag" it turns out something like this:
what if in the json files describing the file, we could also add other attributes, e.g.
Now clicking "copy script tag" would do this for the file in question:
(oh, and of course only certain attributes would be whitelisted, so that people can't do onerror, or onload)
The text was updated successfully, but these errors were encountered: