chore: more customizing#817
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
PR SummaryLow Risk Overview Configurable document LightningCSS passthrough — Tests cover Reviewed by Cursor Bugbot for commit d5720c8. Bugbot is set up for automated code reviews on this repo. Configure here. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| const renderTag = (tag, attrs) => { | ||
| const rendered = Object.entries(attrs) | ||
| .filter(([, value]) => value != null && value !== false) | ||
| .map(([key, value]) => (value === true ? ` ${key}` : ` ${key}="${value}"`)) |
There was a problem hiding this comment.
Attribute values not HTML-escaped in renderTag
Medium Severity
renderTag interpolates attribute values directly into double-quoted HTML attributes without escaping special characters. A content value containing a double quote (e.g. a project description like The "best" toolkit) produces malformed HTML (content="The "best" toolkit"), breaking the tag and potentially causing the downstream HTML minifier to error or emit garbled output. Ampersands in URLs with query parameters (?a=1&b=2) are also technically invalid. Values need at least " → " and & → & encoding.
Reviewed by Cursor Bugbot for commit 55c78ba. Configure here.
|
cc @nodejs/web-infra |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #817 +/- ##
==========================================
+ Coverage 82.86% 84.33% +1.46%
==========================================
Files 171 172 +1
Lines 14961 15420 +459
Branches 1313 1363 +50
==========================================
+ Hits 12398 13005 +607
+ Misses 2554 2406 -148
Partials 9 9 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using default effort and found 1 potential issue.
There are 2 total unresolved issues (including 1 from previous review).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit c87e6f2. Configure here.
| // User-supplied LightningCSS options (e.g. `visitor`, `customAtRules`), | ||
| // spread into every bundle call below. | ||
| const { lightningcss = {} } = getConfig('web'); | ||
|
|
There was a problem hiding this comment.
CSS cache ignores lightningcss
Medium Severity
The Rolldown CSS plugin caches compiled output in a module-level fileCache keyed only by file path. After lightningcss options are applied in bundleAsync, a later generate in the same Node process can return CSS from an earlier run, so changes to visitor, targets, or other options have no effect until the process restarts.
Reviewed by Cursor Bugbot for commit c87e6f2. Configure here.
|
| File | Base | Head | Diff |
|---|---|---|---|
orama-db.json |
8.84 MB | 8.84 MB | -1.00 B (-0.00%) |
web Generator
| File | Base | Head | Diff |
|---|---|---|---|
all.js |
20.17 MB | 20.17 MB | -140.00 B (-0.00%) |
all.html |
19.74 MB | 19.74 MB | -98.00 B (-0.00%) |
2 participants
Adds more customizability into the
webgenerator, with custom templating and lightningcss options