packaton 0.0.14 → 0.0.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/package.json +1 -1
- package/src/plugins-prod/HtmlCompiler.js +32 -6
package/README.md
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
# Packaton WIP
|
|
2
2
|
|
|
3
|
-
Static
|
|
3
|
+
Static Site Generator (SSG). Inlines CSS and JS and
|
|
4
|
+
creates a header file with their corresponding CSP hashes.
|
|
4
5
|
|
|
5
6
|
## Limitations
|
|
6
7
|
- `src` and `href` URLs must be absolute
|
|
7
|
-
- can't write inline scripts or css (all must be in an external file, packaton inlines them)
|
|
8
8
|
- must have an index
|
|
9
9
|
- Ignored Documents start with `_`, so you can't have routes that begin with _
|
|
10
10
|
- Non-Documents and Files outside config.assetsDir are not automatically copied over,
|
package/package.json
CHANGED
|
@@ -69,14 +69,24 @@ export class HtmlCompiler {
|
|
|
69
69
|
.map(([, body]) => body)
|
|
70
70
|
.join('\n'))
|
|
71
71
|
|
|
72
|
+
this.scriptsModuleJs = await Promise.all(scripts
|
|
73
|
+
.filter(([type]) => type === 'module')
|
|
74
|
+
.map(([, body]) => this.#minifyJS(body)))
|
|
75
|
+
|
|
76
|
+
this.scriptsNonJs = scripts.filter(([type]) => type !== 'application/javascript' && type !== 'module')
|
|
77
|
+
|
|
72
78
|
this.scriptsNonJs = scripts
|
|
73
|
-
.filter(([type]) => type !== 'application/javascript')
|
|
79
|
+
.filter(([type]) => type !== 'application/javascript' && type !== 'module')
|
|
74
80
|
|
|
75
81
|
if (this.scriptsJs)
|
|
76
|
-
this.html = this.html.replace('</body>',
|
|
77
|
-
|
|
82
|
+
this.html = this.html.replace('</body>', `\n<script>${this.scriptsJs}</script></body>`)
|
|
83
|
+
|
|
84
|
+
for (const body of this.scriptsModuleJs)
|
|
85
|
+
this.html = this.html.replace('</body>', `\n<script type="module">${body}</script></body>`)
|
|
86
|
+
|
|
78
87
|
for (const [type, body] of this.scriptsNonJs)
|
|
79
88
|
this.html = this.html.replace('</body>', `\n<script type="${type}">${body}</script></body>`)
|
|
89
|
+
|
|
80
90
|
}
|
|
81
91
|
|
|
82
92
|
csp() {
|
|
@@ -86,14 +96,19 @@ export class HtmlCompiler {
|
|
|
86
96
|
const jsScriptHash = this.scriptsJs
|
|
87
97
|
? `'${this.hash256(this.scriptsJs)}'`
|
|
88
98
|
: '' // TODO maybe self?
|
|
89
|
-
|
|
90
|
-
|
|
99
|
+
|
|
100
|
+
const jsModulesHashes = this.scriptsModuleJs.map(body => `'${this.hash256(body)}'`).join(' ')
|
|
101
|
+
|
|
102
|
+
const nonJsScriptHashes = this.scriptsNonJs.map(([, body]) => `'${this.hash256(body)}'`).join(' ')
|
|
103
|
+
|
|
91
104
|
const externalScriptHashes = this.externalScripts.map(url => `${new URL(url).origin}`).join(' ')
|
|
105
|
+
|
|
106
|
+
const inlineScriptsHashes = this.extractInlineScripts().map(body => `'${this.hash256(body)}'`).join(' ')
|
|
92
107
|
return [
|
|
93
108
|
`default-src 'self'`,
|
|
94
109
|
`img-src 'self' data:`, // data: is for Safari's video player icons and for CSS bg images
|
|
95
110
|
`style-src ${cssHash}`,
|
|
96
|
-
`script-src ${nonJsScriptHashes} ${jsScriptHash} ${externalScriptHashes}`,
|
|
111
|
+
`script-src-elem ${nonJsScriptHashes} ${jsScriptHash} ${jsModulesHashes} ${externalScriptHashes} ${inlineScriptsHashes} 'self'`,
|
|
97
112
|
`frame-ancestors 'none'`
|
|
98
113
|
].join('; ')
|
|
99
114
|
}
|
|
@@ -133,4 +148,15 @@ export class HtmlCompiler {
|
|
|
133
148
|
]
|
|
134
149
|
})
|
|
135
150
|
}
|
|
151
|
+
|
|
152
|
+
extractInlineScripts() {
|
|
153
|
+
const reExtractInlineScripts = /<script\b([^>]*?)>([\s\S]*?)<\/script>/g
|
|
154
|
+
return Array.from(this.html.matchAll(reExtractInlineScripts), m => {
|
|
155
|
+
const attrs = m[1]
|
|
156
|
+
const body = m[2]
|
|
157
|
+
return attrs.includes('src=')
|
|
158
|
+
? null
|
|
159
|
+
: body
|
|
160
|
+
}).filter(Boolean)
|
|
161
|
+
}
|
|
136
162
|
}
|