Skip to content

Prevent modules from being imported with a type: 'javascript' assertion#7350

Merged
domenic merged 10 commits intowhatwg:mainfrom
dandclark:dandclark/disallow-type-javascript
Nov 23, 2021
Merged

Prevent modules from being imported with a type: 'javascript' assertion#7350
domenic merged 10 commits intowhatwg:mainfrom
dandclark:dandclark/disallow-type-javascript

Conversation

@dandclark
Copy link
Contributor

@dandclark dandclark commented Nov 19, 2021
edited by pr-preview bot
Loading

Prevent modules from being loaded with a type: 'javascript' assertion. This was the original intent of the import assertions integration, but type: 'javascript' was unintentionally allowed to work due to a bug involving the spec's internal use of the "javascript" module type for JavaScript module scripts.

Chromium already implements the behavior in this PR, i.e. Chromium passes https://github.com/web-platform-tests/wpt/blob/master/html/semantics/scripting-1/the-script-element/import-assertions/invalid-type-assertion-error.html.

Resolves #7342.

/webappapis.html ( diff )

@dandclark dandclark mentioned this pull request Nov 19, 2021
Closed
domenic
domenic approved these changes Nov 19, 2021
View reviewed changes
Copy link
Member

@domenic domenic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, very nice. Will give people some time over the weekend to double-check.

@GeoffreyBooth
Copy link

GeoffreyBooth commented Nov 19, 2021
edited
Loading

I think the spec should include some examples and expected outcomes. It’s not clear to me what the spec intends to happen for each of the following:

const url = 'data:text/javascript,export default "hello"';

import(url);
import(url, { assert: { type: 'javascript' } });
import(url, { assert: { type: '' } });
import(url, { assert: { type: null } });
import(url, { assert: { type: undefined } });

And if 'javascript' is the default type, but users aren’t allowed to specify it, there should be an explanation as to why. I think the explanation could be as simple as “because we want to allow potential future non-JavaScript module formats to not need type assertions.” That explanation would beg the question as to why the default type is 'javascript', but you could also explain that should there be non-JavaScript types allowed to do without an assertion, the default type might be renamed or changed to undefined or null.

GeoffreyBooth
GeoffreyBooth reviewed Nov 19, 2021
View reviewed changes
@GeoffreyBooth GeoffreyBooth mentioned this pull request Nov 20, 2021
Closed
annevk
annevk reviewed Nov 20, 2021
View reviewed changes
GeoffreyBooth
GeoffreyBooth reviewed Nov 23, 2021
View reviewed changes
domenic
domenic reviewed Nov 23, 2021
View reviewed changes
@domenic domenic merged commit c447169 into whatwg:main Nov 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@domenic domenic domenic approved these changes

@annevk annevk annevk left review comments

+1 more reviewer

@GeoffreyBooth GeoffreyBooth GeoffreyBooth left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

topic: script

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Import assertion type: 'javascript'

4 participants

@dandclark @GeoffreyBooth @domenic @annevk