Use relative links for serving internal assets

webpack-contrib · Apr 11, 2019 · ed99c32 · ed99c32
1 parent 3ce1b8c
commit ed99c32
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/src/viewer.js b/src/viewer.js
@@ -14,6 +14,7 @@ const Logger = require('./Logger');
 const analyzer = require('./analyzer');
 
 const projectRoot = path.resolve(__dirname, '..');
+const assetsRoot = path.join(projectRoot, 'public');
 
 module.exports = {
   startServer,
@@ -169,7 +170,13 @@ async function generateReport(bundleStats, opts) {
 }
 
 function getAssetContent(filename) {
-  return fs.readFileSync(`${projectRoot}/public/${filename}`, 'utf8');
+  const assetPath = path.join(assetsRoot, filename);
+
+  if (!assetPath.startsWith(assetsRoot)) {
+    throw new Error(`"${filename}" is outside of the assets root`);
+  }
+
+  return fs.readFileSync(assetPath, 'utf8');
 }
 
 /**

diff --git a/views/script.ejs b/views/script.ejs
@@ -4,5 +4,5 @@
     <%- escapeScript(assetContent(filename)) %>
   </script>
 <% } else { %>
-  <script src="/<%= filename %>"></script>
+  <script src="<%= filename %>"></script>
 <% } %>