Merge pull request #552 from coderoad/replace-jsdom

replace jsdom

Author: ShMcK

.vscodeignore

@@ -9,7 +9,6 @@ vsc-extension-quickstart.md
 ## Modules
 node_modules/**
 !node_modules/fsevents/**
-!node_modules/jsdom/**
 
 ## TypeScript
 **/tsconfig.json

package.json

@@ -31,7 +31,7 @@
     "package": "./scripts/package.sh",
     "storybook": "yarn --cwd web-app storybook",
     "test": "jest",
-    "esbuild-base": "esbuild ./src/extension.ts --bundle --outfile=build/extension.js --external:vscode --external:fsevents --external:jsdom --format=cjs --platform=node",
+    "esbuild-base": "esbuild ./src/extension.ts --bundle --outfile=build/extension.js --external:vscode --external:fsevents --format=cjs --platform=node",
     "esbuild": "npm run esbuild-base -- --sourcemap",
     "esbuild-watch": "npm run esbuild-base -- --sourcemap --watch",
     "test-compile": "tsc -watch -p ./"
@@ -42,7 +42,6 @@
     "eslint": "7.32.0",
     "git-url-parse": "11.6.0",
     "jest": "27.3.1",
-    "jsdom": "18.1.1",
     "node-fetch": "2.6.6",
     "semver": "7.3.5",
     "ts-jest": "27.0.7",

src/services/webview/render.ts

@@ -1,4 +1,3 @@
-import { JSDOM } from 'jsdom'
 import * as path from 'path'
 import * as vscode from 'vscode'
 import { asyncReadFile } from '../node'
@@ -14,39 +13,64 @@ const getNonce = (): string => {
   return text
 }
 
+/**
+ * render
+ * configures the index.html into a webview panel
+ *
+ * React + webpack generate a number of files that are injected on build time
+ * and must be accommodated for the webview using a vscode:// path.
+ *
+ * Modified paths include
+ * - /static/js/x.chunk.js
+ * - /static/js/main.chunk.js
+ * - runtime-main.js
+ * - /static/css/x.chunk.css
+ * - /static/css/main.chunk.css
+ *
+ * This function also:
+ * - modifies the base href of the index.html to be the root of the workspace
+ * - manages the CSP policy for all the loaded files
+ */
 async function render(panel: vscode.WebviewPanel, rootPath: string): Promise<void> {
+  // generate vscode-resource build path uri
+  const createUri = (_filePath: string): any => {
+    const filePath = (_filePath.startsWith('vscode') ? _filePath.substr(16) : _filePath).replace('///', '\\')
+
+    // @ts-ignore
+    return panel.webview.asWebviewUri(vscode.Uri.file(path.join(rootPath, filePath)))
+  }
+
   try {
     // load copied index.html from web app build
-    const dom = await JSDOM.fromFile(path.join(rootPath, 'index.html'))
-    const { document } = dom.window
+    let html = await asyncReadFile(path.join(rootPath, 'index.html'), 'utf8')
 
-    // set base href
-    const base: HTMLBaseElement = document.createElement('base')
-    base.href = `${vscode.Uri.file(path.join(rootPath, 'build')).with({ scheme: 'vscode-resource' })}`
-
-    document.head.appendChild(base)
+    // set base href at top of <head>
+    const baseHref = `${vscode.Uri.file(path.join(rootPath, 'build')).with({ scheme: 'vscode-resource' })}`
+    html = html.replace('<head>', `<head><base href="${baseHref}" />`)
 
     // used for CSP
     const nonces: string[] = []
     const hashes: string[] = []
 
-    // generate vscode-resource build path uri
-    const createUri = (_filePath: string): any => {
-      const filePath = (_filePath.startsWith('vscode') ? _filePath.substr(16) : _filePath).replace('///', '\\')
-
-      // @ts-ignore
-      return panel.webview.asWebviewUri(vscode.Uri.file(path.join(rootPath, filePath)))
+    // fix paths for react static scripts to use vscode-resource paths
+    var jsBundleChunkRegex = /\/static\/js\/[\d].[^"]*\.js/g
+    var jsBundleChunk: RegExpExecArray | null = jsBundleChunkRegex.exec(html)
+    if (jsBundleChunk) {
+      const nonce: string = getNonce()
+      nonces.push(nonce)
+      const src = createUri(jsBundleChunk[0])
+      // replace script src, add nonce
+      html = html.replace(jsBundleChunk[0], `${src}" nonce="${nonce}`)
     }
 
-    // fix paths for scripts
-    const scripts: HTMLScriptElement[] = Array.from(document.getElementsByTagName('script'))
-    for (const script of scripts) {
-      if (script.src) {
-        const nonce: string = getNonce()
-        nonces.push(nonce)
-        script.nonce = nonce
-        script.src = createUri(script.src)
-      }
+    var mainBundleChunkRegex = /\/static\/js\/main.[^"]*\.js/g
+    var mainBundleChunk: RegExpExecArray | null = mainBundleChunkRegex.exec(html)
+    if (mainBundleChunk) {
+      const nonce: string = getNonce()
+      nonces.push(nonce)
+      const src = createUri(mainBundleChunk[0])
+      // replace script src, add nonce
+      html = html.replace(mainBundleChunk[0], `${src}" nonce="${nonce}`)
     }
 
     // support additional CSP exemptions when CodeRoad is embedded
@@ -61,43 +85,45 @@ async function render(panel: vscode.WebviewPanel, rootPath: string): Promise<voi
       }
     }
 
-    // add run-time script from webpack
-    const runTimeScript = document.createElement('script')
-    runTimeScript.nonce = getNonce()
-    nonces.push(runTimeScript.nonce)
-
     // note: file cannot be imported or results in esbuild error. Easier to read it.
     let manifest
     try {
       const manifestPath = path.join(rootPath, 'asset-manifest.json')
-      console.log(manifestPath)
       const manifestFile = await asyncReadFile(manifestPath, 'utf8')
       manifest = JSON.parse(manifestFile)
     } catch (e) {
       throw new Error('Failed to read manifest file')
     }
 
-    runTimeScript.src = createUri(manifest.files['runtime-main.js'])
-    document.body.appendChild(runTimeScript)
+    // add run-time script from webpack at top of <body>
+    const runtimeNonce = getNonce()
+    nonces.push(runtimeNonce)
+    const runtimeSrc = createUri(manifest.files['runtime-main.js'])
+    html = html.replace('<body>', `<body><script src="${runtimeSrc}" nonce="${runtimeNonce}"></script>`)
+
+    var cssBundleChunkRegex = /\/static\/css\/[\d].[^"]*\.css/g
+    var cssBundleChunk: RegExpExecArray | null = cssBundleChunkRegex.exec(html)
+    if (cssBundleChunk) {
+      const href = createUri(cssBundleChunk[0])
+      // replace script src, add nonce
+      html = html.replace(cssBundleChunk[0], href)
+    }
 
-    // fix paths for links
-    const styles: HTMLLinkElement[] = Array.from(document.getElementsByTagName('link'))
-    for (const style of styles) {
-      if (style.href) {
-        style.href = createUri(style.href)
-      }
+    var mainCssBundleChunkRegex = /\/static\/css\/main.[^"]*\.css/g
+    var mainCssBundleChunk: RegExpExecArray | null = mainCssBundleChunkRegex.exec(html)
+    if (mainCssBundleChunk) {
+      const href = createUri(mainCssBundleChunk[0])
+      // replace script src, add nonce
+      html = html.replace(mainCssBundleChunk[0], href)
     }
 
     // set CSP (content security policy) to grant permission to local files
     // while blocking unexpected malicious network requests
-    const cspMeta: HTMLMetaElement = document.createElement('meta')
-    cspMeta.httpEquiv = 'Content-Security-Policy'
-
     const wrapInQuotes = (str: string) => `'${str}'`
     const nonceString = nonces.map((nonce: string) => wrapInQuotes(`nonce-${nonce}`)).join(' ')
     const hashString = hashes.map(wrapInQuotes).join(' ')
 
-    cspMeta.content =
+    const cspMetaString =
       [
         `default-src 'self'`,
         `manifest-src ${hashString} 'self'`,
@@ -110,10 +136,8 @@ async function render(panel: vscode.WebviewPanel, rootPath: string): Promise<voi
         // @ts-ignore
         `style-src ${panel.webview.cspSource} https: 'self' 'unsafe-inline'`,
       ].join('; ') + ';'
-    document.head.appendChild(cspMeta)
-
-    // stringify dom
-    const html = dom.serialize()
+    // add CSP to end of <head>
+    html = html.replace('</head>', `<meta http-equiv="Content-Security-Policy" content="${cspMetaString}" /></head>`)
 
     // set view
     panel.webview.html = html

web-app/public/index.html

@@ -1,6 +1,7 @@
 <!DOCTYPE html>
 <html lang="en">
   <head>
+    <!-- INJECT_BASE -->
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
     <meta name="theme-color" content="#000000" />
@@ -47,6 +48,7 @@
         }
       }
     </script>
+    <!-- INJECT_CSP -->
   </head>
 
   <body>
@@ -68,5 +70,6 @@ <h3 id="coderoad-message">
       To begin the development, run `npm start` or `yarn start`.
       To create a production bundle, use `npm run build` or `yarn build`.
     -->
+    <!-- INJECT_SCRIPT -->
   </body>
 </html>