core
core copied to clipboard
module-federation
feat(sdk): enable trusted type functionality
Description
If the createScriptHook defines the script.url don't set it in the createScript function itself.
When Trusted Types (https://developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API) are enabled, the script.src value must be a trusted policy, at the point where the script.src is assigned, if it is not a policy an Error will be immediately thrown. For this reason, we defer the assignment of script.src until after the createScriptHook code as executed. The createScriptHook can/should contain the necessary logic for constructing the trusted type policy and assigning it to the script's src attribute.
When trusted types are not enabled, and/or the createScriptHook either isn't defined, or doesn't set the script.src attribute explicitly, the script.src attribute will continue to be set by the createScript function.
Related Issue
https://github.com/web-infra-dev/rspack/issues/6759
Types of changes
- [ ] Docs change / refactoring / dependency upgrade
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
Checklist
- [x] I have added tests to cover my changes.
- [x] All new and existing tests passed.
- [ ] I have updated the documentation.
🦋 Changeset detected
Latest commit: 4e40db9f49b725b43aae9fff91dd61f1264e1cb1
The changes in this PR will be included in the next version bump.
This PR includes changesets to release 38 packages
| Name | Type |
|---|---|
| @module-federation/sdk | Patch |
| @module-federation/devtools | Patch |
| @module-federation/data-prefetch | Patch |
| @module-federation/dts-plugin | Patch |
| @module-federation/enhanced | Patch |
| @module-federation/esbuild | Patch |
| @module-federation/managers | Patch |
| @module-federation/manifest | Patch |
| @module-federation/modern-js | Patch |
| @module-federation/nextjs-mf | Patch |
| @module-federation/node | Patch |
| @module-federation/rspack | Patch |
| @module-federation/runtime | Patch |
| @module-federation/utilities | Patch |
| @module-federation/webpack-bundler-runtime | Patch |
| @module-federation/bridge-react-webpack-plugin | Patch |
| 3008-runtime-remote | Patch |
| host | Patch |
| host-v5 | Patch |
| host-vue3 | Patch |
| remote1 | Patch |
| remote2 | Patch |
| remote3 | Patch |
| remote4 | Patch |
| @module-federation/modernjs | Patch |
| modernjs-ssr-dynamic-nested-remote | Patch |
| modernjs-ssr-dynamic-remote-new-version | Patch |
| modernjs-ssr-dynamic-remote | Patch |
| modernjs-ssr-host | Patch |
| modernjs-ssr-nested-remote | Patch |
| modernjs-ssr-remote-new-version | Patch |
| modernjs-ssr-remote | Patch |
| @module-federation/retry-plugin | Patch |
| @module-federation/runtime-tools | Patch |
| @module-federation/third-party-dts-extractor | Patch |
| @module-federation/bridge-react | Patch |
| @module-federation/bridge-vue3 | Patch |
| @module-federation/bridge-shared | Patch |
Not sure what this means? Click here to learn what changesets are.
Click here if you're a maintainer who wants to add another changeset to this PR
![changeset-bot[bot] avatar](https://avatars.githubusercontent.com/in/28616?v=4 "Published by a pub.dev verified publisher"){kind=small}
Deploy Preview for module-federation-docs ready!
| Name | Link |
|---|---|
| Latest commit | 4e40db9f49b725b43aae9fff91dd61f1264e1cb1 |
| Latest deploy log | https://app.netlify.com/sites/module-federation-docs/deploys/67069eb28018fb00080bf4f8 |
| Deploy Preview | https://deploy-preview-2974--module-federation-docs.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site configuration.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}