Describe the bug
1. Name Collision
Currently vitepress plugin flattens nested chunk paths by replacig / with _. This will naturally cause name conflict for certain file structures and fail the build with no clear indication of real cause:
.
├─ hello
│ └─ world.md // [name] = hello_world
└─ hello_world.md // [name] = hello_world
This causes build error:
$ npx vitepress build docs
✗ rendering pages...
build error:
Cannot read properties of undefined (reading 'imports')
TypeError: Cannot read properties of undefined (reading 'imports')
at resolvePageImports (file:///home/projects/vite-sffsehzv/node_modules/vitepress/dist/node/chunk-CCYAX98b.js:45416:18)
at renderPage (file:///home/projects/vite-sffsehzv/node_modules/vitepress/dist/node/chunk-CCYAX98b.js:45307:10)
at async pMap.concurrency (file:///home/projects/vite-sffsehzv/node_modules/vitepress/dist/node/chunk-CCYAX98b.js:45542:11)
at async eval (file:///home/projects/vite-sffsehzv/node_modules/vitepress/dist/node/chunk-CCYAX98b.js:4240:20)
2. Unintentional Leak of Unlisted/Private links
Vitepress embeds a global hashmap __VP_HASH_MAP__ to every page containing the normalized file id, which can easily map back to links for the entire site, even if a page is intentionally left unlisted.
Some users might not be aware of this fact, and they might assume it safe to host an unlisted page with complex names to keep it private. This can result in unintentional leaks. In addition, some use cases require public unlisted hosting for limited circulation (e.g. peer review of a draft research paper).
Reproduction
- Name Conflict Reproduction
- Unlisted Page Leak Demo
Expected behavior
- Should build without error since
/hello_world.html and /hello/world.html are both valid URL.
- Should not allow trivial scrapping.
System Info
Additional context
I've drafted a PR that potentially solves both issues.
Validations
Describe the bug
1. Name Collision
Currently vitepress plugin flattens nested chunk paths by replacig
/with_. This will naturally cause name conflict for certain file structures and fail the build with no clear indication of real cause:This causes build error:
2. Unintentional Leak of Unlisted/Private links
Vitepress embeds a global hashmap
__VP_HASH_MAP__to every page containing the normalized file id, which can easily map back to links for the entire site, even if a page is intentionally left unlisted.Some users might not be aware of this fact, and they might assume it safe to host an unlisted page with complex names to keep it private. This can result in unintentional leaks. In addition, some use cases require public unlisted hosting for limited circulation (e.g. peer review of a draft research paper).
Reproduction
Expected behavior
/hello_world.htmland/hello/world.htmlare both valid URL.System Info
Additional context
I've drafted a PR that potentially solves both issues.
Validations