Open danrubel opened 11 years ago
Could we make it just not work? I.e., treat a package: URI as a special kind of URI, not just as a shorthand for a file: URI. Then "package:<packageName>/<absolutePath>" would be the required format, and it would simply not be allowed to reach outside of "lib/packageName".
If we just transform it to a file URI blindly, then all kinds of hackery is possible, so the safest thing is to just not do that.
That makes sense to me. Are there issues open for VM and dart2js to disallow this situation?
Added Editor-AnalysisEngine label.
Removed Editor-AnalysisEngine label.
Has there been any progress on this issue? We need to be consistent with dart2js and the VM.
Set owner to @danrubel.
Removed this from the Later milestone. Added Oldschool-Milestone-Later label.
Added NotPlanned label.
This was miscategerized as an editor issue... reopening and moving to analyzer
Removed Area-Editor, Oldschool-Milestone-Later labels. Added Area-Analyzer, Triaged labels.
Added Analyzer-Hint label.
Two cases, maybe more, where we should warn the user of a bad practice...
1) Traversing into or out of the "lib" directory with a package 2) Traversing out of one package into another
import '../lib/foo.dart'; import 'package:anypkg/../web/bar.dart';