✨ initial support for attributes

Ryan Patrick Kyle · Ryan Patrick Kyle · commit abde5ae3de65 · 2020-08-26T10:06:31.000-04:00
diff --git a/R/dash.R b/R/dash.R
@@ -45,9 +45,13 @@ Dash <- R6::R6Class(
     #' @param requests_pathname_prefix Character. A prefix applied to request endpoints
     #' made by Dash's front-end. Environment variable is `DASH_REQUESTS_PATHNAME_PREFIX`.
     #' @param external_scripts List. An optional list of valid URLs from which
-    #' to serve JavaScript source for rendered pages.
+    #' to serve JavaScript source for rendered pages. Each entry can be a string (the URL)
+    #' or a list with `src` (the URL) and optionally other `<script>` tag attributes such
+    #' as `integrity` and `crossorigin`.
     #' @param external_stylesheets List. An optional list of valid URLs from which
-    #' to serve CSS for rendered pages.
+    #' to serve CSS for rendered pages. Each entry can be a string (the URL) or a list
+    #' with `href` (the URL) and optionally other `<link>` tag attributes such as 
+    #' `rel`, `integrity` and `crossorigin`.
     #' @param compress Logical. Whether to  try to compress files and data served by Fiery.
     #' By default, `brotli` is attempted first, then `gzip`, then the `deflate` algorithm,
     #' before falling back to `identity`.
@@ -1578,7 +1582,7 @@ Dash <- R6::R6Class(
 
       # collect CSS assets from dependencies
       if (!(is.null(private$asset_map$css))) {
-        css_assets <- generate_css_dist_html(href = paste0(private$assets_url_path, names(private$asset_map$css)),
+        css_assets <- generate_css_dist_html(tagdata = paste0(private$assets_url_path, names(private$asset_map$css)),
                                              local = TRUE,
                                              local_path = private$asset_map$css,
                                              prefix = self$config$requests_pathname_prefix)
@@ -1596,7 +1600,7 @@ Dash <- R6::R6Class(
       # collect JS assets from dependencies
       #
       if (!(is.null(private$asset_map$scripts))) {
-        scripts_assets <- generate_js_dist_html(href = paste0(private$assets_url_path, names(private$asset_map$scripts)),
+        scripts_assets <- generate_js_dist_html(tagdata = paste0(private$assets_url_path, names(private$asset_map$scripts)),
                                                 local = TRUE,
                                                 local_path = private$asset_map$scripts,
                                                 prefix = self$config$requests_pathname_prefix)
diff --git a/R/utils.R b/R/utils.R
@@ -157,7 +157,7 @@ render_dependencies <- function(dependencies, local = TRUE, prefix=NULL) {
     # as in Dash for Python
     if ("script" %in% names(dep) && tools::file_ext(dep[["script"]]) != "map") {
       if (!(is_local) & !(is.null(dep$src$href))) {
-        html <- generate_js_dist_html(href = dep$src$href)
+        html <- generate_js_dist_html(tagdata = dep$src$href)
       } else {
         script_mtime <- file.mtime(getDependencyPath(dep))
         modtime <- as.integer(script_mtime)
@@ -172,7 +172,7 @@ render_dependencies <- function(dependencies, local = TRUE, prefix=NULL) {
                                   "&m=",
                                   modified)
 
-        html <- generate_js_dist_html(href = dep[["script"]], as_is = TRUE)
+        html <- generate_js_dist_html(tagdata = dep[["script"]], as_is = TRUE)
       }
     } else if (!(is_local) & "stylesheet" %in% names(dep) & src == "href") {
       html <- generate_css_dist_html(href = paste(dep[["src"]][["href"]],
@@ -192,20 +192,20 @@ render_dependencies <- function(dependencies, local = TRUE, prefix=NULL) {
                               "?v=",
                               dep$version)
 
-          html <- generate_css_dist_html(href = sheetpath, as_is = TRUE)
+          html <- generate_css_dist_html(tagdata = sheetpath, as_is = TRUE)
         } else {
           sheetpath <- paste0(dep[["src"]][["file"]],
                               dep[["stylesheet"]],
                               "?v=",
                               dep$version)
 
-          html <- generate_css_dist_html(href = sheetpath, as_is = TRUE)
+          html <- generate_css_dist_html(tagdata = sheetpath, as_is = TRUE)
         }
 
       } else {
         sheetpath <- paste0(dep[["src"]][["file"]],
                             dep[["stylesheet"]])
-        html <- generate_css_dist_html(href = sheetpath, as_is = TRUE)
+        html <- generate_css_dist_html(tagdata = sheetpath, as_is = TRUE)
       }
     }
   })
@@ -536,51 +536,98 @@ get_mimetype <- function(filename) {
                             empty = "application/octet-stream"))
 }
 
-generate_css_dist_html <- function(href,
+generate_css_dist_html <- function(tagdata,
                                    local = FALSE,
                                    local_path = NULL,
                                    prefix = NULL,
                                    as_is = FALSE) {
+  attribs <- names(tagdata)
+  allowed_attribs <- c("as",
+                       "crossorigin",
+                       "disabled",
+                       "href",
+                       "hreflang",
+                       "importance",
+                       "integrity",
+                       "media",
+                       "referrerpolicy",
+                       "rel",
+                       "sizes",
+                       "title",
+                       "type",
+                       "methods",
+                       "prefetch",
+                       "target",
+                       "charset",
+                       "rev")
+  if (!all(attribs %in% allowed_attribs)) {
+      stop(sprintf("The following specified stylesheet attributes are invalid: ",
+                    paste0(setdiff(attribs, allowed_attribs), collapse=", ")), call. = FALSE)
+  }
   if (!(local)) {
-    if (grepl("^(?:http(s)?:\\/\\/)?[\\w.-]+(?:\\.[\\w\\.-]+)+[\\w\\-\\._~:/?#[\\]@!\\$&'\\(\\)\\*\\+,;=.]+$",
-        href,
-        perl=TRUE) || as_is) {
-      sprintf("<link href=\"%s\" rel=\"stylesheet\">", href)
+    if (any(grepl("^(?:http(s)?:\\/\\/)?[\\w.-]+(?:\\.[\\w\\.-]+)+[\\w\\-\\._~:/?#[\\]@!\\$&'\\(\\)\\*\\+,;=.]+$",
+        tagdata,
+        perl=TRUE)) || as_is) {
+            if (is.list(tagdata))
+                glue::glue('<link ', glue::glue_collapse(glue::glue('{attribs}="{tagdata}"'), sep=" "), ' rel="stylesheet">')
+            else
+                glue::glue('<link ', glue::glue('href="{tagdata}"'), ' rel="stylesheet">')
     }
     else
       stop(sprintf("Invalid URL supplied in external_stylesheets. Please check the syntax used for this parameter."), call. = FALSE)
   } else {
     # strip leading slash from href if present
+    if (is.list(tagdata))
+      href <- tagdata$src
+    else
+      href <- tagdata    
     href <- sub("^/", "", href)
     modified <- as.integer(file.mtime(local_path))
-    sprintf("<link href=\"%s%s?m=%s\" rel=\"stylesheet\">",
-            prefix,
-            href,
-            modified)
+    glue::glue('<link href="{prefix}{href}?m={modified}" rel="stylesheet">')
   }
 }
 
-generate_js_dist_html <- function(href,
+generate_js_dist_html <- function(tagdata,
                                   local = FALSE,
                                   local_path = NULL,
                                   prefix = NULL,
                                   as_is = FALSE) {
+  attribs <- names(tagdata)
+  allowed_attribs <- c("async",
+                       "crossorigin",
+                       "defer",
+                       "integrity",
+                       "nomodule",
+                       "nonce",
+                       "referrerpolicy",
+                       "src",
+                       "type",
+                       "charset",
+                       "language")
+  if (!all(attribs %in% allowed_attribs)) {
+      stop(sprintf("The following specified script attributes are invalid: ",
+                    paste0(setdiff(attribs, allowed_attribs), collapse=", ")), call. = FALSE)
+  }                                      
   if (!(local)) {
-  if (grepl("^(?:http(s)?:\\/\\/)?[\\w.-]+(?:\\.[\\w\\.-]+)+[\\w\\-\\._~:/?#[\\]@!\\$&'\\(\\)\\*\\+,;=.]+$",
-      href,
-      perl=TRUE) || as_is) {
-      sprintf("<script src=\"%s\"></script>", href)
-    }
+    if (any(grepl("^(?:http(s)?:\\/\\/)?[\\w.-]+(?:\\.[\\w\\.-]+)+[\\w\\-\\._~:/?#[\\]@!\\$&'\\(\\)\\*\\+,;=.]+$",
+        tagdata,
+        perl=TRUE)) || as_is) {
+            if (is.list(tagdata))
+                glue::glue('<script ', glue::glue_collapse(glue::glue('{attribs}="{tagdata}"'), sep=" "), ' ></script>')
+            else
+                glue::glue('<script ', glue::glue('src="{tagdata}"'), ' ></script>')
+        }
     else
       stop(sprintf("Invalid URL supplied. Please check the syntax used for this parameter."), call. = FALSE)
   } else {
     # strip leading slash from href if present
+    if (is.list(tagdata))
+      href <- tagdata$src
+    else
+      href <- tagdata
     href <- sub("^/", "", href)
     modified <- as.integer(file.mtime(local_path))
-    sprintf("<script src=\"%s%s?m=%s\"></script>",
-            prefix,
-            href,
-            modified)
+    glue::glue('<script src="{prefix}{href}?m={modified}" ></script>')
   }
 }
 
diff --git a/man/Dash.Rd b/man/Dash.Rd
