High severityNVD Advisory· Published Sep 23, 2024· Updated Oct 29, 2024

DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS

CVE-2024-47068

Description

Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from import.meta (e.g., import.meta.url) in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present. Versions 2.79.2, 3.29.5, and 4.22.4 contain a patch for the vulnerability.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
rollupnpm	>= 3.0.0, < 3.29.5	3.29.5
rollupnpm	>= 4.0.0, < 4.22.4	4.22.4
rollupnpm	< 2.79.2	2.79.2

Affected products

Rollup/Rollupv5
Range: >= 3.0.0, < 3.29.5

Patches

2ef77c00ec26

Fix DOM Clobbering CVE

https://github.com/rollup/rollupLukas Taegert-AtkinsonSep 21, 2024via ghsa

commit

39 files changed · +87 −86

src/ast/nodes/MetaProperty.ts+2 −2 modified

@@ -156,7 +156,7 @@ const getRelativeUrlFromDocument = (relativePath: string, umd = false) =>
 	getResolveUrl(
 		`'${escapeId(relativePath)}', ${
 			umd ? `typeof document === 'undefined' ? location.href : ` : ''
-		}document.currentScript && document.currentScript.src || document.baseURI`
+		}document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI`
 	);
 
 const getGenericImportMetaMechanism =
@@ -178,7 +178,7 @@ const getFileUrlFromRelativePath = (path: string) =>
 const getUrlFromDocument = (chunkId: string, umd = false) =>
 	`${
 		umd ? `typeof document === 'undefined' ? location.href : ` : ''
-	}(${DOCUMENT_CURRENT_SCRIPT} && ${DOCUMENT_CURRENT_SCRIPT}.src || new URL('${escapeId(
+	}(${DOCUMENT_CURRENT_SCRIPT} && ${DOCUMENT_CURRENT_SCRIPT}.tagName.toUpperCase() === 'SCRIPT' && ${DOCUMENT_CURRENT_SCRIPT}.src || new URL('${escapeId(
 		chunkId
 	)}', document.baseURI).href)`;

test/chunking-form/samples/asset-needs-code-reference/_expected/cjs/main.js+1 −1 modified

@@ -1,6 +1,6 @@
 'use strict';
 
-var asset2 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/logo2.svg').href : new URL('logo2.svg', document.currentScript && document.currentScript.src || document.baseURI).href);
+var asset2 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/logo2.svg').href : new URL('logo2.svg', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 {
 	const image = document.createElement('img');

test/chunking-form/samples/emit-file/emit-chunk-with-importer/_expected/cjs/main.js+3 −3 modified

@@ -1,5 +1,5 @@
 'use strict';
 
-console.log('no importer', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generated-lib.js').href : new URL('generated-lib.js', document.currentScript && document.currentScript.src || document.baseURI).href));
-console.log('from maim', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generated-lib.js').href : new URL('generated-lib.js', document.currentScript && document.currentScript.src || document.baseURI).href));
-console.log('from nested', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generated-lib2.js').href : new URL('generated-lib2.js', document.currentScript && document.currentScript.src || document.baseURI).href));
+console.log('no importer', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generated-lib.js').href : new URL('generated-lib.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
+console.log('from maim', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generated-lib.js').href : new URL('generated-lib.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
+console.log('from nested', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generated-lib2.js').href : new URL('generated-lib2.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));

test/chunking-form/samples/emit-file/emit-chunk-worker/_expected/cjs/chunks/nested.js+1 −1 modified

@@ -1,7 +1,7 @@
 'use strict';
 
 const getWorkerMessage = () => new Promise(resolve => {
-  const worker = new Worker((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/worker-proxy.js').href : new URL('worker-proxy.js', document.currentScript && document.currentScript.src || document.baseURI).href));
+  const worker = new Worker((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/worker-proxy.js').href : new URL('worker-proxy.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
   worker.onmessage = resolve;
 });

test/chunking-form/samples/emit-file/emit-chunk-worker/_expected/cjs/chunks/worker-proxy.js+1 −1 modified

@@ -1,3 +1,3 @@
 'use strict';
 
-PLACEHOLDER((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/worker.js').href : new URL('worker.js', document.currentScript && document.currentScript.src || document.baseURI).href));
+PLACEHOLDER((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/worker.js').href : new URL('worker.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));

test/chunking-form/samples/emit-file/emit-chunk-worker/_expected/cjs/main.js+1 −1 modified

@@ -3,7 +3,7 @@
 var shared = require('./chunks/shared.js');
 
 const getWorkerMessage = () => new Promise(resolve => {
-  const worker = new Worker((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/chunks/worker-proxy.js').href : new URL('chunks/worker-proxy.js', document.currentScript && document.currentScript.src || document.baseURI).href));
+  const worker = new Worker((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/chunks/worker-proxy.js').href : new URL('chunks/worker-proxy.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
   worker.onmessage = resolve;
 });

test/chunking-form/samples/emit-file/emit-chunk-worklet/_expected/cjs/main.js+1 −1 modified

@@ -2,6 +2,6 @@
 
 var shared = require('./chunks/shared.js');
 
-CSS.paintWorklet.addModule((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/chunks/worklet.js').href : new URL('chunks/worklet.js', document.currentScript && document.currentScript.src || document.baseURI).href));
+CSS.paintWorklet.addModule((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/chunks/worklet.js').href : new URL('chunks/worklet.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
 
 document.body.innerHTML += `<h1 style="background-image: paint(vertical-lines);">color: ${shared.color}, size: ${shared.size}</h1>`;

test/chunking-form/samples/emit-file/reference-files/_expected/cjs/main.js+1 −1 modified

@@ -1,6 +1,6 @@
 'use strict';
 
-var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo1-60bc15c4.svg').href : new URL('assets/logo1-60bc15c4.svg', document.currentScript && document.currentScript.src || document.baseURI).href);
+var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo1-60bc15c4.svg').href : new URL('assets/logo1-60bc15c4.svg', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 function showImage(url) {
 	console.log(url);

test/chunking-form/samples/emit-file/reference-files/_expected/cjs/nested/chunk.js+1 −1 modified

@@ -2,6 +2,6 @@
 
 var main = require('../main.js');
 
-var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/../assets/logo2-fdaa7478.svg').href : new URL('../assets/logo2-fdaa7478.svg', document.currentScript && document.currentScript.src || document.baseURI).href);
+var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/../assets/logo2-fdaa7478.svg').href : new URL('../assets/logo2-fdaa7478.svg', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 main.showImage(logo);

test/chunking-form/samples/emit-file/set-asset-source/_expected/cjs/main.js+8 −8 modified

@@ -1,14 +1,14 @@
 'use strict';
 
-const renderStart = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/renderStart-981aa2ea.txt').href : new URL('assets/renderStart-981aa2ea.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
-const renderStartNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/renderStart.txt').href : new URL('renderStart.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
+const renderStart = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/renderStart-981aa2ea.txt').href : new URL('assets/renderStart-981aa2ea.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
+const renderStartNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/renderStart.txt').href : new URL('renderStart.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 const renderStartNamedImmediately = 'renderStart.txt';
-const bannerNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/banner.txt').href : new URL('banner.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
-const footerNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/footer.txt').href : new URL('footer.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
-const introNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/intro.txt').href : new URL('intro.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
-const outroNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/outro.txt').href : new URL('outro.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
-const renderChunkNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/renderChunk.txt').href : new URL('renderChunk.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
-const generateBundleNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generateBundle.txt').href : new URL('generateBundle.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
+const bannerNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/banner.txt').href : new URL('banner.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
+const footerNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/footer.txt').href : new URL('footer.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
+const introNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/intro.txt').href : new URL('intro.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
+const outroNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/outro.txt').href : new URL('outro.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
+const renderChunkNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/renderChunk.txt').href : new URL('renderChunk.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
+const generateBundleNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generateBundle.txt').href : new URL('generateBundle.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 exports.bannerNamed = bannerNamed;
 exports.footerNamed = footerNamed;

test/chunking-form/samples/import-meta-numeric-paths/_expected/cjs/0/1/nested.js+1 −1 modified

@@ -1,6 +1,6 @@
 'use strict';
 
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
-const url = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('0/1/nested.js', document.baseURI).href));
+const url = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('0/1/nested.js', document.baseURI).href));
 
 exports.url = url;

test/chunking-form/samples/import-meta-url/_expected/cjs/main.js+1 −1 modified

@@ -9,7 +9,7 @@ function log(url) {
 	}
 }
 
-log('main: ' + (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('main.js', document.baseURI).href)));
+log('main: ' + (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('main.js', document.baseURI).href)));
 Promise.resolve().then(function () { return require('./nested/chunk.js'); });
 
 exports.log = log;

test/chunking-form/samples/import-meta-url/_expected/cjs/nested/chunk.js+1 −1 modified

@@ -3,4 +3,4 @@
 var main = require('../main.js');
 
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
-main.log('nested: ' + (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('nested/chunk.js', document.baseURI).href)));
+main.log('nested: ' + (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('nested/chunk.js', document.baseURI).href)));

test/chunking-form/samples/render-chunk/_expected/cjs/chunk-dep2-e49c5bba.js+5 −5 renamed

@@ -1,7 +1,7 @@
 'use strict';
 
 var num = 2;
-console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.src || document.baseURI).href));
+console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
 
 exports.num = num;
 console.log({
@@ -18,24 +18,24 @@ console.log({
   "name": "dep2",
   "type": "chunk",
   "dynamicImports": [],
-  "fileName": "chunk-dep2-8d89c265.js",
+  "fileName": "chunk-dep2-e49c5bba.js",
   "implicitlyLoadedBefore": [],
   "importedBindings": {},
   "imports": [],
   "modules": {
     "**/dep2.js": {
-      "code": "var num = 2;\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.src || document.baseURI).href));",
+      "code": "var num = 2;\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));",
       "originalLength": 19,
       "removedExports": [],
       "renderedExports": [
         "num"
       ],
-      "renderedLength": 269
+      "renderedLength": 330
     }
   },
   "referencedFiles": [
     "asset-test-9f86d081"
   ]
 });
-console.log('all chunks', ["entry-main1-5be92ae4.js","entry-main2-20c5a0f4.js","chunk-dep2-8d89c265.js"])
+console.log('all chunks', ["entry-main1-31317016.js","entry-main2-f63e5752.js","chunk-dep2-e49c5bba.js"])
 console.log('referenced asset in renderChunk', 'asset-test-9f86d081');

test/chunking-form/samples/render-chunk/_expected/cjs/entry-main1-31317016.js+11 −11 renamed

@@ -1,12 +1,12 @@
 'use strict';
 
-var dep2 = require('./chunk-dep2-8d89c265.js');
+var dep2 = require('./chunk-dep2-e49c5bba.js');
 
 var num = 1;
-console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.src || document.baseURI).href));
+console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
 
 console.log(num + dep2.num);
-console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.src || document.baseURI).href));
+console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
 console.log({
   "exports": [],
   "facadeModuleId": "**/main1.js",
@@ -20,37 +20,37 @@ console.log({
   "name": "main1",
   "type": "chunk",
   "dynamicImports": [],
-  "fileName": "entry-main1-5be92ae4.js",
+  "fileName": "entry-main1-31317016.js",
   "implicitlyLoadedBefore": [],
   "importedBindings": {
-    "chunk-dep2-8d89c265.js": [
+    "chunk-dep2-e49c5bba.js": [
       "num"
     ]
   },
   "imports": [
-    "chunk-dep2-8d89c265.js"
+    "chunk-dep2-e49c5bba.js"
   ],
   "modules": {
     "**/dep1.js": {
-      "code": "var num = 1;\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.src || document.baseURI).href));",
+      "code": "var num = 1;\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));",
       "originalLength": 19,
       "removedExports": [],
       "renderedExports": [
         "num"
       ],
-      "renderedLength": 269
+      "renderedLength": 330
     },
     "**/main1.js": {
-      "code": "console.log(num + dep2.num);\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.src || document.baseURI).href));",
+      "code": "console.log(num + dep2.num);\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));",
       "originalLength": 102,
       "removedExports": [],
       "renderedExports": [],
-      "renderedLength": 285
+      "renderedLength": 346
     }
   },
   "referencedFiles": [
     "asset-test-9f86d081"
   ]
 });
-console.log('all chunks', ["entry-main1-5be92ae4.js","entry-main2-20c5a0f4.js","chunk-dep2-8d89c265.js"])
+console.log('all chunks', ["entry-main1-31317016.js","entry-main2-f63e5752.js","chunk-dep2-e49c5bba.js"])
 console.log('referenced asset in renderChunk', 'asset-test-9f86d081');

test/chunking-form/samples/render-chunk/_expected/cjs/entry-main2-f63e5752.js+11 −11 renamed

@@ -1,12 +1,12 @@
 'use strict';
 
-var dep2 = require('./chunk-dep2-8d89c265.js');
+var dep2 = require('./chunk-dep2-e49c5bba.js');
 
 var num = 3;
-console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.src || document.baseURI).href));
+console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
 
 console.log(dep2.num + num);
-console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.src || document.baseURI).href));
+console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
 console.log({
   "exports": [],
   "facadeModuleId": "**/main2.js",
@@ -20,37 +20,37 @@ console.log({
   "name": "main2",
   "type": "chunk",
   "dynamicImports": [],
-  "fileName": "entry-main2-20c5a0f4.js",
+  "fileName": "entry-main2-f63e5752.js",
   "implicitlyLoadedBefore": [],
   "importedBindings": {
-    "chunk-dep2-8d89c265.js": [
+    "chunk-dep2-e49c5bba.js": [
       "num"
     ]
   },
   "imports": [
-    "chunk-dep2-8d89c265.js"
+    "chunk-dep2-e49c5bba.js"
   ],
   "modules": {
     "**/dep3.js": {
-      "code": "var num = 3;\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.src || document.baseURI).href));",
+      "code": "var num = 3;\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));",
       "originalLength": 19,
       "removedExports": [],
       "renderedExports": [
         "num"
       ],
-      "renderedLength": 269
+      "renderedLength": 330
     },
     "**/main2.js": {
-      "code": "console.log(dep2.num + num);\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.src || document.baseURI).href));",
+      "code": "console.log(dep2.num + num);\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-9f86d081').href : new URL('asset-test-9f86d081', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));",
       "originalLength": 102,
       "removedExports": [],
       "renderedExports": [],
-      "renderedLength": 285
+      "renderedLength": 346
     }
   },
   "referencedFiles": [
     "asset-test-9f86d081"
   ]
 });
-console.log('all chunks', ["entry-main1-5be92ae4.js","entry-main2-20c5a0f4.js","chunk-dep2-8d89c265.js"])
+console.log('all chunks', ["entry-main1-31317016.js","entry-main2-f63e5752.js","chunk-dep2-e49c5bba.js"])
 console.log('referenced asset in renderChunk', 'asset-test-9f86d081');

test/chunking-form/samples/resolve-file-url/_expected/cjs/main.js+2 −2 modified

@@ -3,7 +3,7 @@
 const asset$1 = 'resolved';
 const chunk$1 = 'resolved';
 
-const asset = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-unresolved-f4c1e86c.txt').href : new URL('assets/asset-unresolved-f4c1e86c.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
-const chunk = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/nested/chunk2.js').href : new URL('nested/chunk2.js', document.currentScript && document.currentScript.src || document.baseURI).href);
+const asset = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-unresolved-f4c1e86c.txt').href : new URL('assets/asset-unresolved-f4c1e86c.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
+const chunk = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/nested/chunk2.js').href : new URL('nested/chunk2.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 Promise.resolve().then(function () { return require('./nested/chunk.js'); }).then(result => console.log(result, chunk$1, chunk, asset$1, asset));

test/form/samples/configure-file-url/_expected/cjs.js+1 −1 modified

@@ -4,6 +4,6 @@ var asset1 = 'chunkId=cjs.js:moduleId=solved:fileName=assets/asset-solved-230eca
 
 var asset2 = 'resolved';
 
-var asset3 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-unresolved-f4c1e86c.txt').href : new URL('assets/asset-unresolved-f4c1e86c.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
+var asset3 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-unresolved-f4c1e86c.txt').href : new URL('assets/asset-unresolved-f4c1e86c.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 console.log(asset1, asset2, asset3);

test/form/samples/configure-file-url/_expected/iife.js+1 −1 modified

@@ -5,7 +5,7 @@
 
 	var asset2 = 'resolved';
 
-	var asset3 = new URL('assets/asset-unresolved-f4c1e86c.txt', document.currentScript && document.currentScript.src || document.baseURI).href;
+	var asset3 = new URL('assets/asset-unresolved-f4c1e86c.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href;
 
 	console.log(asset1, asset2, asset3);

test/form/samples/configure-file-url/_expected/umd.js+1 −1 modified

@@ -7,7 +7,7 @@
 
 	var asset2 = 'resolved';
 
-	var asset3 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-unresolved-f4c1e86c.txt').href : new URL('assets/asset-unresolved-f4c1e86c.txt', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.src || document.baseURI).href);
+	var asset3 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-unresolved-f4c1e86c.txt').href : new URL('assets/asset-unresolved-f4c1e86c.txt', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 	console.log(asset1, asset2, asset3);

test/form/samples/deconflict-format-specific-globals/_expected/cjs.js+2 −2 modified

@@ -38,7 +38,7 @@ console.log(_interopDefault$1, _interopNamespace$1, module$1, require$1, exports
 
 Promise.resolve().then(function () { return /*#__PURE__*/_interopNamespace(require('external')); }).then(console.log);
 exports.default = 0;
-console.log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));
+console.log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));
 
 function nested1() {
 	const _interopDefault = 1;
@@ -52,7 +52,7 @@ function nested1() {
 
 	Promise.resolve().then(function () { return /*#__PURE__*/_interopNamespace(require('external')); }).then(console.log);
 	exports.default = 1;
-	console.log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));
+	console.log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));
 }
 
 nested1();

test/form/samples/deconflict-format-specific-globals/_expected/iife.js+2 −2 modified

@@ -19,7 +19,7 @@ var bundle = (function (external) {
 
 	import('external').then(console.log);
 	exports.default = 0;
-	console.log((_documentCurrentScript && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
+	console.log((_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
 
 	function nested1() {
 		const _interopDefault = 1;
@@ -33,7 +33,7 @@ var bundle = (function (external) {
 
 		import('external').then(console.log);
 		exports.default = 1;
-		console.log((_documentCurrentScript && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
+		console.log((_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
 	}
 
 	nested1();

test/form/samples/deconflict-format-specific-globals/_expected/umd.js+2 −2 modified

@@ -22,7 +22,7 @@
 
 	import('external').then(console.log);
 	exports.default = 0;
-	console.log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
+	console.log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
 
 	function nested1() {
 		const _interopDefault = 1;
@@ -36,7 +36,7 @@
 
 		import('external').then(console.log);
 		exports.default = 1;
-		console.log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
+		console.log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
 	}
 
 	nested1();

test/form/samples/emit-asset-file/_expected/cjs.js+1 −1 modified

@@ -1,6 +1,6 @@
 'use strict';
 
-var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo-a2a2cdc4.svg').href : new URL('assets/logo-a2a2cdc4.svg', document.currentScript && document.currentScript.src || document.baseURI).href);
+var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo-a2a2cdc4.svg').href : new URL('assets/logo-a2a2cdc4.svg', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 function showImage(url) {
 	console.log(url);

test/form/samples/emit-asset-file/_expected/iife.js+1 −1 modified

@@ -1,7 +1,7 @@
 (function () {
 	'use strict';
 
-	var logo = new URL('assets/logo-a2a2cdc4.svg', document.currentScript && document.currentScript.src || document.baseURI).href;
+	var logo = new URL('assets/logo-a2a2cdc4.svg', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href;
 
 	function showImage(url) {
 		console.log(url);

test/form/samples/emit-asset-file/_expected/umd.js+1 −1 modified

@@ -3,7 +3,7 @@
 	factory();
 })((function () { 'use strict';
 
-	var logo = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo-a2a2cdc4.svg').href : new URL('assets/logo-a2a2cdc4.svg', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.src || document.baseURI).href);
+	var logo = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo-a2a2cdc4.svg').href : new URL('assets/logo-a2a2cdc4.svg', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 	function showImage(url) {
 		console.log(url);

test/form/samples/emit-uint8array-no-buffer/_expected/cjs.js+3 −3 modified

@@ -1,9 +1,9 @@
 'use strict';
 
-var asset1 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-8e3dd2ea').href : new URL('assets/asset-8e3dd2ea', document.currentScript && document.currentScript.src || document.baseURI).href);
+var asset1 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-8e3dd2ea').href : new URL('assets/asset-8e3dd2ea', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
-var asset2 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-75590fc1').href : new URL('assets/asset-75590fc1', document.currentScript && document.currentScript.src || document.baseURI).href);
+var asset2 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-75590fc1').href : new URL('assets/asset-75590fc1', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
-var asset99 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-60cc5dc9').href : new URL('assets/asset-60cc5dc9', document.currentScript && document.currentScript.src || document.baseURI).href);
+var asset99 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-60cc5dc9').href : new URL('assets/asset-60cc5dc9', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 console.log(asset1, asset2, asset99);

test/form/samples/emit-uint8array-no-buffer/_expected/iife.js+3 −3 modified

@@ -1,11 +1,11 @@
 (function () {
 	'use strict';
 
-	var asset1 = new URL('assets/asset-8e3dd2ea', document.currentScript && document.currentScript.src || document.baseURI).href;
+	var asset1 = new URL('assets/asset-8e3dd2ea', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href;
 
-	var asset2 = new URL('assets/asset-75590fc1', document.currentScript && document.currentScript.src || document.baseURI).href;
+	var asset2 = new URL('assets/asset-75590fc1', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href;
 
-	var asset99 = new URL('assets/asset-60cc5dc9', document.currentScript && document.currentScript.src || document.baseURI).href;
+	var asset99 = new URL('assets/asset-60cc5dc9', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href;
 
 	console.log(asset1, asset2, asset99);

test/form/samples/emit-uint8array-no-buffer/_expected/umd.js+3 −3 modified

@@ -3,11 +3,11 @@
 	factory();
 })((function () { 'use strict';
 
-	var asset1 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-8e3dd2ea').href : new URL('assets/asset-8e3dd2ea', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.src || document.baseURI).href);
+	var asset1 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-8e3dd2ea').href : new URL('assets/asset-8e3dd2ea', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
-	var asset2 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-75590fc1').href : new URL('assets/asset-75590fc1', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.src || document.baseURI).href);
+	var asset2 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-75590fc1').href : new URL('assets/asset-75590fc1', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
-	var asset99 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-60cc5dc9').href : new URL('assets/asset-60cc5dc9', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.src || document.baseURI).href);
+	var asset99 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-60cc5dc9').href : new URL('assets/asset-60cc5dc9', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 	console.log(asset1, asset2, asset99);

test/form/samples/import-meta/_expected/cjs.js+1 −1 modified

@@ -1,4 +1,4 @@
 'use strict';
 
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
-console.log(({ url: (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)) }));
+console.log(({ url: (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)) }));

test/form/samples/import-meta/_expected/iife.js+1 −1 modified

@@ -2,6 +2,6 @@
 	'use strict';
 
 	var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
-	console.log(({ url: (_documentCurrentScript && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href) }));
+	console.log(({ url: (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href) }));
 
 })();

test/form/samples/import-meta/_expected/umd.js+1 −1 modified

@@ -4,6 +4,6 @@
 })((function () { 'use strict';
 
 	var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
-	console.log(({ url: (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)) }));
+	console.log(({ url: (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)) }));
 
 }));

test/form/samples/import-meta-url/_expected/cjs.js+1 −1 modified

@@ -9,4 +9,4 @@ function log(url) {
 	}
 }
 
-log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));
+log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));

test/form/samples/import-meta-url/_expected/iife.js+1 −1 modified

@@ -10,6 +10,6 @@
 		}
 	}
 
-	log((_documentCurrentScript && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
+	log((_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
 
 })();

test/form/samples/import-meta-url/_expected/umd.js+1 −1 modified

@@ -12,6 +12,6 @@
 		}
 	}
 
-	log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
+	log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
 
 }));

test/form/samples/resolve-import-meta-url/_expected/cjs.js+2 −2 modified

@@ -5,9 +5,9 @@ console.log('resolved');
 console.log('resolved');
 console.log('resolved');
 
-console.log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));
+console.log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));
 console.log(undefined);
-console.log(({ url: (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)) }));
+console.log(({ url: (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)) }));
 
 console.log('url=cjs.js:resolve-import-meta-url/main.js');
 console.log('privateProp=cjs.js:resolve-import-meta-url/main.js');

test/form/samples/resolve-import-meta-url/_expected/iife.js+2 −2 modified

@@ -6,9 +6,9 @@
 	console.log('resolved');
 	console.log('resolved');
 
-	console.log((_documentCurrentScript && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
+	console.log((_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
 	console.log(undefined);
-	console.log(({ url: (_documentCurrentScript && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href) }));
+	console.log(({ url: (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href) }));
 
 	console.log('url=iife.js:resolve-import-meta-url/main.js');
 	console.log('privateProp=iife.js:resolve-import-meta-url/main.js');

test/form/samples/resolve-import-meta-url/_expected/umd.js+2 −2 modified

@@ -8,9 +8,9 @@
 	console.log('resolved');
 	console.log('resolved');
 
-	console.log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
+	console.log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
 	console.log(undefined);
-	console.log(({ url: (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)) }));
+	console.log(({ url: (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)) }));
 
 	console.log('url=umd.js:resolve-import-meta-url/main.js');
 	console.log('privateProp=umd.js:resolve-import-meta-url/main.js');

test/function/samples/import-meta-url-b/_config.js+2 −1 modified

@@ -7,7 +7,8 @@ module.exports = defineTest({
 	context: {
 		document: {
 			currentScript: {
-				src: source
+				src: source,
+				tagName: 'SCRIPT'
 			}
 		}
 	},

e2552c9e955e

Fix DOM Clobbering CVE (#5671)

https://github.com/rollup/rollupLukas Taegert-AtkinsonSep 21, 2024via ghsa

commit

40 files changed · +93 −91

src/ast/nodes/MetaProperty.ts+3 −3 modified

@@ -1,10 +1,10 @@
 import type MagicString from 'magic-string';
 import type { InternalModuleFormat } from '../../rollup/types';
-import type { PluginDriver } from '../../utils/PluginDriver';
 import { escapeId } from '../../utils/escapeId';
 import type { GenerateCodeSnippets } from '../../utils/generateCodeSnippets';
 import { DOCUMENT_CURRENT_SCRIPT } from '../../utils/interopHelpers';
 import { dirname, normalize, relative } from '../../utils/path';
+import type { PluginDriver } from '../../utils/PluginDriver';
 import type { RenderOptions } from '../../utils/renderHelpers';
 import type { NodeInteraction } from '../NodeInteractions';
 import { INTERACTION_ACCESSED } from '../NodeInteractions';
@@ -158,7 +158,7 @@ const getRelativeUrlFromDocument = (relativePath: string, umd = false) =>
 	getResolveUrl(
 		`'${escapeId(relativePath)}', ${
 			umd ? `typeof document === 'undefined' ? location.href : ` : ''
-		}document.currentScript && document.currentScript.src || document.baseURI`
+		}document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI`
 	);
 
 const getGenericImportMetaMechanism =
@@ -180,7 +180,7 @@ const getFileUrlFromRelativePath = (path: string) =>
 const getUrlFromDocument = (chunkId: string, umd = false) =>
 	`${
 		umd ? `typeof document === 'undefined' ? location.href : ` : ''
-	}(${DOCUMENT_CURRENT_SCRIPT} && ${DOCUMENT_CURRENT_SCRIPT}.src || new URL('${escapeId(
+	}(${DOCUMENT_CURRENT_SCRIPT} && ${DOCUMENT_CURRENT_SCRIPT}.tagName.toUpperCase() === 'SCRIPT' && ${DOCUMENT_CURRENT_SCRIPT}.src || new URL('${escapeId(
 		chunkId
 	)}', document.baseURI).href)`;

test/chunking-form/samples/asset-needs-code-reference/_expected/cjs/main.js+1 −1 modified

@@ -1,6 +1,6 @@
 'use strict';
 
-var asset2 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/logo2.svg').href : new URL('logo2.svg', document.currentScript && document.currentScript.src || document.baseURI).href);
+var asset2 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/logo2.svg').href : new URL('logo2.svg', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 {
 	const image = document.createElement('img');

test/chunking-form/samples/emit-file/emit-chunk-with-importer/_expected/cjs/main.js+3 −3 modified

@@ -1,5 +1,5 @@
 'use strict';
 
-console.log('no importer', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generated-lib.js').href : new URL('generated-lib.js', document.currentScript && document.currentScript.src || document.baseURI).href));
-console.log('from maim', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generated-lib.js').href : new URL('generated-lib.js', document.currentScript && document.currentScript.src || document.baseURI).href));
-console.log('from nested', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generated-lib2.js').href : new URL('generated-lib2.js', document.currentScript && document.currentScript.src || document.baseURI).href));
+console.log('no importer', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generated-lib.js').href : new URL('generated-lib.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
+console.log('from maim', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generated-lib.js').href : new URL('generated-lib.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
+console.log('from nested', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generated-lib2.js').href : new URL('generated-lib2.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));

test/chunking-form/samples/emit-file/emit-chunk-worker/_expected/cjs/chunks/nested.js+1 −1 modified

@@ -1,7 +1,7 @@
 'use strict';
 
 const getWorkerMessage = () => new Promise(resolve => {
-  const worker = new Worker((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/worker-proxy.js').href : new URL('worker-proxy.js', document.currentScript && document.currentScript.src || document.baseURI).href));
+  const worker = new Worker((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/worker-proxy.js').href : new URL('worker-proxy.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
   worker.onmessage = resolve;
 });

test/chunking-form/samples/emit-file/emit-chunk-worker/_expected/cjs/chunks/worker-proxy.js+1 −1 modified

@@ -1,3 +1,3 @@
 'use strict';
 
-PLACEHOLDER((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/worker.js').href : new URL('worker.js', document.currentScript && document.currentScript.src || document.baseURI).href));
+PLACEHOLDER((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/worker.js').href : new URL('worker.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));

test/chunking-form/samples/emit-file/emit-chunk-worker/_expected/cjs/main.js+1 −1 modified

@@ -3,7 +3,7 @@
 var shared = require('./chunks/shared.js');
 
 const getWorkerMessage = () => new Promise(resolve => {
-  const worker = new Worker((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/chunks/worker-proxy.js').href : new URL('chunks/worker-proxy.js', document.currentScript && document.currentScript.src || document.baseURI).href));
+  const worker = new Worker((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/chunks/worker-proxy.js').href : new URL('chunks/worker-proxy.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
   worker.onmessage = resolve;
 });

test/chunking-form/samples/emit-file/emit-chunk-worklet/_expected/cjs/main.js+1 −1 modified

@@ -2,6 +2,6 @@
 
 var shared = require('./chunks/shared.js');
 
-CSS.paintWorklet.addModule((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/chunks/worklet.js').href : new URL('chunks/worklet.js', document.currentScript && document.currentScript.src || document.baseURI).href));
+CSS.paintWorklet.addModule((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/chunks/worklet.js').href : new URL('chunks/worklet.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
 
 document.body.innerHTML += `<h1 style="background-image: paint(vertical-lines);">color: ${shared.color}, size: ${shared.size}</h1>`;

test/chunking-form/samples/emit-file/reference-files/_expected/cjs/main.js+1 −1 modified

@@ -1,6 +1,6 @@
 'use strict';
 
-var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo1-FquQRdV3.svg').href : new URL('assets/logo1-FquQRdV3.svg', document.currentScript && document.currentScript.src || document.baseURI).href);
+var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo1-FquQRdV3.svg').href : new URL('assets/logo1-FquQRdV3.svg', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 function showImage(url) {
 	console.log(url);

test/chunking-form/samples/emit-file/reference-files/_expected/cjs/nested/chunk.js+1 −1 modified

@@ -2,6 +2,6 @@
 
 var main = require('../main.js');
 
-var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/../assets/logo2-DJfvToLT.svg').href : new URL('../assets/logo2-DJfvToLT.svg', document.currentScript && document.currentScript.src || document.baseURI).href);
+var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/../assets/logo2-DJfvToLT.svg').href : new URL('../assets/logo2-DJfvToLT.svg', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 main.showImage(logo);

test/chunking-form/samples/emit-file/set-asset-source/_expected/cjs/main.js+8 −8 modified

@@ -1,14 +1,14 @@
 'use strict';
 
-const renderStart = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/renderStart-B4XObdBk.txt').href : new URL('assets/renderStart-B4XObdBk.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
-const renderStartNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/renderStart.txt').href : new URL('renderStart.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
+const renderStart = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/renderStart-B4XObdBk.txt').href : new URL('assets/renderStart-B4XObdBk.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
+const renderStartNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/renderStart.txt').href : new URL('renderStart.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 const renderStartNamedImmediately = 'renderStart.txt';
-const bannerNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/banner.txt').href : new URL('banner.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
-const footerNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/footer.txt').href : new URL('footer.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
-const introNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/intro.txt').href : new URL('intro.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
-const outroNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/outro.txt').href : new URL('outro.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
-const renderChunkNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/renderChunk.txt').href : new URL('renderChunk.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
-const generateBundleNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generateBundle.txt').href : new URL('generateBundle.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
+const bannerNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/banner.txt').href : new URL('banner.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
+const footerNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/footer.txt').href : new URL('footer.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
+const introNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/intro.txt').href : new URL('intro.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
+const outroNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/outro.txt').href : new URL('outro.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
+const renderChunkNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/renderChunk.txt').href : new URL('renderChunk.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
+const generateBundleNamed = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/generateBundle.txt').href : new URL('generateBundle.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 exports.bannerNamed = bannerNamed;
 exports.footerNamed = footerNamed;

test/chunking-form/samples/import-meta-numeric-paths/_expected/cjs/0/1/nested.js+1 −1 modified

@@ -1,6 +1,6 @@
 'use strict';
 
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
-const url = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('0/1/nested.js', document.baseURI).href));
+const url = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('0/1/nested.js', document.baseURI).href));
 
 exports.url = url;

test/chunking-form/samples/import-meta-url/_expected/cjs/main.js+1 −1 modified

@@ -9,7 +9,7 @@ function log(url) {
 	}
 }
 
-log('main: ' + (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('main.js', document.baseURI).href)));
+log('main: ' + (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('main.js', document.baseURI).href)));
 Promise.resolve().then(function () { return require('./nested/chunk.js'); });
 
 exports.log = log;

test/chunking-form/samples/import-meta-url/_expected/cjs/nested/chunk.js+1 −1 modified

@@ -3,4 +3,4 @@
 var main = require('../main.js');
 
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
-main.log('nested: ' + (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('nested/chunk.js', document.baseURI).href)));
+main.log('nested: ' + (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('nested/chunk.js', document.baseURI).href)));

test/chunking-form/samples/render-chunk/_expected/cjs/chunk-dep2-Cr_zOuBy.js+5 −5 renamed

@@ -1,7 +1,7 @@
 'use strict';
 
 var num = 2;
-console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.src || document.baseURI).href));
+console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
 
 exports.num = num;
 console.log({
@@ -18,24 +18,24 @@ console.log({
   "name": "dep2",
   "type": "chunk",
   "dynamicImports": [],
-  "fileName": "chunk-dep2-DaLIbws0.js",
+  "fileName": "chunk-dep2-Cr_zOuBy.js",
   "implicitlyLoadedBefore": [],
   "importedBindings": {},
   "imports": [],
   "modules": {
     "**/dep2.js": {
-      "code": "var num = 2;\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.src || document.baseURI).href));",
+      "code": "var num = 2;\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));",
       "originalLength": 19,
       "removedExports": [],
       "renderedExports": [
         "num"
       ],
-      "renderedLength": 269
+      "renderedLength": 330
     }
   },
   "referencedFiles": [
     "asset-test-C4X7hChn"
   ]
 });
-console.log('all chunks', ["entry-main1-s6RHXqBe.js","entry-main2-DPo9-iBy.js","chunk-dep2-DaLIbws0.js"])
+console.log('all chunks', ["entry-main1-CW_cw0go.js","entry-main2-CvqsXhWd.js","chunk-dep2-Cr_zOuBy.js"])
 console.log('referenced asset in renderChunk', 'asset-test-C4X7hChn');

test/chunking-form/samples/render-chunk/_expected/cjs/entry-main1-CW_cw0go.js+11 −11 renamed

@@ -1,12 +1,12 @@
 'use strict';
 
-var dep2 = require('./chunk-dep2-DaLIbws0.js');
+var dep2 = require('./chunk-dep2-Cr_zOuBy.js');
 
 var num = 1;
-console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.src || document.baseURI).href));
+console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
 
 console.log(num + dep2.num);
-console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.src || document.baseURI).href));
+console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
 console.log({
   "exports": [],
   "facadeModuleId": "**/main1.js",
@@ -20,37 +20,37 @@ console.log({
   "name": "main1",
   "type": "chunk",
   "dynamicImports": [],
-  "fileName": "entry-main1-s6RHXqBe.js",
+  "fileName": "entry-main1-CW_cw0go.js",
   "implicitlyLoadedBefore": [],
   "importedBindings": {
-    "chunk-dep2-DaLIbws0.js": [
+    "chunk-dep2-Cr_zOuBy.js": [
       "num"
     ]
   },
   "imports": [
-    "chunk-dep2-DaLIbws0.js"
+    "chunk-dep2-Cr_zOuBy.js"
   ],
   "modules": {
     "**/dep1.js": {
-      "code": "var num = 1;\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.src || document.baseURI).href));",
+      "code": "var num = 1;\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));",
       "originalLength": 19,
       "removedExports": [],
       "renderedExports": [
         "num"
       ],
-      "renderedLength": 269
+      "renderedLength": 330
     },
     "**/main1.js": {
-      "code": "console.log(num + dep2.num);\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.src || document.baseURI).href));",
+      "code": "console.log(num + dep2.num);\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));",
       "originalLength": 102,
       "removedExports": [],
       "renderedExports": [],
-      "renderedLength": 285
+      "renderedLength": 346
     }
   },
   "referencedFiles": [
     "asset-test-C4X7hChn"
   ]
 });
-console.log('all chunks', ["entry-main1-s6RHXqBe.js","entry-main2-DPo9-iBy.js","chunk-dep2-DaLIbws0.js"])
+console.log('all chunks', ["entry-main1-CW_cw0go.js","entry-main2-CvqsXhWd.js","chunk-dep2-Cr_zOuBy.js"])
 console.log('referenced asset in renderChunk', 'asset-test-C4X7hChn');

test/chunking-form/samples/render-chunk/_expected/cjs/entry-main2-CvqsXhWd.js+11 −11 renamed

@@ -1,12 +1,12 @@
 'use strict';
 
-var dep2 = require('./chunk-dep2-DaLIbws0.js');
+var dep2 = require('./chunk-dep2-Cr_zOuBy.js');
 
 var num = 3;
-console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.src || document.baseURI).href));
+console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
 
 console.log(dep2.num + num);
-console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.src || document.baseURI).href));
+console.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));
 console.log({
   "exports": [],
   "facadeModuleId": "**/main2.js",
@@ -20,37 +20,37 @@ console.log({
   "name": "main2",
   "type": "chunk",
   "dynamicImports": [],
-  "fileName": "entry-main2-DPo9-iBy.js",
+  "fileName": "entry-main2-CvqsXhWd.js",
   "implicitlyLoadedBefore": [],
   "importedBindings": {
-    "chunk-dep2-DaLIbws0.js": [
+    "chunk-dep2-Cr_zOuBy.js": [
       "num"
     ]
   },
   "imports": [
-    "chunk-dep2-DaLIbws0.js"
+    "chunk-dep2-Cr_zOuBy.js"
   ],
   "modules": {
     "**/dep3.js": {
-      "code": "var num = 3;\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.src || document.baseURI).href));",
+      "code": "var num = 3;\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));",
       "originalLength": 19,
       "removedExports": [],
       "renderedExports": [
         "num"
       ],
-      "renderedLength": 269
+      "renderedLength": 330
     },
     "**/main2.js": {
-      "code": "console.log(dep2.num + num);\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.src || document.baseURI).href));",
+      "code": "console.log(dep2.num + num);\nconsole.log('referenced asset', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/asset-test-C4X7hChn').href : new URL('asset-test-C4X7hChn', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href));",
       "originalLength": 102,
       "removedExports": [],
       "renderedExports": [],
-      "renderedLength": 285
+      "renderedLength": 346
     }
   },
   "referencedFiles": [
     "asset-test-C4X7hChn"
   ]
 });
-console.log('all chunks', ["entry-main1-s6RHXqBe.js","entry-main2-DPo9-iBy.js","chunk-dep2-DaLIbws0.js"])
+console.log('all chunks', ["entry-main1-CW_cw0go.js","entry-main2-CvqsXhWd.js","chunk-dep2-Cr_zOuBy.js"])
 console.log('referenced asset in renderChunk', 'asset-test-C4X7hChn');

test/chunking-form/samples/resolve-file-url/_expected/cjs/main.js+2 −2 modified

@@ -3,7 +3,7 @@
 const asset$1 = 'resolved';
 const chunk$1 = 'resolved';
 
-const asset = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-unresolved-B7Qh6_pN.txt').href : new URL('assets/asset-unresolved-B7Qh6_pN.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
-const chunk = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/nested/chunk2.js').href : new URL('nested/chunk2.js', document.currentScript && document.currentScript.src || document.baseURI).href);
+const asset = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-unresolved-B7Qh6_pN.txt').href : new URL('assets/asset-unresolved-B7Qh6_pN.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
+const chunk = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/nested/chunk2.js').href : new URL('nested/chunk2.js', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 Promise.resolve().then(function () { return require('./nested/chunk.js'); }).then(result => console.log(result, chunk$1, chunk, asset$1, asset));

test/form/samples/configure-file-url/_expected/cjs.js+1 −1 modified

@@ -4,6 +4,6 @@ var asset1 = 'chunkId=cjs.js:moduleId=solved:fileName=assets/asset-solved-DSjIji
 
 var asset2 = 'resolved';
 
-var asset3 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-unresolved-B7Qh6_pN.txt').href : new URL('assets/asset-unresolved-B7Qh6_pN.txt', document.currentScript && document.currentScript.src || document.baseURI).href);
+var asset3 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-unresolved-B7Qh6_pN.txt').href : new URL('assets/asset-unresolved-B7Qh6_pN.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 console.log(asset1, asset2, asset3);

test/form/samples/configure-file-url/_expected/iife.js+1 −1 modified

@@ -5,7 +5,7 @@
 
 	var asset2 = 'resolved';
 
-	var asset3 = new URL('assets/asset-unresolved-B7Qh6_pN.txt', document.currentScript && document.currentScript.src || document.baseURI).href;
+	var asset3 = new URL('assets/asset-unresolved-B7Qh6_pN.txt', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href;
 
 	console.log(asset1, asset2, asset3);

test/form/samples/configure-file-url/_expected/umd.js+1 −1 modified

@@ -7,7 +7,7 @@
 
 	var asset2 = 'resolved';
 
-	var asset3 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-unresolved-B7Qh6_pN.txt').href : new URL('assets/asset-unresolved-B7Qh6_pN.txt', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.src || document.baseURI).href);
+	var asset3 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-unresolved-B7Qh6_pN.txt').href : new URL('assets/asset-unresolved-B7Qh6_pN.txt', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 	console.log(asset1, asset2, asset3);

test/form/samples/deconflict-format-specific-globals/_expected/cjs.js+2 −2 modified

@@ -38,7 +38,7 @@ console.log(_interopDefault$1, _interopNamespace$1, module$1, require$1, exports
 
 Promise.resolve().then(function () { return /*#__PURE__*/_interopNamespace(require('external')); }).then(console.log);
 exports.default = 0;
-console.log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));
+console.log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));
 
 function nested1() {
 	const _interopDefault = 1;
@@ -52,7 +52,7 @@ function nested1() {
 
 	Promise.resolve().then(function () { return /*#__PURE__*/_interopNamespace(require('external')); }).then(console.log);
 	exports.default = 1;
-	console.log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));
+	console.log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));
 }
 
 nested1();

test/form/samples/deconflict-format-specific-globals/_expected/iife.js+2 −2 modified

@@ -19,7 +19,7 @@ var bundle = (function (external) {
 
 	import('external').then(console.log);
 	exports.default = 0;
-	console.log((_documentCurrentScript && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
+	console.log((_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
 
 	function nested1() {
 		const _interopDefault = 1;
@@ -33,7 +33,7 @@ var bundle = (function (external) {
 
 		import('external').then(console.log);
 		exports.default = 1;
-		console.log((_documentCurrentScript && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
+		console.log((_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
 	}
 
 	nested1();

test/form/samples/deconflict-format-specific-globals/_expected/umd.js+2 −2 modified

@@ -22,7 +22,7 @@
 
 	import('external').then(console.log);
 	exports.default = 0;
-	console.log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
+	console.log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
 
 	function nested1() {
 		const _interopDefault = 1;
@@ -36,7 +36,7 @@
 
 		import('external').then(console.log);
 		exports.default = 1;
-		console.log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
+		console.log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
 	}
 
 	nested1();

test/form/samples/emit-asset-file/_expected/cjs.js+2 −2 modified

@@ -1,8 +1,8 @@
 'use strict';
 
-var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo-zDlmrXar.svg').href : new URL('assets/logo-zDlmrXar.svg', document.currentScript && document.currentScript.src || document.baseURI).href);
+var logo = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo-zDlmrXar.svg').href : new URL('assets/logo-zDlmrXar.svg', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
-var logoReverse = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo_reverse\'-DbGK2oiS.svg').href : new URL('assets/logo_reverse\'-DbGK2oiS.svg', document.currentScript && document.currentScript.src || document.baseURI).href);
+var logoReverse = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo_reverse\'-DbGK2oiS.svg').href : new URL('assets/logo_reverse\'-DbGK2oiS.svg', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 function showImage(url) {
 	console.log(url);

test/form/samples/emit-asset-file/_expected/iife.js+2 −2 modified

@@ -1,9 +1,9 @@
 (function () {
 	'use strict';
 
-	var logo = new URL('assets/logo-zDlmrXar.svg', document.currentScript && document.currentScript.src || document.baseURI).href;
+	var logo = new URL('assets/logo-zDlmrXar.svg', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href;
 
-	var logoReverse = new URL('assets/logo_reverse\'-DbGK2oiS.svg', document.currentScript && document.currentScript.src || document.baseURI).href;
+	var logoReverse = new URL('assets/logo_reverse\'-DbGK2oiS.svg', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href;
 
 	function showImage(url) {
 		console.log(url);

test/form/samples/emit-asset-file/_expected/umd.js+2 −2 modified

@@ -3,9 +3,9 @@
 	factory();
 })((function () { 'use strict';
 
-	var logo = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo-zDlmrXar.svg').href : new URL('assets/logo-zDlmrXar.svg', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.src || document.baseURI).href);
+	var logo = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo-zDlmrXar.svg').href : new URL('assets/logo-zDlmrXar.svg', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
-	var logoReverse = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo_reverse\'-DbGK2oiS.svg').href : new URL('assets/logo_reverse\'-DbGK2oiS.svg', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.src || document.baseURI).href);
+	var logoReverse = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/logo_reverse\'-DbGK2oiS.svg').href : new URL('assets/logo_reverse\'-DbGK2oiS.svg', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 	function showImage(url) {
 		console.log(url);

test/form/samples/emit-uint8array-no-buffer/_expected/cjs.js+3 −3 modified

@@ -1,9 +1,9 @@
 'use strict';
 
-var asset1 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-C1v24hPj').href : new URL('assets/asset-C1v24hPj', document.currentScript && document.currentScript.src || document.baseURI).href);
+var asset1 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-C1v24hPj').href : new URL('assets/asset-C1v24hPj', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
-var asset2 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-CtWoGP2A').href : new URL('assets/asset-CtWoGP2A', document.currentScript && document.currentScript.src || document.baseURI).href);
+var asset2 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-CtWoGP2A').href : new URL('assets/asset-CtWoGP2A', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
-var asset99 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-8_Inlget').href : new URL('assets/asset-8_Inlget', document.currentScript && document.currentScript.src || document.baseURI).href);
+var asset99 = (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-8_Inlget').href : new URL('assets/asset-8_Inlget', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 console.log(asset1, asset2, asset99);

test/form/samples/emit-uint8array-no-buffer/_expected/iife.js+3 −3 modified

@@ -1,11 +1,11 @@
 (function () {
 	'use strict';
 
-	var asset1 = new URL('assets/asset-C1v24hPj', document.currentScript && document.currentScript.src || document.baseURI).href;
+	var asset1 = new URL('assets/asset-C1v24hPj', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href;
 
-	var asset2 = new URL('assets/asset-CtWoGP2A', document.currentScript && document.currentScript.src || document.baseURI).href;
+	var asset2 = new URL('assets/asset-CtWoGP2A', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href;
 
-	var asset99 = new URL('assets/asset-8_Inlget', document.currentScript && document.currentScript.src || document.baseURI).href;
+	var asset99 = new URL('assets/asset-8_Inlget', document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href;
 
 	console.log(asset1, asset2, asset99);

test/form/samples/emit-uint8array-no-buffer/_expected/umd.js+3 −3 modified

@@ -3,11 +3,11 @@
 	factory();
 })((function () { 'use strict';
 
-	var asset1 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-C1v24hPj').href : new URL('assets/asset-C1v24hPj', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.src || document.baseURI).href);
+	var asset1 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-C1v24hPj').href : new URL('assets/asset-C1v24hPj', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
-	var asset2 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-CtWoGP2A').href : new URL('assets/asset-CtWoGP2A', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.src || document.baseURI).href);
+	var asset2 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-CtWoGP2A').href : new URL('assets/asset-CtWoGP2A', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
-	var asset99 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-8_Inlget').href : new URL('assets/asset-8_Inlget', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.src || document.baseURI).href);
+	var asset99 = (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__dirname + '/assets/asset-8_Inlget').href : new URL('assets/asset-8_Inlget', typeof document === 'undefined' ? location.href : document.currentScript && document.currentScript.tagName.toUpperCase() === 'SCRIPT' && document.currentScript.src || document.baseURI).href);
 
 	console.log(asset1, asset2, asset99);

test/form/samples/import-meta/_expected/cjs.js+1 −1 modified

@@ -1,4 +1,4 @@
 'use strict';
 
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
-console.log(({ url: (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)) }));
+console.log(({ url: (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)) }));

test/form/samples/import-meta/_expected/iife.js+1 −1 modified

@@ -2,6 +2,6 @@
 	'use strict';
 
 	var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
-	console.log(({ url: (_documentCurrentScript && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href) }));
+	console.log(({ url: (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href) }));
 
 })();

test/form/samples/import-meta/_expected/umd.js+1 −1 modified

@@ -4,6 +4,6 @@
 })((function () { 'use strict';
 
 	var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
-	console.log(({ url: (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)) }));
+	console.log(({ url: (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)) }));
 
 }));

test/form/samples/import-meta-url/_expected/cjs.js+1 −1 modified

@@ -9,4 +9,4 @@ function log(url) {
 	}
 }
 
-log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));
+log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));

test/form/samples/import-meta-url/_expected/iife.js+1 −1 modified

@@ -10,6 +10,6 @@
 		}
 	}
 
-	log((_documentCurrentScript && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
+	log((_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
 
 })();

test/form/samples/import-meta-url/_expected/umd.js+1 −1 modified

@@ -12,6 +12,6 @@
 		}
 	}
 
-	log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
+	log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
 
 }));

test/form/samples/resolve-import-meta-url/_expected/cjs.js+2 −2 modified

@@ -5,9 +5,9 @@ console.log('resolved');
 console.log('resolved');
 console.log('resolved');
 
-console.log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));
+console.log((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)));
 console.log(undefined);
-console.log(({ url: (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)) }));
+console.log(({ url: (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cjs.js', document.baseURI).href)) }));
 
 console.log('url=cjs.js:resolve-import-meta-url/main.js');
 console.log('privateProp=cjs.js:resolve-import-meta-url/main.js');

test/form/samples/resolve-import-meta-url/_expected/iife.js+2 −2 modified

@@ -6,9 +6,9 @@
 	console.log('resolved');
 	console.log('resolved');
 
-	console.log((_documentCurrentScript && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
+	console.log((_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href));
 	console.log(undefined);
-	console.log(({ url: (_documentCurrentScript && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href) }));
+	console.log(({ url: (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('iife.js', document.baseURI).href) }));
 
 	console.log('url=iife.js:resolve-import-meta-url/main.js');
 	console.log('privateProp=iife.js:resolve-import-meta-url/main.js');

test/form/samples/resolve-import-meta-url/_expected/umd.js+2 −2 modified

@@ -8,9 +8,9 @@
 	console.log('resolved');
 	console.log('resolved');
 
-	console.log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
+	console.log((typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)));
 	console.log(undefined);
-	console.log(({ url: (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)) }));
+	console.log(({ url: (typeof document === 'undefined' && typeof location === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : typeof document === 'undefined' ? location.href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('umd.js', document.baseURI).href)) }));
 
 	console.log('url=umd.js:resolve-import-meta-url/main.js');
 	console.log('privateProp=umd.js:resolve-import-meta-url/main.js');

test/function/samples/import-meta-url-b/_config.js+2 −1 modified

@@ -7,7 +7,8 @@ module.exports = defineTest({
 	context: {
 		document: {
 			currentScript: {
-				src: source
+				src: source,
+				tagName: 'SCRIPT'
 			}
 		}
 	},

test/function/samples/import-meta-url-with-compact/_config.js+2 −1 modified

@@ -7,7 +7,8 @@ module.exports = defineTest({
 	context: {
 		document: {
 			currentScript: {
-				src: source
+				src: source,
+				tagName: 'SCRIPT'
 			}
 		}
 	},

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-gcx4-mw62-g8wmghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-47068ghsaADVISORY
github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.tsghsax_refsource_MISCWEB
github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.tsghsax_refsource_MISCWEB
github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4ghsax_refsource_MISCWEB
github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541ghsax_refsource_MISCWEB
github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wmghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.002
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000