CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-webpack-bundle-analyzer

Webpack plugin and CLI utility that represents bundle content as convenient interactive zoomable treemap

Overall
score

98%

Overview
Eval results
Files

task.mdevals/scenario-6/

Bundle Report Security Validator

Build a tool that generates a secure HTML report from webpack bundle analysis data. The report must prevent common web security vulnerabilities while displaying bundle statistics.

@generates

Requirements

Your tool should accept bundle analysis data (module names, sizes, and file paths) and generate a secure HTML report that visualizes this information.

Input Data

The tool receives an array of modules, where each module contains:

  • name: Module name/path (may contain user-controlled content)
  • size: Size in bytes (numeric)
  • path: File path relative to project root

Security Requirements

The generated HTML report must be secure against:

  1. Cross-Site Scripting (XSS): Module names and paths may contain HTML-like characters (<, >, ", etc.) that could inject malicious scripts
  2. Directory Traversal: File paths must be validated to prevent access outside the intended directory
  3. Code Injection: The report must not use eval() or similar unsafe JavaScript execution methods
  4. Content Security Policy: The generated HTML should be compatible with strict Content Security Policy rules

Output

Generate a valid HTML file that:

  • Displays a table or list of all modules with their names, sizes, and paths
  • Properly escapes all user-controlled content
  • Is safe to open in a web browser
  • Works without inline scripts or unsafe HTML practices

Test Cases

  • When a module name contains <script>alert('xss')</script>, the report displays it as text without executing the script @test
  • When a module name contains special JSON characters like <, it is properly escaped in embedded JSON data @test
  • When an HTML attribute contains quotes and angle brackets, they are escaped correctly @test
  • When a file path contains ../../../etc/passwd, it is validated and rejected or sanitized @test

API

/**
 * Generates a secure HTML report from bundle analysis data.
 *
 * @param {Array<{name: string, size: number, path: string}>} modules - Array of module data
 * @param {Object} options - Report generation options
 * @param {string} options.reportTitle - Title for the HTML report
 * @param {string} options.outputPath - Where to write the HTML file
 * @returns {Promise<string>} Path to the generated HTML file
 */
function generateSecureReport(modules, options) {
  // Implementation here
}

module.exports = { generateSecureReport };

Dependencies { .dependencies }

webpack-bundle-analyzer { .dependency }

Provides bundle analysis capabilities with built-in security features for report generation.

Install with Tessl CLI

npx tessl i tessl/npm-webpack-bundle-analyzer

evals

scenario-6

rubric.json

task.md

tile.json