Skip to content

docs(GltfLoader): document Promise requirement, rejection propagation, and add @param/@returns to resolveUri #408

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ormidales merged 2 commits into from
Apr 2, 2026
Merged

docs(GltfLoader): document Promise requirement, rejection propagation, and add @param/@returns to resolveUri #408

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
72731a4
Initial plan
Copilot Apr 2, 2026
d1c8ed8
docs: improve resolveUri JSDoc with Promise requirement, rejection pr…
Copilot Apr 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 12 additions & 4 deletions src/core/GltfLoader.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,12 +130,20 @@ export interface GltfLoaderOptions {
* @security Never perform additional URI decoding or resolution inside this callback.
* The loader has already validated and best-effort percent-decoded the URI;
* re-decoding may re-introduce path-traversal or SSRF vulnerabilities.
* If percent-decoding fails due to invalid percent-encoding, the original URI string
* (with invalid sequences preserved) may be passed to this callback.
*
* Callback invoked to resolve external buffer URIs referenced by the glTF asset.
* Receives a URI string and must return the corresponding binary data.
* Optional async callback invoked to resolve external buffer URIs referenced by the
* glTF asset (non-`data:` references found in `buffers[].uri`).
* Required when loading plain `.gltf` files that reference external `.bin` files.
*
* The callback **must** return a `Promise` that resolves to the raw bytes of the
* referenced buffer. Rejections propagate directly from `loadGltf`.
*
* @param uri The raw URI string extracted from the glTF JSON, already validated
* against the loader's URI whitelist and best-effort percent-decoded. If
* percent-decoding fails due to invalid percent-encoding, the original URI string
* (with invalid sequences preserved) may be passed instead. Do **not** perform
* additional URI resolution or decoding inside this callback.
Comment thread
ormidales marked this conversation as resolved.
* @returns A `Promise` resolving to the buffer's raw bytes as an `ArrayBuffer`.
*/
resolveUri?: (uri: string) => Promise<ArrayBuffer>;
/**
Expand Down
18 changes: 18 additions & 0 deletions tests/gltf.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2365,6 +2365,24 @@ describe('GltfLoaderOptions JSDoc', () => {
expect(gltfLoaderSource).toContain('percent-decoded');
});

it('resolveUri JSDoc explicitly states the callback must return a Promise', () => {
expect(gltfLoaderSource).toContain('must** return a `Promise`');
});

it('resolveUri JSDoc documents that rejections propagate from loadGltf', () => {
expect(gltfLoaderSource).toContain('Rejections propagate directly from `loadGltf`');
});

it('resolveUri JSDoc has a @param uri tag', () => {
const resolveUriJsDoc = extractPrecedingJsDoc(gltfLoaderSource, 'resolveUri?:');
expect(resolveUriJsDoc).toContain('@param uri');
});

it('resolveUri JSDoc has a @returns tag', () => {
const resolveUriJsDoc = extractPrecedingJsDoc(gltfLoaderSource, 'resolveUri?:');
expect(resolveUriJsDoc).toContain('@returns');
});

it('resolveUri JSDoc has @security tag at the top of the comment block', () => {
const resolveUriIndex = gltfLoaderSource.indexOf('resolveUri?:');
expect(resolveUriIndex).toBeGreaterThan(-1);
Expand Down
Loading