refactor: v2 release #6903
refactor: v2 release #6903
Conversation
🦋 Changeset detectedLatest commit: d848ba5 The changes in this PR will be included in the next version bump. This PR includes no changesetsWhen changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
commit: |
built with Refined Cloudflare Pages Action⚡ Cloudflare Pages Deployment
|
| } | ||
| errorDiv.setAttribute('q:key', '_error_'); | ||
| const journal: VNodeJournal = []; | ||
| vnode_getDOMChildNodes(journal, vHost).forEach((child) => errorDiv.appendChild(child)); |
Check warning
Code scanning / CodeQL
DOM text reinterpreted as HTML Medium
| } else if (key === 'value' && key in element) { | ||
| (element as any).value = escapeHTML(String(value)); | ||
| } else if (key === dangerouslySetInnerHTML) { | ||
| (element as any).innerHTML = value!; |
Check warning
Code scanning / CodeQL
DOM text reinterpreted as HTML Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 3 days ago
To fix the problem, we need to ensure that any data assigned to innerHTML is properly sanitized to prevent XSS attacks. The best way to fix this without changing existing functionality is to use a function that escapes HTML special characters before assigning the value to innerHTML.
- Import or define a function to escape HTML special characters.
- Use this function to sanitize the
valuebefore assigning it toinnerHTML.
| @@ -895,3 +895,3 @@ | ||
| } else if (key === dangerouslySetInnerHTML) { | ||
| (element as any).innerHTML = value!; | ||
| (element as any).innerHTML = escapeHTML(String(value)); | ||
| } else { |
| const insertBefore = journal[idx++] as Element | Text | null; | ||
| let newChild: any; | ||
| while (idx < length && typeof (newChild = journal[idx]) !== 'number') { | ||
| insertParent.insertBefore(newChild, insertBefore); |
Check warning
Code scanning / CodeQL
DOM text reinterpreted as HTML Medium
fix(repl): unbreak
they are not being used
this avoids having to transpile the vite.config.mts file, which sometimes causes eslint errors during builds
fix(v2): various dev fixes
v2: make optimizer async + remove fs
feat(v2): add nesting error file location
V2 Version Packages (alpha)
chore: merge main
fix: wait for QRL to resolve for signal attribute
Revert "fix: wait for QRL to resolve for signal attribute"
fix: input's value is string when passing number
fix: convert destructured array's props to signal
fix(repl): resolve core/internal
…throw fix: retry vnode diffing on promise throw
fix: component props as var props
feat: log a warning instead of throwing an error for server host mismatch error
chore: cleanup and docs fixes
Version Packages (alpha) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
This PR is for showing progress on v2, and having installable npm packages.
DO NOT MERGE
The changes are meant to be readable and maintainable, so if things are unclear please let us know.