Comments (2)
adamstep
commented on July 21, 2024
Some exploration of changes that may not be backwards compatible, we will need to investigate more:
xmldom changes:
https://github.com/xmldom/xmldom/releases/tag/0.5.0
- Improve error reporting; throw on duplicate attribute
- BREAKING CHANGE: It is currently not clear how to consistently deal with duplicate attributes, so it's also safer for our users to fail when detecting them.
- It's possible to configure the DOMParser.errorHandler before parsing, to handle those errors differently.
https://github.com/xmldom/xmldom/releases/tag/0.8.0
- Normalize all line endings according to XML specs 1.0 and 1.1
- BREAKING CHANGE: Certain combination of line break characters are normalized to a single \n before parsing takes place and will no longer be preserved.
- #303 / #307
- #49, #97, #324 / #314
- XMLSerializer: Preserve whitespace character references #284 / #310
- BREAKING CHANGE: If you relied on the not spec compliant preservation of literal \t, \n or \r in attribute values.
- To preserve those you will have to create XML that instead contains the correct numerical (or hexadecimal) equivalent (e.g. , , ).
- Drop deprecated exports DOMImplementation and XMLSerializer from lib/dom-parser.js #53 / #309
- BREAKING CHANGE: Use the one provided by the main package export.
- dom: Remove all links as part of removeChild #343 / #355
https://github.com/xmldom/xmldom/releases/tag/0.9.0-beta.1
- BREAKING CHANGE: Correct the return type of DOMParser.parseFromString to Document | undefined. In case of parsing errors it was always possible that "the returned Document" has not been created. In case you are using Typescript you now need to handle those cases.
- BREAKING CHANGE: The instance property DOMParser.options is no longer available, instead use the individual readonly property per option (assign, domHandler, errorHandler, normalizeLineEndings, locator, xmlns). Those also provides the default value if the option was not passed. The 'locator' option is now just a boolean (default remains true).
https://github.com/xmldom/xmldom/releases/tag/0.7.7
- Security: Prevent inserting DOM nodes when they are not well-formed CVE-2022-39353
- In case such a DOM would be created, the part that is not well-formed will be transformed into text nodes, in which xml specific characters like < and > are encoded accordingly.
- In the upcoming version 0.9.0 those text nodes will no longer be added and an error will be thrown instead.
- This change can break your code, if you relied on this behavior, e.g. multiple root elements in the past. We consider it more important to align with the specs that we want to be aligned with, considering the potential security issues that might derive from people not being aware of the difference in behavior.
- Related Spec: https://dom.spec.whatwg.org/#concept-node-ensure-pre-insertion-validity
from hyperview.
adamstep
commented on July 21, 2024
We could potentially upgrade to 0.7.7 as recommended, to avoid expanding the test surface area in the 0.8 an 0.9 releases.
from hyperview.
Related Issues (20)
- Web too ? HOT 3
- Date field value is not always YYYY-MM-DD HOT 1
- Incomplete documentation of Hyperview component HOT 1
- What would be a good way to trigger a tree update but from outside of XML? HOT 3
- Example app: Navigation to home doesn't work. HOT 3
- Example app: Scroll to list item doesn't work HOT 4
- Is _web_ URL routing (and reverse routing) supported? HOT 1
- <Image /> Local URL not working HOT 1
- Support connecting external navigation for screen with undefined navigation parameters HOT 2
- `trigger="visible"` behaviour is different on iOS than on Android when navigating screens using react-navigation HOT 3
- xmldom parserError - How to debug HOT 5
- Document fragments HOT 1
- django-hyperview package HOT 1
- Scroll indicator is shown for `<view trigger="refresh" scroll="true" shows-scroll-indicator="false"/>` HOT 5
- Congratulations on a 1000 stars. HOT 1
- Debounce not working with with `change` tigger. HOT 3
- Style and design systems HOT 1
- TypeScript types do not seem to be published with the NPM package. HOT 6
- Spelling/grammar mistake on hyperview.org HOT 1
- List refresh control does not follow orientation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hyperview.