Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: v2 release #6903

Open
wants to merge 645 commits into
base: main
Choose a base branch
from
Open

refactor: v2 release #6903

wants to merge 645 commits into from

Conversation

wmertens
Copy link
Member

@wmertens wmertens commented Sep 22, 2024

This PR is for showing progress on v2, and having installable npm packages.

DO NOT MERGE

The changes are meant to be readable and maintainable, so if things are unclear please let us know.

Copy link

changeset-bot bot commented Sep 22, 2024

🦋 Changeset detected

Latest commit: 6f98088

The changes in this PR will be included in the next version bump.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

Copy link

pkg-pr-new bot commented Sep 23, 2024

Open in Stackblitz

npm i https://pkg.pr.new/QwikDev/qwik/@qwik.dev/core@6903
npm i https://pkg.pr.new/QwikDev/qwik/@qwik.dev/router@6903
npm i https://pkg.pr.new/QwikDev/qwik/eslint-plugin-qwik@6903
npm i https://pkg.pr.new/QwikDev/qwik/create-qwik@6903

commit: 6f98088

Copy link
Contributor

github-actions bot commented Sep 23, 2024

built with Refined Cloudflare Pages Action

⚡ Cloudflare Pages Deployment

Name Status Preview Last Commit
qwik-docs ✅ Ready (View Log) Visit Preview 6f98088

}
errorDiv.setAttribute('q:key', '_error_');
const journal: VNodeJournal = [];
vnode_getDOMChildNodes(journal, vHost).forEach((child) => errorDiv.appendChild(child));

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
is reinterpreted as HTML without escaping meta-characters.
DOM text
is reinterpreted as HTML without escaping meta-characters.
} else if (key === 'value' && key in element) {
(element as any).value = escapeHTML(String(value));
} else if (key === dangerouslySetInnerHTML) {
(element as any).innerHTML = value!;

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
is reinterpreted as HTML without escaping meta-characters.
DOM text
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix AI 2 days ago

To fix the problem, we need to ensure that any text content extracted from the DOM and set as HTML is properly escaped to prevent XSS attacks. The best way to fix this is to use a function that escapes HTML special characters before setting the innerHTML property.

  • We will modify the code to use the escapeHTML function before setting the innerHTML property.
  • Specifically, we will change the line where dangerouslySetInnerHTML is used to ensure the value is escaped.
Suggested changeset 1
packages/qwik/src/core/client/vnode.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/qwik/src/core/client/vnode.ts b/packages/qwik/src/core/client/vnode.ts
--- a/packages/qwik/src/core/client/vnode.ts
+++ b/packages/qwik/src/core/client/vnode.ts
@@ -895,3 +895,3 @@
         } else if (key === dangerouslySetInnerHTML) {
-          (element as any).innerHTML = value!;
+          (element as any).innerHTML = escapeHTML(String(value!));
         } else {
EOF
@@ -895,3 +895,3 @@
} else if (key === dangerouslySetInnerHTML) {
(element as any).innerHTML = value!;
(element as any).innerHTML = escapeHTML(String(value!));
} else {
Copilot is powered by AI and may make mistakes. Always verify output.

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

const insertBefore = journal[idx++] as Element | Text | null;
let newChild: any;
while (idx < length && typeof (newChild = journal[idx]) !== 'number') {
insertParent.insertBefore(newChild, insertBefore);

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
is reinterpreted as HTML without escaping meta-characters.
DOM text
is reinterpreted as HTML without escaping meta-characters.
@wmertens wmertens changed the title refactor: v2 framework rewrite refactor: v2 release Oct 8, 2024
shairez and others added 23 commits October 13, 2024 16:40

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
V2 merge main
Co-authored-by: Jack Shelton <thejackshelton@users.noreply.github.com>
Co-authored-by: Maïeul <maiieul@users.noreply.github.com>
Co-authored-by: Wout Mertens <Wout.Mertens@gmail.com>

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
fix(slots): get the right component frame while processing slots
Co-authored-by: Wout Mertens <Wout.Mertens@gmail.com>

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
fix(render): fix inline component rendering
github-actions bot and others added 30 commits December 13, 2024 22:55

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
V2 Version Packages (alpha)

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
fix permissions for tagging v2 with latest
chore: merge main into v2 + fixups
fix(signals): schedule signal computation and run effects through the scheduler
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants