Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: v2 release #6903

Open
wants to merge 658 commits into
base: main
Choose a base branch
from
Open

refactor: v2 release #6903

wants to merge 658 commits into from

Conversation

wmertens
Copy link
Member

@wmertens wmertens commented Sep 22, 2024
edited
Loading

This PR is for showing progress on v2, and having installable npm packages.

DO NOT MERGE

The changes are meant to be readable and maintainable, so if things are unclear please let us know.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Sep 22, 2024
edited
Loading

🦋 Changeset detected

Latest commit: c029c32

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 5 packages
Name Type
@qwik.dev/core Patch
eslint-plugin-qwik Patch
@qwik.dev/react Patch
@qwik.dev/router Patch
create-qwik Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@pkg-pr-new pkg.pr.new
Copy link

pkg-pr-new bot commented Sep 23, 2024
edited
Loading

Open in Stackblitz

npm i https://pkg.pr.new/QwikDev/qwik/@qwik.dev/core@6903

npm i https://pkg.pr.new/QwikDev/qwik/@qwik.dev/router@6903

npm i https://pkg.pr.new/QwikDev/qwik/eslint-plugin-qwik@6903

npm i https://pkg.pr.new/QwikDev/qwik/create-qwik@6903

commit: c029c32

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 23, 2024
edited
Loading

built with Refined Cloudflare Pages Action

⚡ Cloudflare Pages Deployment

Name Status Preview Last Commit
qwik-docs ✅ Ready (View Log) Visit Preview c029c32

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 26, 2024
View reviewed changes
packages/qwik/src/core/client/dom-container.ts
}
errorDiv.setAttribute('q:key', '_error_');
const journal: VNodeJournal = [];
vnode_getDOMChildNodes(journal, vHost).forEach((child) => errorDiv.appendChild(child));

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
packages/qwik/src/core/client/vnode.ts
} else if (key === 'value' && key in element) {
(element as any).value = escapeHTML(String(value));
} else if (key === dangerouslySetInnerHTML) {
(element as any).innerHTML = value!;

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix AI 10 days ago

To fix the problem, we need to ensure that any text content extracted from the DOM and set as HTML is properly escaped to prevent XSS attacks. The best way to fix this is to use a function that escapes HTML special characters before setting the innerHTML property.

  • We will modify the code to use the escapeHTML function before setting the innerHTML property.
  • Specifically, we will change the line where dangerouslySetInnerHTML is used to ensure the value is escaped.
Suggested changeset 1
packages/qwik/src/core/client/vnode.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/qwik/src/core/client/vnode.ts b/packages/qwik/src/core/client/vnode.ts
--- a/packages/qwik/src/core/client/vnode.ts
+++ b/packages/qwik/src/core/client/vnode.ts
@@ -895,3 +895,3 @@
         } else if (key === dangerouslySetInnerHTML) {
-          (element as any).innerHTML = value!;
+          (element as any).innerHTML = escapeHTML(String(value!));
         } else {
EOF
@@ -895,3 +895,3 @@
} else if (key === dangerouslySetInnerHTML) {
(element as any).innerHTML = value!;
(element as any).innerHTML = escapeHTML(String(value!));
} else {
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
packages/qwik/src/core/client/vnode.ts
const insertBefore = journal[idx++] as Element | Text | null;
let newChild: any;
while (idx < length && typeof (newChild = journal[idx]) !== 'number') {
insertParent.insertBefore(newChild, insertBefore);

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
@wmertens wmertens changed the title refactor: v2 framework rewrite refactor: v2 release Oct 8, 2024
shairez and others added 23 commits October 14, 2024 19:42
@shairez @wmertens
moved insights into core and optimizer
19d7b43 
Co-authored-by: Wout Mertens <[email protected]>
@shairez
fixed insights build
19fd12c
@shairez
removed qwik-labs
9174444
@shairez
removed qwik-types from insights app
23ed9af
@shairez
docs: changed "labs" to "experimental"
b032a01
@shairez
minor update to qwik-types
d5d7a07
@Varixo
fix inline component rendering
2497485
@shairez
Merge pull request #6978 from QwikDev/v2-fix-inline-component-rendering
103581c 
fix(render): fix inline component rendering
@wmertens
Merge remote-tracking branch 'origin/main' into v2-merge-main
f23d670
@wmertens
fixup
4381105
@shairez @wmertens
added aliases to legacy package names in the vite plugins
089c917 
Co-authored-by: Wout Mertens <[email protected]>
@wmertens
Merge pull request #6979 from QwikDev/v2-merge-main
3b5d6d9 
chore(v2): merge main into build/v2
@shairez
merged build/v2
d723997
@shairez
changed references from old package names
3e4162b
@Varixo
should early resolve computed qrl
4a77491
@wmertens
Merge pull request #6983 from QwikDev/v2-fix-computed-throw-promise
d271212 
fix(signals): should early resolve computed qrl
@Varixo
Merge branch 'main' into v2-merge-main-fix-build
b4e5e26
@Varixo
fix qwik-worker import
f2acbcc
@wmertens
Merge pull request #6985 from QwikDev/v2-merge-main-fix-build
75fd3bc 
chore: merge main and fix build
@Varixo
fix(render): fix component rendering (#6984)
c97cb71 
* fix component rendering

* revert doc search key changes
@shairez
moved insights into its own folder
42f66c6
@shairez
fixed build.full
fddc67e
@Varixo
Merge branch 'main' into build/v2
1fa3cc3
Varixo and others added 30 commits December 16, 2024 18:18
@Varixo
remove utf-8 encoding for repl-apps
109f17d
@shairez
Merge pull request #7171 from QwikDev/v2-fix-docs-build
900f48e 
fix: docs build command
@Varixo
Merge branch 'build/v2' into v2-schedule-recomputation
a95c2e6
@Varixo
refactor: remove unused errors
490e014
@Varixo
refactor: add serialization errors
1c3e766
@Varixo
refactor: add new qwik errors
8ae9ae6
@Varixo
fix tests
50f0fda
@Varixo
fix: repl diagnostics (#7176)
2222600
@Varixo
Merge pull request #7088 from QwikDev/v2-schedule-recomputation
ccbb690 
fix(signals): schedule signal computation and run effects through the scheduler
@Varixo
Merge branch 'build/v2' into v2-errors-refactor
701bf3a
@Varixo
change second paramter of qError to array, add unused comments
0ec45ce
@shairez
Merge pull request #7174 from QwikDev/v2-errors-refactor
8a83872 
refactor: v2 errors
@github-actions
Version Packages (alpha)
0e47329
@shairez
Merge pull request #7179 from QwikDev/changeset-release/build/v2
374e0d6 
V2 Version Packages (alpha)
@shairez
attempt to fix v2 latest tagging
6b30d54
@Varixo
fix: repl tabs
d572e81
@Varixo
Merge pull request #7189 from QwikDev/v2-fix-repl-2
6f98088 
fix: repl tabs
@Varixo
fix: convert destructured string prop to props variable
1413bc0
@wmertens
Merge pull request #7191 from QwikDev/v2-destructuring-colon-prop
7160354 
fix: convert destructured string prop to props variable
@Varixo
fix: destructured props for inline components
48af55c
@Varixo
fix: string prop destructuring
d8a19ca
@Varixo
remove tests duplicates
d266bdd
@Varixo
fix: serialize var prop
6578707
@Varixo
add error location to textarea and ref errors
bfb07d9
@Varixo @steffanek
fix: updating signal-based var props
0166199 
Co-authored-by: Steff <[email protected]>
@Varixo
Merge pull request #7190 from QwikDev/v2-inline-destructured-props
2a60951 
fix: destructured props for inline components
@Varixo
Merge pull request #7193 from QwikDev/v2-fix-serialize-var-prop
d21ff10 
fix: serialize var prop
@Varixo
fix: textarea with null value
ef92d10
@Varixo
Merge pull request #7198 from QwikDev/v2-updating-var-props
cef6a0d 
fix: updating signal-based var props
@Varixo
Merge pull request #7196 from QwikDev/v2-textarea-null-value
c029c32 
fix: textarea with null value
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
VERSION: upcoming major
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@wmertens @shairez @Varixo @gioboa