Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: v2 framework rewrite #6903

Draft
wants to merge 362 commits into
base: main
Choose a base branch
from
Draft

refactor: v2 framework rewrite #6903

wants to merge 362 commits into from
+63,513 −23,443

Conversation

wmertens
Copy link
Member

This PR is for showing progress on v2, and having installable npm packages.

The changes are meant to be readable and maintainable, so if things are unclear please let us know.

mhevery and others added 30 commits March 21, 2024 13:48
@mhevery
fix(v2): fix derived signals serialization
cc9d833
@wmertens
Merge remote-tracking branch 'origin/main' into build/v2
6fe59b8
@Varixo
test(v2): add svg tests (#6042)
1c3b54c 
* test(v2): add some svg tests

* fix lint

* fix conditional rendering
@wmertens
Merge remote-tracking branch 'origin/main' into build/v2
9b8c88e
@Varixo @mhevery
test(v2): test for #2688 issue (#6037)
963d5a8 
* test(v2): test for #2688 issue

* Fixup: make test fail in same way as e2e

* WIP: test green or skip

---------

Co-authored-by: Miško Hevery <[email protected]>
@wmertens
chore(v2): use optimzer in unit tests
9015882
@wmertens
fix(v2): optimizer test fixes (#6046)
773929e 
* cleanup

* change node prop updating

* fix some use-visible-task tests

* update node prop review changes

Co-authored-by: Wout Mertens <[email protected]>
@wmertens @Varixo
refactor(v2): varProps and constProps and PropsProxy (#6054)
2f545b6 
* TODO
- instanceof DerivedSignal to remove all _IMMUTABLE stuff
- jsxnode proxy:
  - _IMMUTABLE -> _CONST_PROPS
  - _VAR_PROPS
- remove _wrapSignal etc

Co-authored-by: Varixo <[email protected]>

* varProps constProps WIPWIPWIP

* fix serialization

---------

Co-authored-by: Varixo <[email protected]>
@mhevery
fix(v2): fix build; fix some tests
9b61314
@wmertens
chore: upgrade typescript + fixups
6ea7260 
add a version override so the API extractor uses it too
@mhevery
fix(v2): fix more tests
438af2b
@mhevery
test(v2): more test cleanup after merge
74c0d3a
@Varixo
test(v2): fix integration tests (#6064)
37e6b68
@Varixo
test(v2): toMatchDOM matcher (#6066)
8404f02
@mhevery
test(v2): make tests pass
3d59179
@mhevery
test(v2): re-enable skipped tests
1311450
@mhevery
refactor(v2): VNode materialization causes VNode references in data t…
9b76d31 
…o be eagerly resolved.
@Varixo
fix(v2): fix infinity loop with empty text (#6072)
22c6966
@Varixo
test(v2): change #4038 test (#6074)
1e82b65
@mhevery
fix(v2): take projection into account when releasing subscriptions.
e004eb0
@Varixo
fix(v2): fix boolean and number attributes (#6077)
dddb5c7 
* fix(v2): fix boolean and number attributes

* fix(v2): fix boolean and number attributes
@mhevery
test(v2): ensure vNodes are removed bofer insert
e00808a
@mhevery
test(v2): Run slot e2e test under vitest
a64bd5a
@Varixo
test(v2): migrate tests to describe.each (#6080)
5844360
@mhevery
test(v2): fix component keys
faf8447
@mhevery
fix(v2): special handling of input attributes
80d7525
@mhevery
test(v2): attribute e2e tests working
87f0b9e
@Varixo @wmertens
feat(v2): useId implemention
1048908
@Varixo
fix(v2): handling events (#6105)
ae94e2a
@Varixo
test(v2): add test for rendering text node between nodes (#6117)
766126e 
* test(v2): add test for rendering text node between nodes

* fix failing test
shairez and others added 22 commits September 24, 2024 23:02
@shairez @wmertens
fix: CI not uploading dot files (#6876)
0ff83a7
@dependabot @wmertens
chore(deps): bump the npm_and_yarn group across 2 directories with 1 …
e902a49 
…update

Bumps the npm_and_yarn group with 1 update in the / directory: [express](https://github.com/expressjs/express).
Bumps the npm_and_yarn group with 1 update in the /starters/adapters/express directory: [express](https://github.com/expressjs/express).


Updates `express` from 4.19.2 to 4.20.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.19.2...4.20.0)

Updates `express` from 4.19.2 to 4.20.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.19.2...4.20.0)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: express
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@maiieul @wmertens
fix: sharp err -> "free(): invalid size" (#6882)
f5549f7
@JerryWu1234 @wmertens
fix(dev): image service error handling (#6855)
11f347a 
Co-authored-by: wuls <[email protected]>
@wmertens
fix(docs): url replacing
8b9aa37 
hashes can have _ in them
@wmertens
feat(vite): experimental[] + put valibot behind flag
a61db44
@wmertens
fix: nicer qwik city env error during dev
a5752d7
@wmertens
feat(qwik-city): usePreventNavigate()
bc646af
@shairez @wmertens @gioboa
improved the changesets messages (#6884)
2a37947 
Co-authored-by: Wout Mertens <[email protected]>
Co-authored-by: Giorgio Boa <[email protected]>
@shairez @wmertens
fix typos
29e8536
@shairez @wmertens
trying to fix valibot changeset
487d3eb
@github-actions @wmertens
Version Packages
ece5b57
@dmitry-stepanenko @wmertens
feat: add qwik cli e2e
dd952f3
@dmitry-stepanenko @wmertens
chore: add test.e2e-cli to the CI
4f67f9f
@shairez @wmertens
ci: add better console
62c4c00
@wmertens
Merge remote-tracking branch 'origin/main' into merge-main
4f925f2
@Varixo
fix visible task inside slot
e146f0d
@Varixo
change entryStrategy for e2e tests
9caf64f
@Varixo
add expect for test
9844973
@Varixo
fix signal serialization
b514d39
@wmertens
Merge pull request #6887 from QwikDev/merge-main
8af82a9 
chore(v2): Merge main
@Varixo
chore(v2): cleanup old code (#6917)
b040b46 
undefined
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 26, 2024
View reviewed changes
packages/qwik/src/core/client/dom-container.ts
}
errorDiv.setAttribute('q:key', '_error_');
const journal: VNodeJournal = [];
vnode_getDOMChildNodes(journal, vHost).forEach((child) => errorDiv.appendChild(child));

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
packages/qwik/src/core/client/vnode.ts
} else if (key === 'value' && key in element) {
(element as any).value = escapeHTML(String(value));
} else if (key === dangerouslySetInnerHTML) {
(element as any).innerHTML = value!;

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix AI 1 day ago

To fix the issue, we need to ensure that any content assigned to innerHTML is properly escaped to prevent XSS. We can use a utility function like escapeHTML to escape the content before setting it as innerHTML.

  1. Identify the line where innerHTML is set with potentially unsafe content.
  2. Use the escapeHTML function to sanitize the content before assigning it to innerHTML.
Suggested changeset 1
packages/qwik/src/core/client/vnode.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/qwik/src/core/client/vnode.ts b/packages/qwik/src/core/client/vnode.ts
--- a/packages/qwik/src/core/client/vnode.ts
+++ b/packages/qwik/src/core/client/vnode.ts
@@ -899,3 +899,3 @@
         } else if (key === dangerouslySetInnerHTML) {
-          (element as any).innerHTML = value!;
+          (element as any).innerHTML = escapeHTML(String(value!));
         } else {
EOF
@@ -899,3 +899,3 @@
} else if (key === dangerouslySetInnerHTML) {
(element as any).innerHTML = value!;
(element as any).innerHTML = escapeHTML(String(value!));
} else {
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
packages/qwik/src/core/client/vnode.ts
const insertBefore = journal[idx++] as Element | Text | null;
let newChild: any;
while (idx < length && typeof (newChild = journal[idx]) !== 'number') {
insertParent.insertBefore(newChild, insertBefore);

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Copilot Autofix AI 1 day ago

To fix the problem, we need to ensure that any data inserted into the DOM is properly sanitized or escaped to prevent XSS vulnerabilities. Specifically, we should escape any HTML special characters in the newChild variable before inserting it into the DOM.

  1. Use a utility function to escape HTML special characters.
  2. Apply this escaping function to the newChild variable before it is inserted into the DOM.
Suggested changeset 1
packages/qwik/src/core/client/vnode.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/qwik/src/core/client/vnode.ts b/packages/qwik/src/core/client/vnode.ts
--- a/packages/qwik/src/core/client/vnode.ts
+++ b/packages/qwik/src/core/client/vnode.ts
@@ -929,3 +929,3 @@
         while (idx < length && typeof (newChild = journal[idx]) !== 'number') {
-          insertParent.insertBefore(newChild, insertBefore);
+          insertParent.insertBefore(document.createTextNode(escapeHTML(newChild)), insertBefore);
           idx++;
EOF
@@ -929,3 +929,3 @@
while (idx < length && typeof (newChild = journal[idx]) !== 'number') {
insertParent.insertBefore(newChild, insertBefore);
insertParent.insertBefore(document.createTextNode(escapeHTML(newChild)), insertBefore);
idx++;
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Varixo and others added 7 commits September 27, 2024 16:20
@Varixo
feat(v2): remove fixmeany type (#6919)
01702b5
@wmertens @Varixo
refactor(v2): serialization (#6916)
1f3fde5 
* fix some signal deserialization

* fix vnode serialize

* fix store

* resource working

* fix(ssr): await close container

* Date: support invalid+use shorter epoch time

* add setter for deserialized object

* add test for setting a value

* fix qrl scope deduping

* fix(nix): playwright running

---------

Co-authored-by: Varixo <[email protected]>
@gioboa @wmertens
fix(#6900): signals should be ordered so parents run first
a1638f6
@gioboa @wmertens
fix(#6900): signals should be ordered so parents run first
2f9cf37
@Varixo @wmertens
fix executing chores for deleted nodes inside projection
763bce4
@Varixo @wmertens
remove unnecessary qinit event
6f082cf
@Varixo
refactor(v2): reduce subsriptions count, dont use regexp for attribut…
386edeb 
…e checking (#6939)

* reduce subscription count

* do not use regex for attribute security check
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
VERSION: upcoming major
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.