Skip to content

0.1.1 BugFix

Choose a tag to compare

View all tags
@VitaliiRomanenko VitaliiRomanenko released this 13 Jun 18:17
· 14 commits to main since this release
0.1.1
27b110a

Release Notes — Bug Fixes

Version: 0.1.1
Date: 2026-06-13
Author: Vitalii Romanenko

Summary

This release fixes multiple security, typing, and Obsidian compatibility issues. The focus is on eliminating unsafe DOM operations, replacing direct network calls with Obsidian APIs, improving TypeScript types and validation, and moving inline styles into CSS classes. These changes increase safety, maintainability, and reliability across normal and popout windows.

Fixed issues

  • DOM safety

    • Replaced unsafe innerHTML and direct HTML assignments with element creation via document.createElementand safe text insertion using textContent.

    • Ensured no unvalidated HTML is injected into the UI.

    • Files affected: src/views/MovieCard.ts.

  • Styles

    • Removed direct style assignments and inline style mutations.

    • Introduced CSS classes and used setCssProps / setCssStyles where appropriate.

    • Files affected: src/settings/settings.ts (lines referenced previously).

  • ESLint directives and explicit any

    • Removed undocumented directive comments and disallowed eslint-disable for @typescript-eslint/no-explicit-any.

    • Replaced any with concrete types or narrowed types with validation where possible.

    • Added explanatory comments for any remaining, narrowly scoped exceptions.

    • Files affected: src/settings/suggester/suggest.ts.

  • Network requests

    • Replaced fetch usage with Obsidian requestUrl to align with platform expectations and improve error handling.

    • Added response validation and error handling for network calls.

    • Files affected: src/api/tmdbAPIService.ts.

  • Type safety and any usage

    • Introduced interfaces for TMDB responses and other external data structures.

    • Added runtime checks before accessing properties on external responses.

    • Converted unsafe any usages to typed models or validated structures.

    • Files affected: src/api/tmdbAPIService.tssrc/api/tmdbMovieService.tssrc/api/tmdbGenreService.tssrc/views/searchModal.tssrc/settings/suggester/suggest.ts.

  • Obsidian compatibility

    • Replaced global document usage with activeDocument or appropriate Obsidian APIs to support popout windows.

    • Files affected: src/settings/settings.tssrc/views/MovieCard.ts.

  • Async handling

    • Ensured promises are awaited or explicitly handled with .catch or void where intentional.

    • Fixed functions that returned promises in contexts expecting void.

    • Files affected: src/settings/settings.tssrc/settings/suggester/suggest.tssrc/views/searchModal.ts.

  • API usage and suggestions

    • Migrated custom TextInputSuggest implementation toward the recommended AbstractInputSuggest API.

    • Added tests and validation for suggestion behavior.

    • Files affected: src/settings/suggester/suggest.ts.

Changed files

  • src/views/MovieCard.ts — safe DOM updates, removed innerHTML, use of activeDocument.

  • src/settings/settings.ts — moved inline styles to classes, fixed async usage, replaced document with activeDocument.

  • src/settings/suggester/suggest.ts — removed undocumented ESLint disables, improved typing, migrated toward AbstractInputSuggest.

  • src/api/tmdbAPIService.ts — replaced fetch with requestUrl, added response types and validation.

  • src/api/tmdbMovieService.ts — added interfaces, safe mapping and field checks.

  • src/api/tmdbGenreService.ts — added typing and validation.

  • src/views/searchModal.ts — fixed promise handling and tightened types.

Developer notes

  • API types: New interfaces live in src/types or the designated types folder. Always validate external responses before accessing fields.

  • Styles: New CSS classes are added to the plugin stylesheet. Avoid inline styles and prefer class-based styling or setCssProps / setCssStyles.

  • ESLint: If an exception is required, scope it narrowly and include a clear comment explaining why the rule is disabled.

  • Obsidian APIs: Use requestUrl for network requests and activeDocument for DOM access in popout contexts.

Testing and verification

  • Unit tests: Added tests for TMDB response parsing and suggestion component behavior.

  • Manual tests: Verified UI behavior in both main and popout windows, confirmed no unvalidated HTML insertion, and tested error handling for network failures.

  • Security checks: Confirmed removal of unsafe innerHTML usage and validated that user-provided content is never injected as raw HTML.

Known limitations

  • Some external responses remain loosely typed due to variability in third-party API payloads. Additional validation and stricter schemas will be added in future releases.

  • Minor refactors remain to fully eliminate all legacy any usages across the codebase.

Summary
This release addresses critical security and compatibility issues, improves TypeScript safety, and aligns the codebase with Obsidian best practices to make the plugin safer and more robust.

Assets 5
Loading