-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: properly handle special characters in user-provided IDs (closes #4927, #5561) #5564
Conversation
Special characters are allowed in HTML5 (https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/id) but need to be escaped when used in a selector for usage in e.g. "querySelector" Refs bootstrap-vue#5561
I also would like to mention that for me, at first, it wasn't clear that when you use |
This pull request is automatically built and testable in CodeSandbox. To see build info of the built libraries, click here or the icon next to each commit SHA. Latest deployment of this branch, based on commit 3879c5e:
|
Codecov Report
@@ Coverage Diff @@
## dev #5564 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 277 278 +1
Lines 9380 9409 +29
Branches 2497 2514 +17
=========================================
+ Hits 9380 9409 +29
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
In the original post, I stated that |
@dietergeerts IMHO the escaping isn't wort it. Especially when we need to add an additional dependency. |
@jackmu95, like explained in the issue, we are not in control of the used id. The extra dependency was added because |
@dietergeerts You have to make sure to assign a valid ID to the control of the |
Well Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/id |
@dietergeerts I will revisit this later today.
There are also other places we need to escape a user-provided ID. |
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/bootstrap-vue/bootstrap-vue/ctlihtqim |
Thanks @dietergeerts! |
@jackmu95 , thx for finishing up and having it merged. Is there any schedule when releases are made? (just wondering, as I see a github-project with the version tag where all is in done column, and as all is like very well automated, I assumed it would have been released already) |
* chore(deps): update all non-major dependencies (#5430) Co-authored-by: Renovate Bot <bot@renovateapp.com> * fix(b-form-checkbox-group): only emit `input` when value loosely changes (#5432) * fix(b-form-checkbox-group, b-form-radio-group): only emit `input` when value loosely changes * Update loose-equal.js * Update form-checkbox-group.spec.js * chore(deps): update all non-major dependencies (#5440) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update devdependency vue-router to ^3.3.0 (#5443) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update all non-major dependencies (#5445) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update devdependency rollup to ^2.11.2 (#5446) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore: Change Bootstrap v4.3.x to 4.5.x in README (#5447) Since v2.15 Bootstrap-Vue supports Bootstrap v4.5 * chore(deps): update all non-major dependencies (#5451) * chore(deps): update all non-major dependencies * Use `toBeEmptyDomElement()` instead of deprecated `toBeEmpty()` * Correct typo Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * chore(deps): update devdependency vue-router to ^3.3.2 (#5454) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): remove unused `gh-pages` dependency (#5455) * chore(deps): update devdependency gh-pages to v3 * Remove `gh-pages` dependency Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * chore(deps): update all non-major dependencies (#5458) Co-authored-by: Renovate Bot <bot@renovateapp.com> * Update all bootstrap doc links to latest version (#5450) Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * chore(deps): update devdependency rollup to ^2.12.1 (#5463) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update all non-major dependencies (#5466) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update devdependency @nuxtjs/sitemap to ^2.3.1 (#5468) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update devdependency lint-staged to ^10.2.9 (#5470) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(b-avatar): convert line endings to Unix (#5469) Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * chore: convert all line endings to unix (#5474) * chore(deps): update all non-major dependencies (#5478) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update all non-major dependencies (#5482) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update devdependency eslint-plugin-import to ^2.21.2 (#5487) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update devdependency @testing-library/jest-dom to ^5.10.0 (#5493) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update all non-major dependencies (#5495) Co-authored-by: Renovate Bot <bot@renovateapp.com> * first attempt (#5462) Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * chore(deps): update all non-major dependencies (#5499) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update devdependency eslint-plugin-prettier to ^3.1.4 (#5501) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update devdependency @nuxtjs/sitemap to ^2.3.2 (#5503) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update devdependency terser to ^4.8.0 (#5505) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update all non-major dependencies (#5508) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(docs): fix typo in sidebar README (#5494) (#5510) * chore: update auto format config (#5526) * chore(deps): update all non-major dependencies (#5511) Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * chore(deps): update all non-major dependencies (#5531) Co-authored-by: Renovate Bot <bot@renovateapp.com> * fix typo (#5534) * remove mention of `router-tag` from button docs (#5535) Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * fix(b-table): prevent endless reevaluation when using v-model and object/array literal prop values (#5554) * Update devDependency sass-loader to v9 (#5546) Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * fix(b-img): Allow empty `alt` prop (fixes #5524) (#5545) * Allow empty `alt` * default to null to avoid check * remove unused import * add avatar support * add test cases * spelling Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * chore(deps-dev): bump standard-version from 8.0.0 to 8.0.1 (#5576) Bumps [standard-version](https://github.com/conventional-changelog/standard-version) from 8.0.0 to 8.0.1. - [Release notes](https://github.com/conventional-changelog/standard-version/releases) - [Changelog](https://github.com/conventional-changelog/standard-version/blob/master/CHANGELOG.md) - [Commits](conventional-changelog/standard-version@v8.0.0...v8.0.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(b-form-tags): add `ignoreInputFocusSelector` prop to make input focus behavior configurable (closes #5425) (#5429) * fix(b-form-tags): fix input focus upon clicking on nested element * Update form-tags.js * Add `ignoreInputFocusSelector` prop * Update form-tags.js * Add comment and more selectors to ignoreInputFocusSelector in form-tags.js Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * chore(deps): update all non-major dependencies (#5533) * chore(deps): update all non-major dependencies * Bump BundleWatch limits for new Bootstrap Icons * Regenerate icon files Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * chore(docs): add an example to `<b-input-group>`'s using icons (#5537) * Adding an example to input-groups using icons * Update README.md Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * chore(deps): update devdependency @nuxtjs/google-analytics to ^2.4.0 (#5583) Co-authored-by: Renovate Bot <bot@renovateapp.com> * fix(b-icon): use `aria-label` attribute instead of `alt` (#5581) * fix(b-tags): replace spacing utility with static CSS (fixes #5523) (#5544) * remove spacing utility * use mt-auto for better centering * update * add new class to avoid issues with custom rendering Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * chore(docs): improve icons page (#5579) * feat(docs): improve icons page * Actually use `bootstrapIconsCount` variable * Move icon explorer to the bottom * chore: regenerate `yarn.lock` (#5585) * fix(b-form-tags): unit test (#5586) * chore(deps): update devdependency rollup to ^2.22.0 (#5589) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update all non-major dependencies (#5590) Co-authored-by: Renovate Bot <bot@renovateapp.com> * feat(docs): launch themes page with first BootstrapVue theme (#5549) * docs(footer): uncomment link for themes * docs(header): uncomment link for themes * docs(sidebar): uncomment link for themes * docs(intro/README): uncomment link for themes * docs(theming/README): uncomment link for themes * feature(themes): add first Bootstrap Vue & Creative Tim theme * style(themes): prettify themes files * fix(themes): solve typo * Use `@nuxt/content` for themes * Update index.vue * Update themes.vue * Don't pin `@nuxt/content` * Update themes.vue * Update themes.vue Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * fix: properly handle special characters in user-provided IDs (closes #4927, #5561) (#5564) * fix(b-form-group): make it work for ids with special characters like "/" Special characters are allowed in HTML5 (https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/id) but need to be escaped when used in a selector for usage in e.g. "querySelector" Refs #5561 * Use own `cssEscape()` util + use/test everywhere needed Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * chore(ci): update `actions/cache` to v2 (#5580) * chore(ci): update `actions/cache` to v2 * Update test.yml * Update test.yml * fix(b-form-tags): unit tests * Revert "fix(b-form-tags): unit tests" This reverts commit 20ebc04. * Split actions * Run BundleWatch during build * Update build.yml * Revert "Update build.yml" This reverts commit ed4ad3d. * Update build.yml * chore: replace `packagequality` badge with `codacy` in README (#5596) * chore: replace `packagequality` badge with `codacy` in README * Update README.md * chore(deps): update devdependency rollup to ^2.22.2 (#5597) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(deps): update devdependency rollup to ^2.23.0 (#5603) Co-authored-by: Renovate Bot <bot@renovateapp.com> * remove redundant height declaration in .b-sidebar (#5606) * chore(deps): update devdependency eslint-plugin-jest to ^23.18.2 (#5607) Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Jacob Müller <jacob.mueller.elz@gmail.com> * chore(deps): update all non-major dependencies (#5609) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore(docs): fix Bootstrap browser and devices link * chore(ci): fix BundleWatch token name * chore: add back `packagequality` badge to README * chore: prettify * chore: update contributors * chore(deps): update devdependency eslint-plugin-jest to ^23.19.0 (#5611) Co-authored-by: Renovate Bot <bot@renovateapp.com> * chore: add script to generate release notes (#5612) * chore: bump version to 2.16.0 and update changelog (#5614) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Troy Morehouse <troymore@nbnet.nb.ca> Co-authored-by: TitanFighter <bear_ukraine@bigmir.net> Co-authored-by: Hiws <rni@nova-c.dk> Co-authored-by: Vitaly Slobodin <vitaly_slobodin@fastmail.com> Co-authored-by: Sergey Skrynnikov <minotaar.hh@gmail.com> Co-authored-by: James George <jamesgeorge998001@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Paweł Tatarczuk <paweltatarczuk@gmail.com> Co-authored-by: Ivan Gonzalez <scratchmex@gmail.com> Co-authored-by: Hiws <hiws@live.dk> Co-authored-by: Nazare Emanuel-Ioan <emanuelioannazare@gmail.com> Co-authored-by: Dieter Geerts <dieter@dworks.be> Co-authored-by: michel milano <mmilano@users.noreply.github.com>
Describe the PR
Special characters are allowed in HTML5 (https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/id) but need to be escaped when used in a selector for usage in e.g.
document.querySelector()
.This PR makes sure to escape user-provided IDs (e.g. for
<b-form-group>
or a<b-tags-input>
) when used with theselect()
util.Closes #4927, #5561.
PR checklist
What kind of change does this PR introduce? (check at least one)
fix(...)
, requires a patch version updatefeat(...)
, requires a minor version updatefeat(...)
, requires a minor version updatefix(...)
, requires a patch or minor version updatechore(docs)
, requires a patch version updateDoes this PR introduce a breaking change? (check one)
The PR fulfills these requirements:
dev
branch, not themaster
branch[...] (fixes #xxx[,#xxx])
, where "xxx" is the issue number)fix(alert): not alerting during SSR render
,docs(badge): update pill examples
,chore(docs): fix typo in README
, etc). This is very important, as theCHANGELOG
is generated from these messages, and determines the next version type (patch or minor).If new features/enhancement/fixes are added or changed:
If adding a new feature, or changing the functionality of an existing feature, the PR's
description above includes: