Update dependency jsdom to v16 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
jsdom	^4.0.5 -> ^16.5.0

GitHub Vulnerability Alerts

CVE-2021-20066

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.

---

Release Notes

jsdom/jsdom

v16.5.0

Compare Source

• Added window.queueMicrotask().
• Added window.event.
• Added inputEvent.inputType. (diegohaz)
• Removed ondragexit from Window and friends, per a spec update.
• Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
• Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
• Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
• Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
• Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
• Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
• Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
• Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
• Fixed xhr.response to return null for failures that occur during the middle of the download.
• Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
• Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
• Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

v16.4.0

Compare Source

• Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
• Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
• Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
• Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
• Fixed el.focus() to work on SVG elements. (zjffun)
• Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
• Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
• Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
• Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
• Fixed the valueMissing validation check for <input type="radio">. (zjffun)
• Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

v16.3.0

Compare Source

• Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
• Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
• Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
• Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
• Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
• Fixed drawing an empty canvas into another canvas. (zjffun)

v16.2.2

Compare Source

• Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
• Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
• Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
• Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
• Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
• Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.
• Fixed various issues where updating selectEl.value would not invalidate properties such as selectEl.selectedOptions. (ExE-Boss)
• Fixed <input>'s src property, and <ins>/<del>'s cite property, to properly reflect as URLs.
• Fixed window.addEventLister, window.removeEventListener, and window.dispatchEvent to properly be inherited from EventTarget, instead of being distinct functions. (ExE-Boss)
• Fixed errors that would occur if attempting to use a DOM object, such as a custom element, as an argument to addEventListener.
• Fixed errors that would occur when closing a window with outstanding requests to data: URLs.
• Fixed sporadic issues with the value of <input type="month"> that could occur in some time zones and for some times.
• Fixed document.implementation.createDocument() to return an XMLDocument, instead of a Document. (ExE-Boss)
• Fixed running jsdom in a browser to detect globals more reliably. (ExE-Boss)

v16.2.1

Compare Source

• Updated saxes, to bring in some BOM-related fixes.
• Updated Acorn-related packages to squelch npm audit warnings.

v16.2.0

Compare Source

• Added support for custom elements! Congratulations and thanks to @​pmdartus for making this happen, after ten months of hard work and lots of effort poured into the complex architectural prerequisites in jsdom and supporting packages.
• Fixed some issues when trying to use Attr as a Node, e.g. by checking its baseURI property or calling attr.cloneNode().
• Fixed a memory leak during parsing that was introduced in v14.0.0.
• Fixed edge cases in number/string conversion used for certain element properties that reflected integer attributes.

v16.1.0

Compare Source

• Added console.timeLog().
• Changed Attr to extend Node, to align with specifications. (ExE-Boss)
• Changed <noscript> children to be parsed as nodes, instead of as text, when runScripts is left as the default of undefined. (ACHP)
• Upgraded cssstyle to v2.1.0, which brings along fixes to handling of rgba() and hsl() colors. (kraynel)
• Fixed some selection-related issues when manipulating the value of <input>s and <textarea>s. (Matthew-Goldberg)
• Fixed various issues with setTimeout(), setInterval(), and requestAnimationFrame(), particularly around window closing and recursive calls.

v16.0.1

Compare Source

• Fixed Node v10 and v11 support when runScripts was set.
• Fixed the behavior when changing an <input>'s type="" attribute.
• Fixed input validation behavior for <input type="range"> when max="" is less than min="".

v16.0.0

Compare Source

For this release we'd like to welcome @​pmdartus to the core team. Among other work, he's driven the heroic effort of constructor prototype and reform in jsdom and its dependencies over the last few months, to allow us to move away from shared constructors and prototypes, and set the groundwork for custom elements support (coming soon!).

Breaking changes:

• Node v10 is now the minimum supported version.
• The dom.runVMScript() API has been replaced with the more general dom.getInternalVMContext() API.
• Each jsdom Window now creates new instances of all the web platform globals. That is, our old shared constructor and prototypes caveat is no longer in play.
• Each jsdom Window now exposes all JavaScript-spec-defined globals uniformly. When runScripts is disabled, it exposes them as aliases of the ones from the outer Node.js environment. Whereas when runScripts is enabled, it exposes fresh copies of each global from the new scripting environment. (Previously, a few typed array classes would always be aliased, and with runScripts disabled, the other classes would not be exposed at all.)

Other changes:

• Added the AbstractRange, Range, StaticRange, Selection, and window.getSelection() APIs.
• Added working constructors for Comment, Text, and DocumentFragment.
• Added valueAsDate, valueAsNumber, stepUp() and stepDown() to <input> elements. (kraynel)
• Added window.origin.
• Removed document.origin.
• Fixed <template> to work correctly inside XML documents.
• Fixed some bugs which would cause jsdom to choose the wrong character encoding because it was failing to detect <meta charset> or <meta http-equiv="charset"> elements.
• Fixed input.type to default to "text". (connormeredith)
• Fixed incorrect validation errors for <input> with fractional values for their step="" attribute. (kontomondo)
• Fixed incorrect validation errors on readonly <input> elements.
• Fixed <input type="email" multiple pattern="..."> validation.
• Fixed fileReader.readAsDataURL() to always base64-encode the result. (ytetsuro)
• Fixed inserting <img> elements into documents without a browsing context to no longer crash when the canvas package is installed.
• Fixed a memory leak when using window.setTimeout() or window.setInterval().
• Improved the performance of getComputedStyle(). (eps1lon)

v15.2.1

Compare Source

• Fixed JSDOM.fromURL() handling of URLs with hashes in them, to no longer send the hash to the server and append an extra copy of it when constructing the Document. (rchl)
• Fixed focusing an already-focused element to correctly do nothing, instead of firing additional focus events. (eps1lon)
• Fixed typo in the not-implemented message for mediaElement.addTextTrack(). (mtsmfm)
• Upgraded nwsapi minimum version to 2.2.0, which fixes issues with ::-webkit- prefixed pseudo-elements and namespaced attribute selectors.

v15.2.0

Compare Source

• Added basic style inheritance in getComputedStyle() for the 'visibility' property. This sets the foundation for further work on inheritance, cascading, and specificity. (eps1lon)
• Added shadowRoot.activeElement.
• Added readystatechange events during document loading.
• Added a stub for form.requestSubmit(), to match our existing stub for form.submit().
• Changed el.tabIndex's default value, when no tabindex="" attribute was set, to reflect the updated specification.
• Changed the exception thrown by el.attachShadow() on something that's already a shadow host, to reflect the updated specification.
• Fixed the validation logic for <input type="range">.
• Fixed selectEl.value when no <option> is selected to return the empty string, instead of the value of the first option. (tgohn)
• Fixed various correctness issues with new FormData(formElement). (brendo)
• Fixed error messages when parsing XML to include the filename, instead of using "undefined". (papandreou)
• Fixed the logic for reflected properties to not be affected by overwriting of el.getAttributeNS() or el.setAttributeNS().
• Set canvas as an optional ``peerDependency`, which apparently helps with Yarn PnP support.

v15.1.1

Compare Source

• Moved the nonce property from HTMLScriptElement and HTMLStyleElement to HTMLElement. Note that it is still just a simple reflection of the attribute, and has not been updated for the rest of the changes in whatwg/html#​2373.
• Fixed the style and on<event> properties to properly track their related attributes for SVG elements. (kbruneel)
• Fixed XMLHttpRequest merging preflight and response headers. (thiagohirata)
• Fixed XMLHttpRequest reserializing content-type request headers unnecessarily. See whatwg/mimesniff#​84 for more details. (thiagohirata)
• Fixed element.tagName to be the ASCII uppercase of the element's qualified name, instead of the Unicode uppercase.

v15.1.0

Compare Source

• Added the Headers class from the Fetch standard.
• Added the element.translate getter and setter.
• Fixed synchronous XMLHttpRequest on the newly-released Node.js v12.
• Fixed form.elements to exclude <input type="image"> elements.
• Fixed event path iteration in shadow DOM cases, following spec fixes at whatwg/dom#​686 and whatwg/dom#​750.
• Fixed pattern="" form control validation to apply the given regular expression to the whole string. (kontomondo)

v15.0.0

Compare Source

Several potentially-breaking changes, each of them fairly unlikely to actually break anything:

• JSDOM.fromFile() now treats .xht files as application/xhtml+xml, the same as it does for .xhtml and .xml. Previously, it would treat them as text/html.
• If the JSDOM constructor's contentType option has a charset parameter, and the first argument to the constructor is a binary data type (e.g. Buffer or ArrayBuffer), then the charset will override any sniffed encoding in the same way as a Content-Type header would in browser scenarios. Previously, the charset parameter was ignored.
• When using the Blob or File constructor with the endings: "native" option, jsdom will now convert line endings to \n on all operating systems, for consistency. Previously, on Windows, it would convert line endings to \r\n.

v14.1.0

Compare Source

• Added activation behavior for <a> and <area> elements whose href="" points to a javascript: URL or fragment.
• Added the <datalist> element's options property.
• Added the <input> element's list property.
• Added PageTransitionEvent, and the firing of pageshow events during loading.
• Exposed the External class as a property of window.
• Fixed HTML fragment parsing (via innerHTML and outerHTML) to be spec-compliant. (pmdartus)
• Fixed HTML serialization (e.g. via innerHTML) breaking after setting certain properties to non-string values.
• Fixed how disabling an element would cause its activation behavior to forever be null, even if it were re-enabled.
• Fixed all access to attributes to ignore attributes with namespaces, per the spec.
• Fixed <style>s to no longer apply to documents without a browsing context. This includes fixing a crash that would occur with such styles if they had an @import rule.
• Fixed <option>'s label and value properties to return correct values in various edge cases.
• Fixed the load event during document loading to target the Document, not the Window.
• Fixed the pretendToBeVisual option to propagate to child subframes, as well as the main Window. (pyrho)
• Updated the minimum nwsapi version from v2.1.1 to v2.1.3, bringing along a few fixes in our selector engine.

v14.0.0

Compare Source

Breaking changes:

• JSDOM.fragment() now creates fragments whose document has no browsing context, i.e. no associated Window. This means the defaultView property will be null, resources will not load, etc.
• JSDOM.fragment(), called with no arguments, now creates a DocumentFragment with no children, instead of with a single child text node whose data was "undefined".

Other changes:

• Fixed a regression in v13.2.0 when calling element.blur() on a focused element.
• Fixed inserting <link> elements into documents with no browsing context to no longer crash if the originating JSDOM was configured to fetch the resource. Now, per spec, <link> elements only attempt to fetch if they are browsing-context connected.
• Fixed <template> elements to have the correct semantics, of using a separate browsing-context-less document to store its contents. In particular this means resources will not be fetched for elements inside the <template>, as per spec.

v13.2.0

Compare Source

• Added support for MutationObservers! (pmdartus)
• Added support for XML documents loaded in frames and iframes; previously this would error.
• Added the <progress> element's value, max, and position properties.
• Added navigator.plugins and navigator.mimeTypes. (But, they are always empty.)
• Fixed <summary> elements respond to click events by toggling their parent <details>.
• Fixed <summary> elements to be focusable.
• Fixed XML document DOCTYPE parsing to preserve any custom name values.
• Fixed XML documents to default to UTF-8, not windows-1252 like HTML documents do.
• Fixed all events fired by jsdom to have isTrusted set to true.
• Fixed DOMParser-created documents to have their readyState set to "complete".
• Fixed how nested <fieldset>s get disabled.
• Fixed getComputedStyle() to throw a sensible exception when passed the wrong argument, instead of one that exposes jsdom internals.
• Upgraded our saxes dependency, so that it now correctly errors on XML fragments like <foo bar:="1"/>.

v13.1.0

Compare Source

• Added el.insertAdjacentElement() and el.insertAdjacentText().
• Added the firing of a cancelable reset event to form.reset(). (epfremmer)
• Added the type, value, and defaultValue properties to <output> elements, including their form reset behavior. (epfremmer)
• Added the outputEl.htmlFor property.
• Fixed the performance of parsing large text nodes, particularly noticeable for large inline <style> or <script> elements. This regressed in v11.6.0. To learn more, see V8 issue #​6730.
• Fixed the style property on <a> and <area> elements. This regressed in v13.0.0.
• Fixed node.isConnected to not always return false for nodes inside a shadow tree. (pmdartus)
• Fixed <button type="reset"> and <input type="reset"> elements to actually perform a form reset when clicked, instead of doing nothing. (epfremmer)
• Fixed el.setCustomValidity() for <output> and <fieldset>.
• Fixed activation behavior when dispatching bubbling click events, so that for example calling el.click() on the child of a submit button element will submit the form.
• Fixed our XML parsing code to ignore text outside the root element, instead of treating it as an error. (lddubeau)
• Fixed XML serialization when elements had an unknown prefix.
• Fixed radio button group name matching to be case-sensitive, per a spec update.
• Fixed focus/blur events to be composed.
• Fixed mediaElement.duration to default to NaN.
• Fixed olEl.start to default to 1.
• Fixed using XMLHttpRequest against non-existant file: URLs to treat that as a network error, instead of crashing. (pascalbayer) Note that in the future we may completely disable XMLHttpRequest usage against file: URLs to follow the browser security model.
• Fixed document.title in SVG documents.
• Fixed titleElement.text to return the child text content, instead of being the same as titleElement.innerHTML.
• Fixed <textarea>s to properly account for child CDATA section nodes changing.
• Fixed the value of Element.prototype[Symbol.unscopables].

v13.0.0

Compare Source

Breaking change:

• Removed support for v1.x of the canvas package, in favor of v2.x. This also removes support for canvas-prebuilt, since canvas v2.x has a built-in prebuilt version.

Other changes:

• Added proper XML serialization, based on the w3c-xmlserializer package. Previously we were just using the HTML serialization, even in XML documents.
• Added the storageEvent.initStorageEvent() method.
• Added support for the passive option to addEventListener().
• Added the relList property to <a>, <area>, and <link> elements.
• Fixed our implementation of the node tree modification constraints (for example the ensure pre-insertion validity algorithm). It is no longer possible to add, remove, or move nodes to create impossible DOM trees. (pmdartus)

v12.2.0

Compare Source

• Added support for shadow DOM! This includes shadow roots, slots, composed events, and more. (pmdartus)
• Added the element.toggleAttribute() method.
• Fixed XMLHttpRequest sometimes sending an empty request body after a preflight request. (andreasf)
• Fixed the formElement.form property to use an algorithm that also checks the form="" attribute, instead of always looking for the closest ancestor <form> element. (jamietre)
• Stopped swallowing errors when the canvas or canvas-prebuilt packages were installed, but failed to load. (joscha)

v12.1.0

Compare Source

• Dramatically upgraded our XML parser, from the unmaintained sax package to the well-maintained saxes replacement. This increases our specification conformance, including rejecting certain ill-formed XML documents that were previously accepted, and properly handling other constructs like empty comments, CDATA sections, and <script> elements. (lddubeau)
• Added fieldsetEl.elements and fieldsetEl.type properties.
• Added the options parameter to dom.runVMScript(). (SimenB)
• Added the ability for custom resource loader fetch() implementations to see what element initiated the fetch. (sarvaje)
• Fixed input and change events for <input> elements to be trusted and uncancelable.
• "Fixed" <script>s with the async attribute to not execute before sync <script>s that precede them. We still do not, in general, have proper execution of scripts during the initial parsing of a document, so this fix is more of a reduction of badness than an alignment with the specification. This behavior regressed in v12.0.0. (sarvaje)

v12.0.0

Compare Source

This major release brings along our new resource loader API, finally bringing all the capabilities from jsdom v9 to the new (jsdom v10+) API. Thanks very much to @​sarvaje for his work to make this possible!

Breaking changes:

• jsdom now requires Node.js v8.
• Removed the old jsdom API, as the new API now has all the capabilities you need.
• Updated our parse5 dependency to v5, which changes the format of the node locations returned by dom.nodeLocation().
• Updated our whatwg-url dependency to v7, which changes the origin of file: URLs to be an opaque origin (and thus file: URLs are no longer same origin to each other).

Other changes:

• Added countReset(), dir() and dirxml() methods to console.
• Added the InputEvent class.
• Added window.status.
• Added htmlElement.draggable.
• Fixed window.frameElement to correctly return an actual HTMLElement instance, instead of a jsdom internal class.
• Fixed cloning of textarea elements to preserve their values.
• Fixed select.selectedOptions sometimes returning outdated results.
• Fixed CSS selection APIs sometimes returning outdated results, especially for state pseudo-class selectors like :checked.
• Fixed CSS selection APIs to throw an error for invalid selectors even when used on empty nodes.
• Fixed window.name to default to the empty string, per spec, instead of "nodejs".
• Fixed the default User-Agent to say "unknown OS" instead of "undefined" when jsdom is used in web browsers.

v11.12.0

Compare Source

• Added window.localStorage, window.sessionStorage, and StorageEvent support. These are currently only stored in-memory; file an issue if you need persistent (on-disk) storage capability so we can discuss adding that. This feature includes the new storageQuota option for controlling how much can be stored.
• Added element.closest(). (caub)
• Changed hashchange and popstate events to no longer bubble, per a specification update.
• Fixed the old API in Node.js v10 to not throw, when given input that is not a valid file path (such as a typical HTML string).
• Upgraded cssstyle to v1.0.0, bringing along various fixes to our CSS parser and object model. (eddies)
• Upgraded nwsapi to v2.0.7, bringing along various fixes to our selector engine.

v11.11.0

Compare Source

• Added node.getRootNode(). (FrecksterGIT)
• Added label.control. (FrecksterGIT)
• Added el.labels for form control elements. (FrecksterGIT)
• Fixed the contentType of Documents created through <iframe>s.
• Fixed the contentType and origin of Documents created through document.implementation.createDocument().
• Fixed sourceEl.srcset to return the value of the srcset="" attribute, instead of the cite="" attribute.
• Fixed node.normalize() to not modify non-Text nodes. (lddubeau)
• Upgraded cssstyle to v0.3.1, bringing along various fixes to our CSS parser and object model. (jsakas)
• Upgraded whatwg-url to v6.4.1, fixing the interaction of URL's href and searchParams properties.
• Upgraded our selector matching engine from nwsmatcher to nwsapi, bringing along extensive fixes, performance improvements, and additional selector support.

v11.10.0

Compare Source

• Added event.srcElement and event.returnValue.
• Fixed XMLHttpRequest to correctly set the User-Agent header, and set it on CORS preflight requests. (BehindTheMath)

v11.9.0

Compare Source

• Added node.lookupPrefix(), node.lookupNamespaceURI() and node.isDefaultNamespace().
• Fixed the cloning of Documents; previously it would not clone all of the appropriate state, and would sometimes add an extra document type node.
• Fixed various edge cases in the textContent and nodeValue properties.
• Fixed canvas.toBlob() to properly pass through the JPEG quality argument, instead of always passing zero to node-canvas. (challakoushik)

v11.8.0

Compare Source

• Added the full constraint validation API, i.e. willValidate, validity, validationMessage, checkValidity(), reportValidity(), and setCustomValidity(), on HTMLButtonElement, HTMLFieldSetElement, HTMLFormElement, HTMLInputElement, HTMLObjectElement, HTMLOutputElement, HTMLSelectElement, and HTMLTextAreaElement. (kontomondo)
• Added getElementById() to DocumentFragment.

v11.7.0

Compare Source

• Added the boolean return value to DOMTokenList's replace() method, per the recent spec addition.
• Added FileReader's readAsBinaryString() method, as it has been added back to the specification.
• Fixed event handlers to be own properties of each Window, instead of on Window.prototype. (Fetz)
• Fixed an exception that would sometimes get raised when removing an <img> element's src="" attribute. (atsikov)
• Fixed abort events on AbortSignals to have their isTrusted set to true.
• Fixed some argument conversions in XMLHttpRequest's open() method.
• Improved MIME type and data: URL parsing throughout jsdom, by using the new whatwg-mimetype and data-urls packages.
• Removed some unnecessary .webidl files that were included in the npm package.

v11.6.2

Compare Source

• Fixed another regression (since v11.6.0) in <style> elements, where they would omit a series of parsing jsdomError events for any style sheet text containing spaces.
• Generally improved the spec-conformance of when <style> and <script> elements are evaluated; for example, <script> elements inserted by innerHTML are no longer evaluated.

v11.6.1

Compare Source

• Fixed one regression (since v11.6.0) in <style> elements, where their sheet property would sometimes be null when it should not be.
• Fixed a case where a <style> element's sheet property would be left as a CSSStyleSheet despite it not being in the document.

Another regression remains where we are emitting spurious CSS-parsing jsdomError events; see #​2123. We also discovered a large amount of preexisting brokenness around <style>, <link>, and @import; see #​2124 for more details.

We'll try to fix these soon, especially the regression.

v11.6.0

Compare Source

• Added a fully-functioning WebSocket implementation!
• Added a window.performance implementation, including the basics of the High Resolution Time specification: performance.now(), performance.timeOrigin, and performance.toJSON().
• Added support for all of the public API of HTMLMeterElement, except for meterEl.labels.
• Added the locationbar, menubar, personalbar, scrollbars, statusbar, and toolbar properties to Window.
• Added more properties to window.screen: availWidth, availHeight, colorDepth, and pixelDepth. All of its properties are now getters as well.
• Added window.devicePixelRatio.
• Added getModifierState() to MouseEvent and KeyboardEvent.
• Added a setter for HTMLInputElement's files property.
• Added support for the endings option to the Blob constructor.
• Fixed firing various event firings to have the correct default values, e.g. the properties of MouseEvent when using element.click().
• Fixed the firing of popstate and hashchange events during fragment navigation to make them trusted events.
• Fixed data: URL parsing to not include the fragment portions.
• Fixed all URL-accepting properties to properly perform scalar value string conversion and URL resolution.
• Fixed many other small edge-case conformance issues in the API surface of various web APIs; see #​2053 and #​2081 for more information.
• Fixed various APIs to use ASCII lowercasing, instead of Unicode lowercasing, for element and attribute names.
• Fixed the encoding of a document created via new Document() to be UTF-8.
• Fixed event handler properties behavior when given non-callable objects.
• Increased the performance of parsing HTML documents with large numbers of sibling elements.
• Removed probablySupportsContext() and setContext() from HTMLCanvasElement, per spec updates.
• Removed the nonstandard window.scrollLeft and window.scrollTop properties, and the window.createPopup() method.

v11.5.1

Compare Source

(This should have been a minor release; oops.)

• Added AbortSignal and AbortController.
• Fixed validation for file <input>s and implemented validation for more input types.

v11.4.0

Compare Source

For this release we'd like to welcome @​Zirro to the core team; his contributions over the course of this year have enhanced jsdom immensely.

• Added a rudimentary set of SVG element classes, namely SVGElement, SVGGraphicsElement, SVGSVGElement, SVGTests, SVGAnimatedString, SVGNumber, and SVGStringList. The main impact here is that SVG elements are now instances of SVGElement, instead of being simply Element (as they were in v11.3.0) or HTMLUnknownElement (as they were in v11.2.0 and previously). The only concrete subclass that is implemented is SVGSVGElement, for <svg> itself; other tags will not map to their correct classes, because those classes are not yet implemented.
• Added the new pretendToBeVisual option, which controls the presence of the new requestAnimationFrame() and cancelAnimationFrame() methods, and the new values of document.hidden/document.visibilityState. See the README for more information. (SimenB)
• Added the append() and prepend() methods to Document, DocumentFragment, and Element. (caub)
• Added the before(), after(), and replaceWith() methods to DocumentType, Element, and CharacterData. (caub)
• Added node.isConnected.
• Added node.isSameNode().
• Added support for parsing CDATA sections in XML documents, including in domParser.parseFromString(). (myabc)
• Added appropriate input.value getter/setter logic for <input type="file">.
• Significantly improved the spec-compliance of NamedNodeMap, i.e. of element.attributes, such that retrieving named or indexed properties will now always work properly.
• Fixed domParser.parseFromString() to not parse HTML character entities in XML documents. (myabc)
• Fixed xhr.abort() to clear any set headers.
• Fixed XMLHttpRequest to always decoded responses as UTF-8 when responseType is set to "json".
• Fixed XMLHttpRequest CORS header handling, especially with regard to preflights and Access-Control-Allow-Headers. (ScottAlbertine)
• Fixed the behavior of radioButton.click() to fire appropriate input and change events. (liqwid)
• Fixed querySelector()/querySelectorAll() behavior for SVG elements inside <template> contents DocumentFragments, including those created by JSDOM.fragment(). (caub)
• Fixed the line number reporting in exception stack traces when using <script> elements, when includeNodeLocations is set.
• Removed the <applet> element, following the spec.

v11.3.0

Compare Source

For this release we'd like to formally welcome @​TimothyGu to the core team, as a prolific contributor. He will join the illustrious ranks of those who do so much work on jsdom that we no longer note their names in the changelog.

• Added table.tHead, table.tFoot, and table.caption setters, and the table.createTBody() method.
• Added CompositionEvent and WheelEvent classes.
• Added a <details> element implementation. (Zirro)
• Added stub <marquee> and <picture> element implementations. (Zirro)
• Updated uiEvent.initUIEvent(), keyboardEvent.initKeyboardEvent(), and mouseEvent.initiMouseEvent() to match the latest specifications.
• Converted DOMTokenList (used by, e.g., element.classList) to use proxies for improved specification compliance and "liveness".
• Fixed the DOMException class to be spec-compliant, including its constructor signature.
• Fixed some subtle interactions between inline event handlers and other event listeners.
• Fixed the element interface used when creating many of the more obscure elements.
• Fixed the behavior of the table.rows getter, and the table.createCaption() and table.deleteRow() methods.
• Fixed incorrect sharing of methods between interfaces that used mixins (e.g. previously document.querySelector === documentFragment.querySelector, incorrectly).
• Fixed FocusEvent creation, which regressed in v11.2.0.
• Fixed UIEvent to only allow initializing with Window objects for its view property.
• Fixed the behavior of tr.rowIndex and tr.deleteCall().
• Fixed the element interface for <td> and <th> to be simply HTMLTableCellElement, and improved that class's spec compliance.
• Fixed calling label.click() to not trigger the labeled control's activation behavior when the control is disabled. (schreifels)
• Fixed document.getElementsByName() to return a NodeList instead of a HTMLCollection. (Zirro)
• Significantly sped up synchronous XMLHttpRequest. (Zirro)

v11.2.0

Compare Source

This release brings with it a much-awaited infrastructure change, as part of webidl2js v7.3.0 by the ever-amazing TimothyGu: jsdom can now generate spec-compliant versions of classes that have "Proxy-like" behavior, i.e. allow getting or setting keys in unusual ways. This enables a number of improvements, also by TimothyGu:

• Significantly improved the spec-compliance and "liveness" of both NodeList and HTMLCollection, such that retrieving properties via indices or (in HTMLCollection's case) id/name values will always work correctly.
• Added element.dataset support.
• Added indexed and named access to <select> elements, as well as the corresponding item() and namedItem() methods.
• Added suport for FileList indexed properties, i.e. fileList[i].
• Made select.options an instance of the newly-implemented HTMLOptionsCollection, instead of just a HTMLCollection.

This infrastructure will allow us to improve and implement many other similar behaviors; that work is being tracked in #​1129.

In addition to these improvements to the object model, we have more work to share:

• Added no-op APIs document.clear(), document.captureEvents(), document.releaseEvents(), window.external.AddSearchProvider(), and window.external.IsSearchProviderInstalled(). (Zirro)
• Added active checks to prevent reentrancy in TreeWalker and NodeIterator.
• Updated the interaction between a <textarea>'s value, defaultValue, and textContent per a recent spec change
• Fixed elements with id="undefined" shadowing the undefined property of the global object. (TimothyGu)
• Fixed matching in getElementsByClassName() to be ASCII case-insensitive, instead of using JavaScript's toLowerCase().
• Improved some behaviors around navigating to fragments. (ForbesLindesay)
• Improved XMLHttpRequest and FileReader behavior, mainly around event handlers, abort(), and network errors.
• Improved edge-case spec compliance of NodeIterator.

v11.1.0

Compare Source

• Added javascript: URL "navigation" via window.location, at least by evaluating the side effects. It still doesn't actually navigate anywhere. (ForbesLindesay)
• Updated whatwg-url to v6.1.0, bringing along origin serialization changes and URLSearchParams among various other fixes. (ForbesLindesay)
• Fixed javascript: URL loading for iframes to do proper percent-decoding and error reporting.
• Fixed corrupted XMLHttpRequest responses when they were over 1 MiB.
• Fixed timers to not start after a window is close()d, which could cause strange errors since most objects are unusable at that point. (Enverbalalic)

v11.0.0

Compare Source

Breaking changes:

• Custom parsers, via the parser option to the old API, can no longer be specified. They were never tested, often broken, and a maintenance burden. The defaults, of parse5 for HTML and sax for XML, now always apply.
• Due to a parse5 upgrade, the location info objects returned by dom.nodeLocation() or the old API's jsdom.nodeLocation() now have a different structure.
• Fixed how runScripts applies to event handler attributes; now they will no longer be converted into event handler functions unless runScripts: "dangerously" is set. However, event handler properties will now work with any runScripts option value, instead of being blocked.

Other changes:

• Overhauled how event handler properties and attributes work to follow the spec. In particular, this adds various oneventname properties to various prototypes, ensures the correct order when interleaving event handlers and other event listeners, and ensures that event handlers are evaluated with the correct values in scope.
• Upgraded parse5 from v1 to v3, bringing along several correctness improvements to HTML parsing. (Zirro)
• Updated Location properties to be on the instance, instead of the prototype, and to be non-configurable.
• Significantly improved the performance of HTMLCollection, and thus of parsing large documents. (Zirro)
• Significantly improved the performance of getComputedStyle() by removing unsupported selectors from the default style sheet. (flaviut)
• Fixed all web platform methods that accepted web platform objects to perform proper type checks on them, throwing a TypeError when given invalid values. (TimothyGu)
• Fixed the Symbol.toStringTag properties to be non-writable and non-enumerable. (TimothyGu)
• Fixed tokenList.remove() when the DOMTokenList corresponded to a non-existant attribute. (Zirro)
• Fixed fileReader.abort() to terminate ongoing reads properly.
• Fixed xhr.send() to support array buffer views, not just ArrayBuffers. (ondras)
• Fixed non-GET requests to data: URLs using XMLHttpRequest. (Zirro)
• Fixed form submission to no longer happen for disconnected forms.
• Fixed body event handler attributes to be treated like all others in terms of how they interact with runScripts.
• Many updates per recent spec changes: (Zirro)
  • Updated tokenList.replace() edge-case behavior.
  • Invalid qualified names now throw "InvalidCharacterError" DOMExceptions, instead of "NamespaceError" DOMExceptions.
  • Changed input.select() to no longer throw on types where selection does not apply.
  • Updated event.initEvent() and various related methods to have additional defaults.
  • Stopped lowercasing headers in XMLHttpRequest responses.
  • Started lowercasing headers in xhr.getAllResponseHeaders(), and separating the header values with a comma-space (not just a comma).
  • Allow a redirect after a CORS preflight when using XMLHttpRequest.
  • Tweaked username/password CORS treatment when using XMLHttpRequest.
  • Changed xhr.overrideMimeType() to no longer throw for invalid input.
  • Removed blob.close() and blob.isClosed().
• Removed some remaining not-per-spec toString() methods on various prototypes, which were made redundant in v10.1.0 but we forgot to remove.

v10.1.0

Compare Source

• Added the value sanitization algorithm for password, search, tel, text, color, email, and url input types. (Zirro)
• Added Symbol.toStringTag to all web platform classes, so that now Object.prototype.toString.call() works as expected on jsdom objects.
• Added the select.selectedOptions property.
• Removed the toString() methods on various prototypes that returned "[object ClassName]" in an attempt to fake the Symbol.toStringTag behavior.
• Changed XMLHttpRequest to pre-allocate a 1 MiB buffer, which it grows exponentially as needed, in order to avoid frequent buffer allocation and concatenation. (skygon)
• Fixed a variety of properties that were meant to always return the same object, to actually do so. (Zirro)
• Fixed inheritance of the runScripts and resources options into iframes.
• Fixed an uncaught exception that occurred if you called xhr.abort() during a readystatechange event.

v10.0.0

Compare Source

This release includes a complete overhaul of jsdom's API for creating and manipulating jsdoms. The new API is meant to be much more intuitive and have better defaults, with complete documentation in the newly-overhauled README. We hope you like it!

As discussed in the new README, the old API is still available and supported via require("jsdom/lib/old-api.js"), at least until we have ported all of its features over to the new API. It will, however, not be gaining any new features, and we suggest you try the new API unless you really need the customizable resource loading the old API provides.

Apart from the new API, the following changes were made, with breaking changes bolded:

• Removed support for Node.js v4 and v5, as we have started using new JavaScript features only supported in Node.js v6 onwards.
• Changed the omitJsdomErrors option to omitJSDOMErrors, for consistency with web platform APIs.
• Added document.dir. (Zirro)
• Updated the <a> and <area> APIs to the latest specification, and fixed a few bugs with them. (makana)
• Fixed <img> elements to no longer fire load events unless their image data is actually loaded (which generally only occurs when the canvas package is installed).
• Fixed XMLHttpRequest preflights to forward approved preflight headers to the actual request. (mbroadst)
• Fixed htmlElement.dir to properly restrict its values to "ltr", "rtl", or "auto". (Zirro)
• Fixed setting innerHTML to the empty string to no longer be a no-op. (Zirro)
• Fixed the origin-checking logic in window.postMessage(), so that now you don't always have to pass an origin of "*". (jmlopez-rod)
• Improved the xhr.open() error message when there are not enough arguments. (lencioni)

v9.12.0

Compare Source

• Added the Option named constructor. (NAlexPear)
• Added support for the canvas-prebuilt npm package as an alternative to canvas. (asturur)
• Fixed setTimeout() and setInterval() to always return a positive integer, instead of returning 0 the first time were called. (yefremov)
• Fixed jsdom.env() to preserve URL fragments across redirects. (josephfrazier)
• Fixed optionEl.text and optionEl.value to be more spec-compliant.
• Fixed event.stopImmediatePropagation() to actually stop immediate propagation, not just propagation.
• Fixed clearTimeout() and clearInterval() to work correctly when using jsdom browserified.

v9.11.0

Compare Source

• Added dummy properties offsetTop, offsetLeft, offsetWidth, and offsetHeight that always return 0, and offsetParent which always returns null, for all HTML elements. (yefremov)
• Fixed various edge cases in our type conversions applied to method arguments and setters throughout the web platform APIs implemented by jsdom.

v9.10.0

Compare Source

• Added forEach, keys, values, and entries methods to NodeList.
• Added event.cancelBubble.
• Added dummy properties scrollWidth, scrollHeight, clientTop, clientLeft, clientWidth, and clientHeight that always return 0 to all elements. (alistairjcbrown)
• Updated many aspects of Blob, File, and FileReader to better match the File API specification. (TimothyGu)
• Fixed the progress and readystatechange events fired by XMLHttpRequest to match recent specification changes and test updates.
• Fixed element.getClientRects() to return an empty array, instead of an array containing a dummy bounding box. (alistairjcbrown)
• Changed navigator.vendor to return "Apple Computer, Inc." instead of "Google Inc.", since we have chosen the WebKit navigator compatibility mode.

v9.9.1

Compare Source

• Removed the use of array.includes to fix a compatibility issue with Node.js v4.

v9.9.0

Compare Source

• Added CDATASection nodes, including document.createCDATASection. (snuggs)
• Added node.wholeText. (jdanyow)
• Added a setter for document.body.
• Added document.embeds, document.plugsin, and document.scripts. These were supposed to be added in 9.5.0 but were mistakenly omitted.
• Fixed element.insertAdjacentHTML to work when the element has null or the document as its parent node, as long as the insertion position is "afterbegin" or "beforeend".
• Fixed form submission to only hit the "not implemented" virtual console message when form submission is not canceled, instead of when it is.
• Fixed an issue where the event listener was not being correctly removed when using the { once: true } option to addEventListener. (i8-pi)
• Fixed an error that was thrown when using XHTMLHttpRequest and POSTing JSON contents to an endpoint that requires CORS while using an Authorization header. (dunnock)
• Fixed document.body and document.title to act more correctly in various edge cases.
• Fixed HTMLCollection named access to return the first element encountered, not the last.

v9.8.3

Compare Source

• Fixed syntax errors in Node.js v4.

v9.8.2

Compare Source

• Fixed DOMTokenList and getElementsByClassName to only split on ASCII whitespace, not all Unicode whitespace.

v9.8.1

Compare Source

• Fixed an error that occurred when passing no class names to getElementsByClassName, e.g. getElementsByClassName("") or getElementsByClassName(" ").

v9.8.0

Compare Source

• Added the blob.isClosed property. (TimothyGu)
• Fixed the file.lastModified property to be on File instead of on Blob. (TimothyGu)
• Fixed the file.lastModified property to default to the time of the File object's creation, not the time that the property is accessed. (TimothyGu)
• Fixed a minor edge-case regression where non-HTML elements with the name "iframe" became focusable in v9.7.0.

v9.7.1

Compare Source

• Fixed a performance regression introduced in 9.5.0 for modifying the DOM. It was particularly noticable during initial parsing of a document with many elements; for example, one test showed parsing ten thousand elements taking 36.4 seconds, whereas after this fix it is back to a more reasonable 0.4 seconds.

v9.7.0

Compare Source

• Added EventListenerOptions support to addEventListener and removeEventListener, including both the once and capture options. (GianlucaGuarini)
• Added document.hasFocus() (acusti)
• Fixed the focus management to ensure that focusing something inside an iframe will also focus the iframe itself. (acusti)

v9.6.0

Compare Source

• Added HTMLCollection.prototype[Symbol.iterator], so you can use for-of loops over HTMLCollections now. (i8-pi)
• Fixed file.lastModified to return the current time as the default, instead of 0.
• Fixed cloning of Attrs to properly clone the namespace prefix.
• Tweaked XMLHttpRequest progress event ordering slightly to better match the spec and browsers.
• Tweaked the behavior of calling event.stopPropagation and event.stopImmediatePropagation on already-dispatched events, per [the latest

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.