-
Notifications
You must be signed in to change notification settings - Fork 47.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes to attribute whitelist logic #10564
Changes from 2 commits
e10694a
711bafe
4c5dfbb
e086ff1
0410651
ab75d9a
6077e0b
6f913ed
aca8d9c
af7d035
9c0751f
f8da44e
b93e093
fbcced1
a270e03
ed92af0
5a339a1
0b2ba65
3f85316
76a6318
b29bb74
0a2aec4
501e86d
8d1f487
72666fa
cb687ed
1d61379
2b0f61a
1590c2a
cb883a6
32f6321
6d9c0e0
10e0c09
ba71ec1
dc760af
10950c4
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,6 +27,9 @@ var HTMLDOMPropertyConfig = { | |
// name warnings. | ||
Properties: { | ||
allowFullScreen: HAS_BOOLEAN_VALUE, | ||
// IE only true/false iFrame attribute | ||
// https://msdn.microsoft.com/en-us/library/ms533072(v=vs.85).aspx | ||
allowTransparency: HAS_BOOLEAN_VALUE, | ||
// specifies target context for links with `preload` type | ||
async: HAS_BOOLEAN_VALUE, | ||
// autoFocus is polyfilled/normalized by AutoFocusUtils | ||
|
@@ -35,11 +38,13 @@ var HTMLDOMPropertyConfig = { | |
capture: HAS_BOOLEAN_VALUE, | ||
checked: MUST_USE_PROPERTY | HAS_BOOLEAN_VALUE, | ||
cols: HAS_POSITIVE_NUMERIC_VALUE, | ||
contentEditable: HAS_BOOLEAN_VALUE, | ||
controls: HAS_BOOLEAN_VALUE, | ||
default: HAS_BOOLEAN_VALUE, | ||
defer: HAS_BOOLEAN_VALUE, | ||
disabled: HAS_BOOLEAN_VALUE, | ||
download: HAS_OVERLOADED_BOOLEAN_VALUE, | ||
draggable: HAS_BOOLEAN_VALUE, | ||
formNoValidate: HAS_BOOLEAN_VALUE, | ||
hidden: HAS_BOOLEAN_VALUE, | ||
loop: HAS_BOOLEAN_VALUE, | ||
|
@@ -62,6 +67,7 @@ var HTMLDOMPropertyConfig = { | |
start: HAS_NUMERIC_VALUE, | ||
// support for projecting regular DOM Elements via V1 named slots ( shadow dom ) | ||
span: HAS_POSITIVE_NUMERIC_VALUE, | ||
spellCheck: HAS_BOOLEAN_VALUE, | ||
// Style must be explicitly set in the attribute list. React components | ||
// expect a style object | ||
style: 0, | ||
|
@@ -76,21 +82,6 @@ var HTMLDOMPropertyConfig = { | |
httpEquiv: 0, | ||
// Attributes with mutation methods must be specified in the whitelist | ||
value: 0, | ||
// The following attributes expect boolean values. They must be in | ||
// the whitelist to allow boolean attribute assignment: | ||
autoComplete: 0, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Removed autoComplete. It is actually |
||
// IE only true/false iFrame attribute | ||
// https://msdn.microsoft.com/en-us/library/ms533072(v=vs.85).aspx | ||
allowTransparency: 0, | ||
contentEditable: 0, | ||
draggable: 0, | ||
spellCheck: 0, | ||
// autoCapitalize and autoCorrect are supported in Mobile Safari for | ||
// keyboard hints. | ||
autoCapitalize: 0, | ||
autoCorrect: 0, | ||
// autoSave allows WebKit/Blink to persist values of input fields on page reloads | ||
autoSave: 0, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same deal with There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Shouldn't we special case these so that they work? It's odd when the form There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Just for context, This default value appears to be an empty string, at least when I log out Hmm. It is frustrating that In the mean time, should we want to parse @aweary is this in line what what you were thinking for boolean attributes? Random fun aside: This is my first time using a footnote in a reply on Github. What a time to be alive. |
||
}, | ||
DOMAttributeNames: { | ||
acceptCharset: 'accept-charset', | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -11,6 +11,10 @@ | |
|
||
'use strict'; | ||
|
||
var DOMProperty = require('DOMProperty'); | ||
|
||
var HAS_BOOLEAN_VALUE = DOMProperty.injection.MUST_USE_PROPERTY; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Fixing this up shortly. |
||
|
||
var NS = { | ||
xlink: 'http://www.w3.org/1999/xlink', | ||
xml: 'http://www.w3.org/XML/1998/namespace', | ||
|
@@ -113,15 +117,16 @@ var ATTRS = [ | |
'xmlns:xlink', | ||
'xml:lang', | ||
'xml:space', | ||
// The following attributes expect boolean values. They must be in | ||
// the whitelist to allow boolean attribute assignment: | ||
'autoReverse', | ||
'externalResourcesRequired', | ||
'preserveAlpha', | ||
]; | ||
|
||
var SVGDOMPropertyConfig = { | ||
Properties: {}, | ||
Properties: { | ||
// The following attributes expect boolean values. They must be in | ||
// the whitelist to allow boolean attribute assignment: | ||
autoReverse: HAS_BOOLEAN_VALUE, | ||
externalResourcesRequired: HAS_BOOLEAN_VALUE, | ||
preserveAlpha: HAS_BOOLEAN_VALUE, | ||
}, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It is curious that these must be here. This is for correct casing? I wonder if we really need to down case attributes: There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This would be good follow-up work anyway. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Without this, they don't get set correctly (you can try in an HTML file). I don't know. Maybe not? |
||
DOMAttributeNamespaces: { | ||
xlinkActuate: NS.xlink, | ||
xlinkArcrole: NS.xlink, | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is adding
HAS_BOOLEAN_VALUE
always safe? It changes semantics (falsy get removed). Are any of these actuallytrue
by default?Should we keep using this flag or should we introduce a new one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, darn it. Yes. We need a new flag.