Fix persistedSignal localStorage test key collision#34
Merged
JosunLP merged 3 commits intodevelopmentfrom Jan 28, 2026
Merged
Conversation
Merged
Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Update release to version 1.3.0 with new features and improvements
Fix persistedSignal localStorage test key collision
Jan 28, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes a potential data collision issue in the persistedSignal function where a hard-coded localStorage test key could overwrite existing user data. The solution randomizes the test key to prevent collisions while maintaining the same functional behavior of testing localStorage availability.
Changes:
- Replaced static test key
"__bquery_test__"with randomized key pattern__bquery_test_<random>__to prevent overwriting user data - Added explanatory comment about the randomization purpose
- Updated test value string from
"__bquery_test__"to"__test__"for clarity
src/reactive/persisted.ts
Outdated
| const testKey = '__bquery_test__'; | ||
| const testValue = '__bquery_test__'; | ||
| // Use a randomized test key to avoid overwriting real user data | ||
| const testKey = `__bquery_test_${Math.random().toString(36).substr(2, 9)}__`; |
There was a problem hiding this comment.
The substr() method is deprecated. Consider using slice(2, 11) instead to match the pattern used in the existing uid() function at src/core/utils/misc.ts:19, which also generates random strings using Math.random().toString(36).slice(2, 9). Note that substr(2, 9) takes 9 characters starting from index 2, while slice(2, 11) achieves the same result (characters from index 2 to 11, exclusive).
Contributor
Author
There was a problem hiding this comment.
Applied the change. Replaced deprecated substr() with slice(2, 9) to match the pattern used in the uid() function. Commit: 050d241
Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com>
Collaborator
|
@copilot apply changes based on the comments in this thread |
Contributor
Author
I've already addressed the review comment in thread #3714092734 regarding the deprecated Could you clarify if there are additional comments in that review thread that need to be addressed? I can only see the one about |
JosunLP
added a commit
that referenced
this pull request
Jan 31, 2026
* Refactor motion module: Split functionality into separate files and enhance type definitions - Moved transition, flip, spring, stagger, timeline, keyframes, scroll, and reduced motion functionalities into their respective files for better organization and maintainability. - Introduced new types for better type safety and clarity across the motion module. - Added keyframe presets for common animations and scroll-triggered animation helpers. - Implemented a prefers-reduced-motion detection utility. - Enhanced tests to cover new functionalities and ensure robustness. * Füge Sicherheitsmodule hinzu: Modularisiere interne Logik, implementiere Trusted Types und verbessere die HTML-Sanitierung * - **Router**: Internals modularized into focused submodules with no public API changes. ### Fixed (Unreleased) - **Security**: `security/sanitize` now re-exports `generateNonce()` and `isTrustedTypesSupported()` for legacy deep imports. * Füge defineComponent-Funktion hinzu und modularisiere Komponentenlogik in Submodule * Füge linkedSignal-Funktion hinzu: Erstelle schreibbare berechnete Werte, die Getter und Setter verknüpfen * feat(store): implement devtools integration and refactor store structure - Add devtools integration for store management with functions to register, unregister, and notify state changes. - Refactor store module to separate concerns into distinct files: create-store, mapping, persisted, plugins, registry, types, utils, and watch. - Introduce mapping helpers for state, getters, and actions to simplify component integration. - Implement persistence functionality for stores using localStorage. - Add watch functionality to observe state changes with customizable options. - Enhance tests to cover new features including mapGetters and watchStore. * feat(view): implement directive handlers for dynamic binding - Add handleStyle directive for dynamic style binding in style.ts - Add handleText directive for setting text content in text.ts - Create evaluate function for expression evaluation in evaluate.ts - Refactor view module by moving mount and template creation logic to mount.ts - Introduce processElement and processChildren functions for directive processing in process.ts - Define types for binding context, mount options, and directive handlers in types.ts - Update index.ts to export new module structure and types * feat(core): add attribute helpers and collection DOM manipulation methods * feat(core): modularize utility functions into focused helper modules * feat(component): sanitize markup in defineComponent to enhance security * feat(security): sanitize component render markup for Shadow DOM consistency fix(docs): correct event section heading in Core API guide for BQueryElement * feat(release): bump version to 1.3.0 and update changelog * feat(docs): update module sizes in README and add module overview in getting started guide * feat(security): enhance mXSS detection in sanitizeHtmlCore by verifying stability through double-parsing * Potential fix for code scanning alert no. 9: DOM text reinterpreted as HTML Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Fix PR review issues: duplicate keys, cleanup leaks, export conflicts, and SSR safety (#17) * Initial plan * fix: address PR review comments - duplicate keys, cleanup, exports, unwrap, caching, routing, SSR, directives, and test Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * fix: improve duplicate key warning message to be more accurate Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * test: add coverage for PR fixes - unwrap siblings, defineStore caching, ref cleanup, duplicate keys Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * test: improve duplicate key test with try-finally and reduce duplication Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * docs: clarify unwrap() behavior for all children vs collection-only elements Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Update src/router/router.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update src/core/index.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: Jonas Pfalzgraf <info@josunlp.de> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * feat(security): implement safe HTML parsing with DOMParser and enhance mXSS detection * Potential fix for code scanning alert no. 12: DOM text reinterpreted as HTML Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Fix security, type safety, and API surface issues from PR #16 review (#18) * Initial plan * fix: address PR review comments - router guards, motion kebab-case, component styles, utils exports, docs Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * feat(security): enhance HTML parsing with input normalization and early return for plain text * feat(security): implement dedicated HTML parsing helper to enhance safety and clarity * Fix router cancellation, component example, and ref directive expression handling (#19) * Initial plan * fix(router): restore full URL with query/hash and use replaceState on cancelled navigation Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * docs(component): update example to use addEventListener instead of inline onclick Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * fix(view): use rawValue for object refs in bq-ref directive to support expressions Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * test: add coverage for nested bq-ref expressions and router query/hash restoration on cancelled navigation Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * fix(component): use event delegation in example to survive re-renders; test: add search/hash assertions Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * docs(component): add disconnected hook to example for proper event listener cleanup Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix router compatibility, isDev default, style cleanup, and changelog format (#20) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix hash routing bugs and add comprehensive test coverage (#21) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix router base path handling, bq-if DOM stability, and CHANGELOG consistency (#22) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Add JsDelivr badge to README (#23) * Fix defineComponent tests, store reactivity leak, view directive signal handling, and hash-routing interception (#24) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix async handling, type safety, environment guards, and add test coverage from PR #16 review (#25) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix DOM order reversal, stale dependency tracking, localStorage SafariError, and reactive bq-for updates (#26) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix view template root validation, store optimizations, and utils API cleanup (#27) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Jonas Pfalzgraf <info@josunlp.de> * Fix bq-show display restoration and timeline.seek() time calculation (#28) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix router base path duplication and add SSR guards for Element checks (#29) * Initial plan * Fix router base path duplication and add SSR guards for Element checks Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix SSR safety for interceptLinks default parameter and null router handling Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Address PR review comments: add window guard, fix base="/" edge case, clarify error comments, and add test coverage Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix window guard short-circuit and remove trailing whitespace Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix interceptLinks() browser behavior and createTemplate() validation (#30) * Initial plan * Fix interceptLinks() to respect browser behaviors and improve createTemplate() validation - Add guards for standard browser behaviors in interceptLinks(): * Only intercept left-clicks (button 0) * Respect Ctrl/Cmd/Shift/Alt modifier keys for new tabs * Skip already-prevented events * Check for MouseEvent type - Add proper validation in createTemplate() to ensure exactly one root element - Note: Did not change beforebegin reversal behavior as current implementation is correct Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Simplify createTemplate validation logic Remove redundant check - since we already verified el exists, we only need to check for multiple roots Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Improve comment clarity in createTemplate validation Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Improve comment accuracy in validation and event handling Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Simplify comment for better clarity Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Add test coverage for browser behavior guards and template validation - Add tests for interceptLinks() modifier key guards (Ctrl, Cmd, Shift, Alt) - Add tests for interceptLinks() button checks (middle-click, right-click) - Add test for interceptLinks() defaultPrevented check - Add tests for createTemplate() multiple root element validation - Add test for createTemplate() with whitespace handling - All 422 tests pass Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix bq-class bracket detection, once() failure caching, mount bq-for validation, and component pre-mount renders (#31) * Initial plan * Fix bq-class array detection, once() failure handling, mount bq-for guard, and component pre-mount renders Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Add test coverage for once(), bq-class bracket access, mount bq-for validation, and component hasMounted Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix trailing whitespace in view tests Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Enhance prop coercion error handling, add Web Animations API check in timeline, and improve watch options with immediate and custom equality support * Refactor tests to improve error message handling and update bq-class syntax; remove redundant bq-for test case * Add GitHub Actions workflow for testing with Bun * Potential fix for code scanning alert no. 16: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Refactor import statements for consistency, enhance untrack functionality to prevent dependency tracking for computed values, and add related tests * Refactor imports for consistency, enhance Actions type to include getters, and clean up whitespace in various files * Update warning message in bq-for tests to reflect index-based key fallback * Implement lazy context proxy for signal unwrapping in evaluate function * Format YAML and TypeScript files for consistency and readability * Add early completion for flip animation on zero dimensions or no change * Optimize evaluation functions by implementing caching for compiled expressions * Füge Typdefinitionen für die Sicherheitsfunktionen hinzu und optimiere die Typumwandlung in der Prop-Koerzierungsfunktion * Optimiere den Cache für evaluateRaw-Funktionen und verbessere die Schlüsselgenerierung * Update README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Verbessere die Handhabung von Funktionsreferenzen in der bq-on:event-Direktive und optimiere die Cache-Logik in defineStore * Verbessere die Typisierung und Validierung in der generateNonce-Funktion, füge Chunking für die String-Erstellung hinzu; aktualisiere die truncate-Dokumentation und verbessere die Proxy-Implementierung in createLazyContext * Füge eine LRU-Cache-Implementierung für die Auswertung von Ausdrücken hinzu und verbessere die Cache-Verwaltung; implementiere Tests für die Cache-Leerung * Verbessere die Handhabung von Leerzeichen in der class-Direktive und aktualisiere die Bun-Version in der CI-Konfiguration * Aktualisiere die Bun-Version auf 1.3.7 in den CI-Konfigurationen und verbessere die Fehlerbehandlung beim Erstellen der Trusted Types-Policy. * Verbessere die Handhabung der erforderlichen Eigenschaften im defineComponent und führe eine verzögerte Initialisierung des Mounts durch; aktualisiere die Typdefinitionen für die merge-Funktion zur Unterstützung von bis zu 5 Quellen. * Füge Fallback für SSR/non-DOM-Umgebungen in der transition-Funktion hinzu und verbessere die Handhabung von localStorage in den Tests. * Fix bq-style whitespace handling and spring variable frame rate (#32) * Initial plan * Fix bq-style whitespace handling and spring variable frame rate Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Improve documentation for spring variable frame rate timing Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Add test for bq-style directive with leading whitespace Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix bq-on method reference context loss and remove style attribute from security defaults (#33) * Initial plan * Fix bq-on method reference docs and remove style from default allowed attributes Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix persistedSignal localStorage test key collision (#34) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix bq-class directive stale class cleanup for object syntax (#35) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Jonas Pfalzgraf <info@josunlp.de> * Fix timeline() to account for animation iterations in duration calculations (#36) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix createTemplate to reject templates with bq-if directive on the root element * Fix test job permissions in GitHub Actions workflow * Fix timeline to conditionally apply final keyframe styles based on commitStyles flag * Fix createRouter to correctly handle base path matching for navigation * 🔀 Update CHANGELOG.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Fix handleShow to ensure cross-document compatibility for computed display values * Enhance prop coercion by adding explicit control for constructor invocation in PropDefinition * Update devDependencies to latest versions for improved compatibility * chore: update dependencies in package.json and improve test readability - Updated eslint-config-prettier from ^9.1.2 to ^10.1.8 - Updated globals from ^15.15.0 to ^17.2.0 - Updated rimraf from ^5.0.10 to ^6.1.2 - Updated typedoc from ^0.25.13 to ^0.28.16 - Updated vite from ^5.4.21 to ^7.3.1 - Cleaned up whitespace in view.test.ts for better readability * refactor: simplify logic for ordering elements in insertContent function * refactor: enhance type handling in handleRef for improved clarity and safety * refactor: clarify logic for reversing element order in insertContent function * docs: update documentation for new features and improvements across modules --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
JosunLP
added a commit
that referenced
this pull request
Feb 10, 2026
* Refactor motion module: Split functionality into separate files and enhance type definitions - Moved transition, flip, spring, stagger, timeline, keyframes, scroll, and reduced motion functionalities into their respective files for better organization and maintainability. - Introduced new types for better type safety and clarity across the motion module. - Added keyframe presets for common animations and scroll-triggered animation helpers. - Implemented a prefers-reduced-motion detection utility. - Enhanced tests to cover new functionalities and ensure robustness. * Füge Sicherheitsmodule hinzu: Modularisiere interne Logik, implementiere Trusted Types und verbessere die HTML-Sanitierung * - **Router**: Internals modularized into focused submodules with no public API changes. ### Fixed (Unreleased) - **Security**: `security/sanitize` now re-exports `generateNonce()` and `isTrustedTypesSupported()` for legacy deep imports. * Füge defineComponent-Funktion hinzu und modularisiere Komponentenlogik in Submodule * Füge linkedSignal-Funktion hinzu: Erstelle schreibbare berechnete Werte, die Getter und Setter verknüpfen * feat(store): implement devtools integration and refactor store structure - Add devtools integration for store management with functions to register, unregister, and notify state changes. - Refactor store module to separate concerns into distinct files: create-store, mapping, persisted, plugins, registry, types, utils, and watch. - Introduce mapping helpers for state, getters, and actions to simplify component integration. - Implement persistence functionality for stores using localStorage. - Add watch functionality to observe state changes with customizable options. - Enhance tests to cover new features including mapGetters and watchStore. * feat(view): implement directive handlers for dynamic binding - Add handleStyle directive for dynamic style binding in style.ts - Add handleText directive for setting text content in text.ts - Create evaluate function for expression evaluation in evaluate.ts - Refactor view module by moving mount and template creation logic to mount.ts - Introduce processElement and processChildren functions for directive processing in process.ts - Define types for binding context, mount options, and directive handlers in types.ts - Update index.ts to export new module structure and types * feat(core): add attribute helpers and collection DOM manipulation methods * feat(core): modularize utility functions into focused helper modules * feat(component): sanitize markup in defineComponent to enhance security * feat(security): sanitize component render markup for Shadow DOM consistency fix(docs): correct event section heading in Core API guide for BQueryElement * feat(release): bump version to 1.3.0 and update changelog * feat(docs): update module sizes in README and add module overview in getting started guide * feat(security): enhance mXSS detection in sanitizeHtmlCore by verifying stability through double-parsing * Potential fix for code scanning alert no. 9: DOM text reinterpreted as HTML Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Fix PR review issues: duplicate keys, cleanup leaks, export conflicts, and SSR safety (#17) * Initial plan * fix: address PR review comments - duplicate keys, cleanup, exports, unwrap, caching, routing, SSR, directives, and test Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * fix: improve duplicate key warning message to be more accurate Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * test: add coverage for PR fixes - unwrap siblings, defineStore caching, ref cleanup, duplicate keys Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * test: improve duplicate key test with try-finally and reduce duplication Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * docs: clarify unwrap() behavior for all children vs collection-only elements Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Update src/router/router.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update src/core/index.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: Jonas Pfalzgraf <info@josunlp.de> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * feat(security): implement safe HTML parsing with DOMParser and enhance mXSS detection * Potential fix for code scanning alert no. 12: DOM text reinterpreted as HTML Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Fix security, type safety, and API surface issues from PR #16 review (#18) * Initial plan * fix: address PR review comments - router guards, motion kebab-case, component styles, utils exports, docs Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * feat(security): enhance HTML parsing with input normalization and early return for plain text * feat(security): implement dedicated HTML parsing helper to enhance safety and clarity * Fix router cancellation, component example, and ref directive expression handling (#19) * Initial plan * fix(router): restore full URL with query/hash and use replaceState on cancelled navigation Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * docs(component): update example to use addEventListener instead of inline onclick Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * fix(view): use rawValue for object refs in bq-ref directive to support expressions Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * test: add coverage for nested bq-ref expressions and router query/hash restoration on cancelled navigation Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * fix(component): use event delegation in example to survive re-renders; test: add search/hash assertions Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * docs(component): add disconnected hook to example for proper event listener cleanup Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix router compatibility, isDev default, style cleanup, and changelog format (#20) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix hash routing bugs and add comprehensive test coverage (#21) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix router base path handling, bq-if DOM stability, and CHANGELOG consistency (#22) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Add JsDelivr badge to README (#23) * Fix defineComponent tests, store reactivity leak, view directive signal handling, and hash-routing interception (#24) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix async handling, type safety, environment guards, and add test coverage from PR #16 review (#25) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix DOM order reversal, stale dependency tracking, localStorage SafariError, and reactive bq-for updates (#26) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix view template root validation, store optimizations, and utils API cleanup (#27) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Jonas Pfalzgraf <info@josunlp.de> * Fix bq-show display restoration and timeline.seek() time calculation (#28) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix router base path duplication and add SSR guards for Element checks (#29) * Initial plan * Fix router base path duplication and add SSR guards for Element checks Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix SSR safety for interceptLinks default parameter and null router handling Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Address PR review comments: add window guard, fix base="/" edge case, clarify error comments, and add test coverage Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix window guard short-circuit and remove trailing whitespace Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix interceptLinks() browser behavior and createTemplate() validation (#30) * Initial plan * Fix interceptLinks() to respect browser behaviors and improve createTemplate() validation - Add guards for standard browser behaviors in interceptLinks(): * Only intercept left-clicks (button 0) * Respect Ctrl/Cmd/Shift/Alt modifier keys for new tabs * Skip already-prevented events * Check for MouseEvent type - Add proper validation in createTemplate() to ensure exactly one root element - Note: Did not change beforebegin reversal behavior as current implementation is correct Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Simplify createTemplate validation logic Remove redundant check - since we already verified el exists, we only need to check for multiple roots Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Improve comment clarity in createTemplate validation Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Improve comment accuracy in validation and event handling Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Simplify comment for better clarity Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Add test coverage for browser behavior guards and template validation - Add tests for interceptLinks() modifier key guards (Ctrl, Cmd, Shift, Alt) - Add tests for interceptLinks() button checks (middle-click, right-click) - Add test for interceptLinks() defaultPrevented check - Add tests for createTemplate() multiple root element validation - Add test for createTemplate() with whitespace handling - All 422 tests pass Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix bq-class bracket detection, once() failure caching, mount bq-for validation, and component pre-mount renders (#31) * Initial plan * Fix bq-class array detection, once() failure handling, mount bq-for guard, and component pre-mount renders Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Add test coverage for once(), bq-class bracket access, mount bq-for validation, and component hasMounted Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix trailing whitespace in view tests Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Enhance prop coercion error handling, add Web Animations API check in timeline, and improve watch options with immediate and custom equality support * Refactor tests to improve error message handling and update bq-class syntax; remove redundant bq-for test case * Add GitHub Actions workflow for testing with Bun * Potential fix for code scanning alert no. 16: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Refactor import statements for consistency, enhance untrack functionality to prevent dependency tracking for computed values, and add related tests * Refactor imports for consistency, enhance Actions type to include getters, and clean up whitespace in various files * Update warning message in bq-for tests to reflect index-based key fallback * Implement lazy context proxy for signal unwrapping in evaluate function * Format YAML and TypeScript files for consistency and readability * Add early completion for flip animation on zero dimensions or no change * Optimize evaluation functions by implementing caching for compiled expressions * Füge Typdefinitionen für die Sicherheitsfunktionen hinzu und optimiere die Typumwandlung in der Prop-Koerzierungsfunktion * Optimiere den Cache für evaluateRaw-Funktionen und verbessere die Schlüsselgenerierung * Update README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Verbessere die Handhabung von Funktionsreferenzen in der bq-on:event-Direktive und optimiere die Cache-Logik in defineStore * Verbessere die Typisierung und Validierung in der generateNonce-Funktion, füge Chunking für die String-Erstellung hinzu; aktualisiere die truncate-Dokumentation und verbessere die Proxy-Implementierung in createLazyContext * Füge eine LRU-Cache-Implementierung für die Auswertung von Ausdrücken hinzu und verbessere die Cache-Verwaltung; implementiere Tests für die Cache-Leerung * Verbessere die Handhabung von Leerzeichen in der class-Direktive und aktualisiere die Bun-Version in der CI-Konfiguration * Aktualisiere die Bun-Version auf 1.3.7 in den CI-Konfigurationen und verbessere die Fehlerbehandlung beim Erstellen der Trusted Types-Policy. * Verbessere die Handhabung der erforderlichen Eigenschaften im defineComponent und führe eine verzögerte Initialisierung des Mounts durch; aktualisiere die Typdefinitionen für die merge-Funktion zur Unterstützung von bis zu 5 Quellen. * Füge Fallback für SSR/non-DOM-Umgebungen in der transition-Funktion hinzu und verbessere die Handhabung von localStorage in den Tests. * Fix bq-style whitespace handling and spring variable frame rate (#32) * Initial plan * Fix bq-style whitespace handling and spring variable frame rate Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Improve documentation for spring variable frame rate timing Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Add test for bq-style directive with leading whitespace Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix bq-on method reference context loss and remove style attribute from security defaults (#33) * Initial plan * Fix bq-on method reference docs and remove style from default allowed attributes Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Fix persistedSignal localStorage test key collision (#34) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix bq-class directive stale class cleanup for object syntax (#35) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Jonas Pfalzgraf <info@josunlp.de> * Fix timeline() to account for animation iterations in duration calculations (#36) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix createTemplate to reject templates with bq-if directive on the root element * Fix test job permissions in GitHub Actions workflow * Fix timeline to conditionally apply final keyframe styles based on commitStyles flag * Fix createRouter to correctly handle base path matching for navigation * 🔀 Update CHANGELOG.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Fix handleShow to ensure cross-document compatibility for computed display values * Enhance prop coercion by adding explicit control for constructor invocation in PropDefinition * Update devDependencies to latest versions for improved compatibility * chore: update dependencies in package.json and improve test readability - Updated eslint-config-prettier from ^9.1.2 to ^10.1.8 - Updated globals from ^15.15.0 to ^17.2.0 - Updated rimraf from ^5.0.10 to ^6.1.2 - Updated typedoc from ^0.25.13 to ^0.28.16 - Updated vite from ^5.4.21 to ^7.3.1 - Cleaned up whitespace in view.test.ts for better readability * refactor: simplify logic for ordering elements in insertContent function * refactor: enhance type handling in handleRef for improved clarity and safety * refactor: clarify logic for reversing element order in insertContent function * docs: update documentation for new features and improvements across modules * fix: Reactive robustness, security hardening, storage compat, expression parsing (#37) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Jonas Pfalzgraf <info@josunlp.de> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * Fix css() getter, add Signal.dispose(), debounce/throttle cancel, collection.find(), element.is() (#39) * Initial plan * fix: css() getter, add Signal.dispose(), effect error handling, debounce/throttle cancel, is(), find() - Fix BQueryElement.css() to return computed style when used as getter - Fix BQueryCollection.css() to return computed style from first element - Add error handling in effect() to catch errors without breaking reactive graph - Add Signal.dispose() method to clear all subscribers - Add cancel() method to debounce() and throttle() return values - Add BQueryElement.is() as jQuery-compatible alias for matches() - Add BQueryCollection.find() for descendant querying - Add getComputedStyle to test setup for happy-dom - Add comprehensive tests for all changes Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * perf: use Set for deduplication in BQueryCollection.find() Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * refactor: address review feedback - delegate is() to matches(), use ownerDocument.defaultView for getComputedStyle, update css() JSDoc - is() now delegates to this.matches() instead of duplicating the implementation - css() getter uses ownerDocument.defaultView?.getComputedStyle() for cross-document/SSR safety - Updated css() JSDoc @returns to describe getter/setter return types - Same fix applied to BQueryCollection.css() getter Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * fix: properly type debounced/throttled via Object.assign, add getComputedStyle guard in collection.css() - Use Object.assign to create DebouncedFn/ThrottledFn with proper typing - Add typeof getComputedStyle check in BQueryCollection.css() getter for SSR safety Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * docs: add css() getter example to JSDoc, strengthen effect error test - Add getter usage example to BQueryElement.css() JSDoc - Verify effect continues working after catching an error Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * fix: use strict undefined check for debounce timeoutId instead of truthiness Handles edge case where setTimeout could return 0 in browser environments. Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * fix: implement removeDependency to prevent stale references on signal disposal * fix: update css() method signatures for better type safety * fix: update css() method signatures for improved type handling --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * chore: update dependencies and version, improve code readability in evaluate.ts and security tests * fix: update funding model comments for clarity and consistency * feat: add Cline and Cursor rules, enhance Copilot instructions, and update AGENT.md for AI agent support feat: implement new features in core API including css() getter, is() method, find() method, and debounce/throttle enhancements fix: improve reactive system error handling and add Signal.dispose() method fix: enhance security validations for srcset and form action attributes docs: update README.md and API documentation with new features and usage examples chore: add llms.txt for LLM optimization and project summary * fix: update security rule to reference correct sanitize module path * fix: add optional chaining to prevent errors when accessing defaultView fix: reset timeoutId in debounce function to avoid unintended behavior * fix: clarify srcset validation behavior in documentation and examples * Update tests/view.test.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
JosunLP
added a commit
that referenced
this pull request
Mar 12, 2026
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Jonas Pfalzgraf <info@josunlp.de> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Fix PR review issues: duplicate keys, cleanup leaks, export conflicts, and SSR safety (#17) Fix security, type safety, and API surface issues from PR #16 review (#18) Fix router cancellation, component example, and ref directive expression handling (#19) Fix router compatibility, isDev default, style cleanup, and changelog format (#20) Fix hash routing bugs and add comprehensive test coverage (#21) Fix router base path handling, bq-if DOM stability, and CHANGELOG consistency (#22) Fix defineComponent tests, store reactivity leak, view directive signal handling, and hash-routing interception (#24) Fix async handling, type safety, environment guards, and add test coverage from PR #16 review (#25) Fix DOM order reversal, stale dependency tracking, localStorage SafariError, and reactive bq-for updates (#26) Fix view template root validation, store optimizations, and utils API cleanup (#27) Fix bq-show display restoration and timeline.seek() time calculation (#28) Fix router base path duplication and add SSR guards for Element checks (#29) Fix interceptLinks() browser behavior and createTemplate() validation (#30) Fix bq-class bracket detection, once() failure caching, mount bq-for validation, and component pre-mount renders (#31) Fix bq-style whitespace handling and spring variable frame rate (#32) Fix bq-on method reference context loss and remove style attribute from security defaults (#33) Fix persistedSignal localStorage test key collision (#34) Fix bq-class directive stale class cleanup for object syntax (#35) Fix timeline() to account for animation iterations in duration calculations (#36) fix: Reactive robustness, security hardening, storage compat, expression parsing (#37) Fix css() getter, add Signal.dispose(), debounce/throttle cancel, collection.find(), element.is() (#39) fix(ci): align ESLint workflow with repo CI conventions (#47) fix: repair corrupted bun.lock breaking CI frozen-lockfile installs (#48) Fix ESLint workflow failure caused by SARIF formatter runtime mismatch (#50)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The
persistedSignalfunction uses a hard-coded test key ("__bquery_test__") to verify localStorage availability, which can overwrite existing user data.Changes:
Math.random().toString(36).slice(2, 9)to prevent collisions with real data__bquery_test_<random>__instead of static__bquery_test__slice()instead of deprecatedsubstr()method for consistency with existinguid()functionThis ensures the localStorage check never interferes with user data while maintaining the same functional behavior.
💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.