Merged
Conversation
…nhance type definitions - Moved transition, flip, spring, stagger, timeline, keyframes, scroll, and reduced motion functionalities into their respective files for better organization and maintainability. - Introduced new types for better type safety and clarity across the motion module. - Added keyframe presets for common animations and scroll-triggered animation helpers. - Implemented a prefers-reduced-motion detection utility. - Enhanced tests to cover new functionalities and ensure robustness.
…ere Trusted Types und verbessere die HTML-Sanitierung
…ublic API changes. ### Fixed (Unreleased) - **Security**: `security/sanitize` now re-exports `generateNonce()` and `isTrustedTypesSupported()` for legacy deep imports.
…te, die Getter und Setter verknüpfen
- Add devtools integration for store management with functions to register, unregister, and notify state changes. - Refactor store module to separate concerns into distinct files: create-store, mapping, persisted, plugins, registry, types, utils, and watch. - Introduce mapping helpers for state, getters, and actions to simplify component integration. - Implement persistence functionality for stores using localStorage. - Add watch functionality to observe state changes with customizable options. - Enhance tests to cover new features including mapGetters and watchStore.
- Add handleStyle directive for dynamic style binding in style.ts - Add handleText directive for setting text content in text.ts - Create evaluate function for expression evaluation in evaluate.ts - Refactor view module by moving mount and template creation logic to mount.ts - Introduce processElement and processChildren functions for directive processing in process.ts - Define types for binding context, mount options, and directive handlers in types.ts - Update index.ts to export new module structure and types
…stency fix(docs): correct event section heading in Core API guide for BQueryElement
…getting started guide
…ng stability through double-parsing
…s HTML Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…, and SSR safety (#17) * Initial plan * fix: address PR review comments - duplicate keys, cleanup, exports, unwrap, caching, routing, SSR, directives, and test Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * fix: improve duplicate key warning message to be more accurate Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * test: add coverage for PR fixes - unwrap siblings, defineStore caching, ref cleanup, duplicate keys Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * test: improve duplicate key test with try-finally and reduce duplication Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * docs: clarify unwrap() behavior for all children vs collection-only elements Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * Update src/router/router.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update src/core/index.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: Jonas Pfalzgraf <info@josunlp.de> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…as HTML Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…18) * Initial plan * fix: address PR review comments - router guards, motion kebab-case, component styles, utils exports, docs Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com>
…ly return for plain text
…ion handling (#19) * Initial plan * fix(router): restore full URL with query/hash and use replaceState on cancelled navigation Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * docs(component): update example to use addEventListener instead of inline onclick Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * fix(view): use rawValue for object refs in bq-ref directive to support expressions Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * test: add coverage for nested bq-ref expressions and router query/hash restoration on cancelled navigation Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * fix(component): use event delegation in example to survive re-renders; test: add search/hash assertions Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * docs(component): add disconnected hook to example for proper event listener cleanup Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com>
… format (#20) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
…sistency (#22) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
…al handling, and hash-routing interception (#24) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
…iError, and reactive bq-for updates (#26) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
… cleanup (#27) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Jonas Pfalzgraf <info@josunlp.de>
…ion parsing (#37) Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Jonas Pfalzgraf <info@josunlp.de> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
…lection.find(), element.is() (#39) * Initial plan * fix: css() getter, add Signal.dispose(), effect error handling, debounce/throttle cancel, is(), find() - Fix BQueryElement.css() to return computed style when used as getter - Fix BQueryCollection.css() to return computed style from first element - Add error handling in effect() to catch errors without breaking reactive graph - Add Signal.dispose() method to clear all subscribers - Add cancel() method to debounce() and throttle() return values - Add BQueryElement.is() as jQuery-compatible alias for matches() - Add BQueryCollection.find() for descendant querying - Add getComputedStyle to test setup for happy-dom - Add comprehensive tests for all changes Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * perf: use Set for deduplication in BQueryCollection.find() Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * refactor: address review feedback - delegate is() to matches(), use ownerDocument.defaultView for getComputedStyle, update css() JSDoc - is() now delegates to this.matches() instead of duplicating the implementation - css() getter uses ownerDocument.defaultView?.getComputedStyle() for cross-document/SSR safety - Updated css() JSDoc @returns to describe getter/setter return types - Same fix applied to BQueryCollection.css() getter Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * fix: properly type debounced/throttled via Object.assign, add getComputedStyle guard in collection.css() - Use Object.assign to create DebouncedFn/ThrottledFn with proper typing - Add typeof getComputedStyle check in BQueryCollection.css() getter for SSR safety Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * docs: add css() getter example to JSDoc, strengthen effect error test - Add getter usage example to BQueryElement.css() JSDoc - Verify effect continues working after catching an error Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * fix: use strict undefined check for debounce timeoutId instead of truthiness Handles edge case where setTimeout could return 0 in browser environments. Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com> * fix: implement removeDependency to prevent stale references on signal disposal * fix: update css() method signatures for better type safety * fix: update css() method signatures for improved type handling --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JosunLP <20913954+JosunLP@users.noreply.github.com>
…valuate.ts and security tests
…pdate AGENT.md for AI agent support feat: implement new features in core API including css() getter, is() method, find() method, and debounce/throttle enhancements fix: improve reactive system error handling and add Signal.dispose() method fix: enhance security validations for srcset and form action attributes docs: update README.md and API documentation with new features and usage examples chore: add llms.txt for LLM optimization and project summary
Contributor
There was a problem hiding this comment.
Pull request overview
This PR prepares the bQuery.js 1.4.0 release by adding new core/reactive/security capabilities, expanding tests accordingly, and updating project documentation/metadata so contributors (and AI tools) have up-to-date guidance.
Changes:
- Adds new Core APIs (
css()getter overloads,is(),BQueryCollection.find()), plus cancellabledebounce()/throttle()with exported types. - Hardens Reactive + Security behavior (effect/batch error containment,
Signal.dispose(),srcsetper-URL validation,form[action]URL validation) and adds regression tests. - Updates release/docs/project metadata (changelog, README/docs/agent guidance, funding, version bumps, lockfile updates).
Reviewed changes
Copilot reviewed 29 out of 30 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tests/view.test.ts | Adds focused unit tests for parseObjectExpression edge cases. |
| tests/utils.test.ts | Adds tests for debounce.cancel() / throttle.cancel(). |
| tests/signal.test.ts | Adds tests for effect cleanup/error handling, batch flush robustness, endBatch underflow, and Signal.dispose(). |
| tests/setup.ts | Registers getComputedStyle in the happy-dom test environment for CSS getter tests. |
| tests/security.test.ts | Adds coverage for srcset per-entry URL validation and form[action] URL validation. |
| tests/platform.test.ts | Adds coverage ensuring WebStorageAdapter.keys() returns stored keys correctly. |
| tests/core.test.ts | Adds tests for css() getter overloads, is(), and BQueryCollection.find(). |
| src/view/evaluate.ts | Fixes parseObjectExpression string parsing for backslash-escaped quote edge cases. |
| src/security/sanitize-core.ts | Adds srcset per-URL validation and validates action as a URL attribute. |
| src/reactive/internals.ts | Makes batch flushing resilient to observer errors and prevents endBatch() underflow; adds removeDependency(). |
| src/reactive/effect.ts | Catches/logs effect body + cleanup errors so the reactive graph keeps running. |
| src/reactive/core.ts | Adds Signal.dispose() to remove subscribers and clean up observer dependency references. |
| src/platform/storage.ts | Makes keys() spec-compliant by iterating via Storage.key(index). |
| src/core/utils/function.ts | Extends debounce/throttle to return cancellable functions and exports DebouncedFn/ThrottledFn types. |
| src/core/index.ts | Re-exports the new debounced/throttled function types. |
| src/core/element.ts | Implements css() getter overload + adds is() alias for matches(). |
| src/core/collection.ts | Implements css() getter overload + adds find() with deduplication. |
| package.json | Bumps version to 1.4.0 and updates dev dependency versions. |
| bun.lock | Updates lockfile to match dependency bumps. |
| llms.txt | Adds LLM-optimized project overview for 1.4.0. |
| docs/guide/security.md | Documents srcset per-URL validation and form[action] validation behavior. |
| docs/guide/reactive.md | Documents Signal.dispose() and effect error containment behavior. |
| docs/guide/api-core.md | Documents new Core APIs (css getter overloads, is, find, cancellable debounce/throttle). |
| README.md | Adds usage examples for new Core/Reactive/Security behaviors and AI agent support links. |
| CHANGELOG.md | Adds 1.4.0 release notes and TOC entries. |
| AGENT.md | Adds comprehensive AI agent guide + updated architecture/module reference. |
| .github/copilot-instructions.md | Expands Copilot context with new modules, commands, and examples. |
| .github/FUNDING.yml | Adds GitHub Sponsors / Ko-fi funding metadata. |
| .cursorrules | Adds Cursor rules and project constraints (needs a small correction). |
| .clinerules | Adds Cline rules and project constraints. |
fix: reset timeoutId in debounce function to avoid unintended behavior
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request adds comprehensive documentation and project metadata for the bQuery.js library, focusing on development rules, architecture, usage examples, and funding information. The changes ensure that contributors and AI tools have clear, up-to-date guidance on project structure, coding standards, and available modules.
Documentation and Development Guidelines:
Added
.clinerulesand.cursorrulesfiles that define strict coding standards, security requirements (notably mandatory use ofsanitizeHtml()for DOM writes), TypeScript conventions, testing patterns, and file structure for bQuery.js. These files also provide quick reference tables for core APIs and signals. [1] [2]Significantly expanded
.github/copilot-instructions.md:router,store, andview) and their responsibilities.Project Metadata:
.github/FUNDING.ymlto specify supported funding platforms (GitHub Sponsors, Ko-fi) for project sponsorship and sustainability.Added (1.4.0)
css()onBQueryElementandBQueryCollectionnow acts as a getter when called with a single property name, returning the computed style value viagetComputedStyle(). TypeScript overload signatures distinguish getter (string) from setter (this).is(selector)method onBQueryElementas a jQuery-style alias formatches().find(selector)method onBQueryCollectionto query descendant elements matching a CSS selector across all elements, with automatic deduplication viaSet.debounce()andthrottle()now return enhanced functions with a.cancel()method —debounce.cancel()clears the pending timeout,throttle.cancel()resets the throttle timer allowing immediate re-execution.DebouncedFn<TArgs>andThrottledFn<TArgs>interfaces from@bquery/bquery/corefor typed usage of cancellable debounced/throttled functions.Signal.dispose()method to remove all subscribers from a signal, preventing memory leaks when a signal is no longer needed. Also cleans up observer dependency references bidirectionally.Fixed (1.4.0)
effect()now catches errors thrown inside the effect body and logs them viaconsole.errorinstead of crashing the reactive system. Subsequent signal updates continue to trigger the effect.flushObservers()) now catches errors thrown by individual observers and continues executing remaining pending observers, preventing a single failing observer from blocking others.endBatch()now guards against underflow — callingendBatch()without a matchingbeginBatch()is a safe no-op instead of decrementingbatchDepthbelow zero.WebStorageAdapter.keys()now uses the spec-compliantStorage.key(index)iteration API instead ofObject.keys(), which is more reliable across environments (e.g., happy-dom, Safari).parseObjectExpression()now correctly handles escaped backslashes before quotes by counting consecutive backslashes — a double backslash (\\) before a quote no longer incorrectly treats the quote as escaped, fixing edge cases inbq-classandbq-styleobject expressions.Security (1.4.0)
srcsetattributes are now validated per-URL rather than as a single URL string, correctly catchingjavascript:URLs embedded in responsive image descriptors (e.g.,"safe.jpg 1x, javascript:alert(1) 2x").actionattribute on<form>elements is now validated as a URL attribute (likehref/src), preventingjavascript:protocol URLs in form actions.