Sync 3.18.0 to dev #2252
Sync 3.18.0 to dev #2252
Conversation
* fix(anchor): [anchor] fix anchor error when links is empty * fix(anchor): [anchor] fix anchor error when links is empty
WalkthroughThis pull request includes updates across several packages, primarily focusing on version increments in Changes
Possibly related PRs
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Outside diff range and nitpick comments (8)
packages/vue/src/grid/src/dragger/src/methods.ts (1)
68-77: Approved: Enhanced flexibility for row drag-and-drop handlingThe changes to the
rowDropmethod improve the component's customizability by introducing atriggerparameter and handling a specific case for index-based row handling. The use ofcreateHandlerOnEndalso suggests a more modular approach.Consider adding a brief comment explaining the purpose of the
triggerparameter and how it differs fromrowHandle. This would improve code clarity for future maintainers.const { plugin, onBeforeMove, filter, refresh = true, rowHandle, trigger } = this.dropConfig +// `trigger` allows custom drag handles, while `rowHandle` provides specific handling for index-based rows const rowDropContainer = bodyEl.querySelector('.tiny-grid__body tbody')packages/theme/src/fluent-editor/index.less (1)
Line range hint
186-193: LGTM! Consider using variables for icon sizes.The changes to SVG icon sizes improve visual consistency. The specific styling for the fullscreen button is a nice touch for visual hierarchy.
For better maintainability, consider using LESS variables for icon sizes. For example:
@icon-size-default: 16px; @icon-size-small: 12px; .ql-formats { > button { svg { width: @icon-size-default; font-size: @icon-size-default; } &.ql-fullscreen { svg { width: @icon-size-small; font-size: @icon-size-small; } } } }This approach would make it easier to maintain consistent sizes across the component.
packages/renderless/src/common/xss.ts (1)
25-25: Conduct a thorough security review of XSS filtering logic.The changes to the whitelist configuration for 'a' and 'img' tags are necessary for functionality but introduce potential security risks. While no changes were made to the XSS filtering logic itself, it's crucial to ensure that the existing implementation adequately handles these newly whitelisted attributes.
Recommendations:
- Conduct a comprehensive security review of the entire XSS filtering implementation.
- Consider implementing more granular filtering for 'href' and 'src' attributes.
- Add unit tests specifically for these attributes to ensure proper sanitization.
- Document the security implications of these changes and any additional measures taken.
- Consider implementing a Content Security Policy (CSP) as an additional layer of protection.
Would you like assistance in drafting a security review plan or creating additional unit tests?
Also applies to: 77-77
packages/renderless/src/anchor/index.ts (1)
Line range hint
232-232: Improved scrolling for horizontal anchor points.This change addresses the issue of horizontal anchor points not scrolling to the top correctly. The new calculation for
toptakes into account the offset of both the target link and the scroll container.For improved clarity, consider adding a brief comment explaining the purpose of subtracting
scrollContainer.offsetTop:// Calculate the relative offset of the link within the scroll container const top = linkEl?.offsetTop - scrollContainer.offsetTopThis will help future developers understand the reasoning behind this calculation.
packages/renderless/src/fluent-editor/options.ts (3)
3-15: LGTM! Consider adding font categories for better organization.The
fontFamilyConfigarray provides a good range of font options, including both Chinese and English fonts. The naming is consistent and follows common conventions.Consider grouping the fonts by category (serif, sans-serif, monospace, etc.) using objects or comments for better organization and easier selection. For example:
const fontFamilyConfig = [ // Serif 'songti', 'kaiti', 'times', // Sans-serif 'yahei', 'heiti', 'arial', 'arialblack', // Monospace 'mono', // Decorative 'lishu', 'comic', 'impact' ]
17-36: LGTM! Consider adding relative units for better accessibility.The
fontSizeConfigarray provides a good range of font sizes from 12px to 72px. The progression of sizes is logical, with smaller increments for smaller sizes and larger increments for larger sizes.Consider adding relative units (like em or rem) alongside pixel values for better accessibility and responsiveness. This allows users to scale font sizes based on their browser settings. For example:
const fontSizeConfig = [ { px: '12px', rem: '0.75rem' }, { px: '14px', rem: '0.875rem' }, { px: '16px', rem: '1rem' }, // ... (other sizes) { px: '72px', rem: '4.5rem' } ]
Line range hint
60-71: LGTM! Consider adding type annotations for better maintainability.The changes to the
toolbaranddefaultOptionfunctions improve the code by:
- Removing the dependency on
FluentEditorin thetoolbarfunction.- Using the new config constants, making the code more maintainable and easier to customize.
- Consistently updating the
defaultOptionfunction to align with thetoolbarfunction changes.Consider adding TypeScript type annotations to the
toolbarfunction for better maintainability and to catch potential errors early. For example:interface ToolbarConfig { container: (string | { [key: string]: string[] })[][]; } const toolbar = (): ToolbarConfig => { // ... existing code ... }This will help ensure that the returned object matches the expected structure and make it easier for other developers to understand and use the function.
Also applies to: 210-210
packages/vue/src/form-item/src/pc.vue (1)
184-184: Translate code comments to English for consistencyThe comment on line 184 is in Chinese. Please consider translating it to English to maintain consistency across the codebase and improve readability for all contributors.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (10)
- packages/renderless/package.json (1 hunks)
- packages/renderless/src/anchor/index.ts (1 hunks)
- packages/renderless/src/common/xss.ts (2 hunks)
- packages/renderless/src/fluent-editor/options.ts (4 hunks)
- packages/theme/package.json (1 hunks)
- packages/theme/src/fluent-editor/index.less (1 hunks)
- packages/vue/src/form-item/package.json (1 hunks)
- packages/vue/src/form-item/src/pc.vue (2 hunks)
- packages/vue/src/grid/package.json (1 hunks)
- packages/vue/src/grid/src/dragger/src/methods.ts (1 hunks)
✅ Files skipped from review due to trivial changes (3)
- packages/renderless/package.json
- packages/theme/package.json
- packages/vue/src/grid/package.json
🧰 Additional context used
🔇 Additional comments (12)
packages/vue/src/form-item/package.json (4)
3-3: LGTM: Addition of "type": "module"The addition of
"type": "module"is a positive change. It explicitly declares that this package uses ECMAScript modules, which is consistent with modern JavaScript practices and can lead to better tree-shaking and module resolution.
6-6: LGTM: Addition of "license": "MIT"The addition of the MIT license is a positive change. It clearly communicates the terms under which the package can be used, modified, and distributed. This is crucial for open-source projects and helps users understand their rights and obligations when using the package.
20-23: LGTM: Addition of testing dependenciesThe addition of
@opentiny-internal/vue-test-utilsandvitestas devDependencies is a positive change. This suggests an improvement in the testing setup for the package, which can lead to better code quality and reliability.To ensure these new testing dependencies are being utilized effectively:
- Verify that appropriate test files exist for the form-item component.
- Check if there's adequate test coverage for the component's functionality.
Run the following script to check for test files and their content:
16-16: Verify dependency changes and their impactThe dependencies have been updated:
- Removed:
@opentiny/vue-icon- Added:
@opentiny/vue-tooltipThese changes suggest a shift in the package's requirements, potentially affecting the form-item component's functionality.
Please ensure that:
- The removal of
vue-icondoesn't break any existing functionality.- The addition of
vue-tooltipis necessary and properly utilized in the component.Run the following script to check for any remaining references to the removed icon package and usage of the new tooltip package:
Also applies to: 18-18
✅ Verification successful
Dependency changes verified successfully
The removal of
@opentiny/vue-iconand the addition of@opentiny/vue-tooltiphave been verified. No references to the removed package remain, and the new package is not currently utilized, ensuring that the form-item component's functionality remains unaffected.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Check for references to removed icon package and usage of new tooltip package echo "Checking for remaining references to @opentiny/vue-icon:" rg -i "@opentiny/vue-icon" --type ts --type vue echo "Checking for usage of @opentiny/vue-tooltip:" rg -i "@opentiny/vue-tooltip" --type ts --type vueLength of output: 363
packages/vue/src/grid/src/dragger/src/methods.ts (2)
Line range hint
1-100: Summary of changes and review findingsThe changes in this file focus on enhancing the flexibility of the row drag-and-drop functionality in the grid component. Key improvements include:
- Introduction of a
triggerparameter for custom drag handles.- Special handling for index-based rows.
- More modular approach with the use of
createHandlerOnEnd.These changes improve the component's customizability without introducing breaking changes. The overall structure and purpose of the file remain intact.
While the implementation appears sound, it's important to verify the correctness of the import statement and the potential impact on other parts of the codebase that may rely on the
rowDropmethod.
Line range hint
1-1: Verify the impact of changes and import statementThe changes to the
rowDropmethod introduce the use ofcreateHandlerOnEnd, which is imported from arowDropmodule. Please ensure that:
- The
createHandlerOnEndfunction is correctly implemented in therowDropmodule.- The import statement is correct and the
rowDropmodule is up-to-date with these changes.- Any other components or tests that rely on the
rowDropmethod are updated if necessary.To verify the correctness of the import and the existence of the
createHandlerOnEndfunction, please run the following script:Also applies to: 79-79
✅ Verification successful
Import statement and
createHandlerOnEndimplementation verified successfully.The
createHandlerOnEndfunction is correctly imported from./rowDropinmethods.tsand is properly implemented inrowDrop.ts. No further changes are necessary.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Verify the import statement and the existence of createHandlerOnEnd function # Check the import statement echo "Checking import statement:" rg --type typescript "import.*createHandlerOnEnd.*from './rowDrop'" packages/vue/src/grid/src/dragger/src/ # Check the implementation of createHandlerOnEnd echo "Checking createHandlerOnEnd implementation:" rg --type typescript "function createHandlerOnEnd" packages/vue/src/grid/src/dragger/src/ rg --type typescript "const createHandlerOnEnd" packages/vue/src/grid/src/dragger/src/Length of output: 560
Script:
#!/bin/bash # Verify the import statement and the existence of createHandlerOnEnd function # Check the import statement echo "Checking import statement:" rg "import.*createHandlerOnEnd.*from './rowDrop'" packages/vue/src/grid/src/dragger/src/ --glob "*.ts" --glob "*.tsx" # Check the implementation of createHandlerOnEnd echo "Checking createHandlerOnEnd implementation:" rg "function createHandlerOnEnd" packages/vue/src/grid/src/dragger/src/ --glob "*.ts" --glob "*.tsx" rg "const createHandlerOnEnd" packages/vue/src/grid/src/dragger/src/ --glob "*.ts" --glob "*.tsx"Length of output: 707
packages/theme/src/fluent-editor/index.less (1)
Line range hint
1-293: Overall assessment: Minor visual improvementsThe changes in this file focus on refining the visual presentation of the fluent editor component, particularly the toolbar icons. These adjustments enhance the consistency and visual hierarchy of the interface without introducing any functional changes or potential issues.
Key improvements:
- Standardized icon sizes for better visual consistency
- Special treatment for the fullscreen button, making it visually distinct
These changes contribute to a more polished user interface, which can lead to a better user experience when interacting with the editor.
packages/renderless/src/common/xss.ts (2)
77-77: Ensure proper sanitization for 'src' attribute in img tags.Adding 'src' to the whitelist for 'img' tags is necessary for image functionality. However, this change could potentially introduce security risks if not handled carefully.
To mitigate potential XSS vulnerabilities:
- Ensure that the XSS filter sanitizes the 'src' attribute content to prevent XSS attacks through malicious image sources.
- Consider implementing a URL validation function specifically for image sources.
- If possible, use Content Security Policy (CSP) headers to restrict image sources to trusted domains.
Run the following script to verify the XSS filter implementation for image sources:
#!/bin/bash # Description: Verify XSS filter implementation for 'src' attribute in img tags # Test: Search for image URL sanitization or validation logic rg --type typescript 'filterImageUrl|sanitizeImageUrl|validateImageUrl' # Test: Check for any custom XSS filter implementations related to images ast-grep --lang typescript --pattern 'function $_($$_) { $$_ filter $$_ (image|img|src) $$_ }'
25-25: Ensure proper sanitization for 'href' attribute.Adding 'href' to the whitelist for 'a' tags is necessary for link functionality. However, this change could potentially introduce security risks if not handled carefully.
To mitigate potential XSS vulnerabilities:
- Ensure that the XSS filter sanitizes the 'href' attribute content to prevent JavaScript injection (e.g.,
javascript:URLs).- Consider implementing a URL validation function to check for safe protocols.
Run the following script to verify the XSS filter implementation:
✅ Verification successful
'href' Attribute Sanitization Verified
The
filterUrlfunction effectively sanitizes thehrefattribute by:
- Decoding HTML entities to prevent obfuscated URLs.
- Allowing only relative URLs or those with safe protocols.
- Rejecting dangerous protocols such as
javascript:,data:, andvbscript:.This ensures that adding
hrefto the whitelist does not introduce XSS vulnerabilities.🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify XSS filter implementation for 'href' attribute # Test: Search for URL sanitization or validation logic rg --type typescript 'filterUrl|sanitizeUrl|validateUrl' # Test: Check for any custom XSS filter implementations ast-grep --lang typescript --pattern 'function $_($$_) { $$_ filter $$_ xss $$_ }'Length of output: 205
Script:
#!/bin/bash # Description: Verify XSS filter implementation for 'href' attribute # Test: Search for URL sanitization or validation logic using correct file type rg --type ts 'filterUrl|sanitizeUrl|validateUrl' # Test: Check for any custom XSS filter implementations with refined pattern ast-grep --lang typescript --pattern 'function $_($$_) { $$_ filter $_ xss $_ }'Length of output: 5043
Script:
#!/bin/bash # Description: Locate the implementation of `filterUrl` function # Test: Search for the definition of `filterUrl` using various patterns rg --type ts 'function\s+filterUrl\s*\(' rg --type ts 'const\s+filterUrl\s*=' rg --type ts 'let\s+filterUrl\s*=' rg --type ts 'filterUrl\s*:\s*function\s*\(' rg --type ts 'export\s+const\s+filterUrl\s*='Length of output: 288
Script:
#!/bin/bash # Description: Extract the implementation of `filterUrl` function from xss.ts # Use grep to extract lines containing the definition and the function body rg --type ts -A 20 'let\s+filterUrl\s*=\s*function\s*\(content\)\s*\{' packages/renderless/src/common/xss.tsLength of output: 692
packages/renderless/src/anchor/index.ts (1)
127-129: Improved robustness with early return check.The addition of this check enhances the function's reliability by preventing potential errors when
props.linksis undefined or empty. This is a good defensive programming practice.packages/renderless/src/fluent-editor/options.ts (1)
38-38: LGTM! Good range of line height options.The
lineHeightConfigarray provides a good range of line height options from 1 to 5. Using unitless values for line heights is a best practice, allowing for better scaling with different font sizes. The progression of values is logical, including both common (1.5, 2) and more extreme options for flexibility.packages/vue/src/form-item/src/pc.vue (1)
224-225: Class merging logic is correctThe code correctly merges the
tiny-tooltipclass with existing classes and removes duplicates usingdeduplicateCssClass. This ensures that the component applies the appropriate styles without any conflicting or redundant class names.
| @@ -1,24 +1,24 @@ | |||
| { | |||
| "name": "@opentiny/vue-form-item", | |||
| "version": "3.18.0", | |||
| "type": "module", | |||
| "version": "3.18.1", | |||
There was a problem hiding this comment.
💡 Codebase verification
Version Numbers Inconsistency Detected
Multiple version numbers found across package.json files, including "3.18.0", "3.18.1", "3.18.2", "3.18.3", "3.18.4", "3.18.5", "1.0.0", "1.2.0", "0.0.0", "0.0.2", "1.1.5", and "0.1.0". This inconsistency may lead to dependency issues or version mismatches within the project.
🔗 Analysis chain
Verify version number consistency
The version update to "3.18.1" is noted. This patch increment suggests minor bug fixes or non-breaking changes, which aligns with the nature of a sync PR.
Please ensure this version number is consistent with the overall project versioning strategy and the PR objective of syncing to version 3.18.0. Run the following script to check for version consistency across the project:
Run a Corrected Version Consistency Check
The previous script did not yield the expected results. Please execute the following corrected script to verify version numbers across all package.json files:
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check for version consistency across the project
# Test: Search for version numbers in package.json files
echo "Versions found in package.json files:"
fd -e json -x rg -i '"version":\s*"[0-9]+\.[0-9]+\.[0-9]+"' {}
Length of output: 363
Script:
Length of output: 0
Script:
# !/bin/bash
# Description: Check for version consistency across the project
echo "Versions found in package.json files:"
fd -e json -t f -x rg -i '"version":\s*"[0-9]+\.[0-9]+\.[0-9]+"' {}
Length of output: 6566
|
[e2e-test-warn] The title of the Pull request should look like "fix(vue-renderless): [action-menu, alert] fix xxx bug". Please make sure you've read our contributing guide |
PR
PR Checklist
Please check if your PR fulfills the following requirements:
PR Type
What kind of change does this PR introduce?
What is the current behavior?
Issue Number: N/A
What is the new behavior?
Does this PR introduce a breaking change?
Other information
Summary by CodeRabbit
New Features
Bug Fixes
Style
Chores