Skip to content

Latest commit

 

History

History
112 lines (97 loc) · 20.6 KB

File metadata and controls

112 lines (97 loc) · 20.6 KB

Changelog

All notable changes to WildflowerJS will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Per-entry detail lives at https://www.wildflowerjs.com/changelog.html. Each entry below links to the full prose description on the website. Breaking changes are kept in full here so they are visible at upgrade time without leaving the package.

[1.1.0] - 2026-05-18

Build & Toolchain

Added

Breaking Changes

  • Action handlers no longer stop event propagation by default. Click events (and other DOM events dispatched via data-action) now bubble naturally past the action handler. To opt back in to the v1.0 behavior on a specific element, add data-event-stop (e.g., <button data-action="save" data-event-stop>). This change makes WildflowerJS coexist cleanly with external delegation systems on the same page, most importantly jQuery's $(document).on(...) style delegation, which v1.0 silently consumed events from. Internal nested-component double-fire is still prevented via a per-event marker (event._wfHandled) without relying on stopPropagation. The v1.0 behavior was undocumented and not on the API surface, so most apps will see no change; if you specifically relied on action handlers stopping the bubble chain (common in modal/dropdown click-outside guards), add data-event-stop to the affected elements.
  • Removed data-model-debounce attribute: debouncing user input now belongs on the action that receives it. Migrate any data-model-debounce="Xms" usage to the corresponding action with a debounce modifier (data-action="input.debounce.Xms:handleInput"). The attribute was experimental and its semantics collided with list re-render timing; routing debounce through the action layer is simpler and avoids the stale-value hazards of capturing state at keydown.
  • Bare-form item-level computeds removed. The function signature alone declares scope: fn(item, index, info) { ... } is item-level (runs per row); fn() { ... } is component-level (runs once per component). In v1.0 a zero-arg computed referenced inside a list-template binding was reinterpreted as item-level, with this.X resolving to the current row's field. That dual interpretation is removed: zero-arg computeds always evaluate at component scope. A zero-arg computed referenced inside a list-template binding produces the same value for every row. Migration: change fn() { return this.assignee } (intended as item-level) to fn(item) { return item.assignee }. The new info third arg gives parameterised forms access to list-context vars: fn(item, index, info) { if (info.first) ...; if (info.last) ...; const len = info.length; }. The bare-form pattern had silent failure modes: name shadowing (if state and item shared a field name, item won silently), and scope-dependent semantics (same code returning different values depending on whether it was rendered inside a list or at component scope). The illusory advantage was "shape-polymorphic dual-scope reuse" (one computed serving both group-header and row contexts in nested lists), which parameterised form handles equally well as long as both row shapes share the field the computed reads. v1.0 had no documented item-level computeds (they didn't appear in lists.html, llms.txt, or ai-assistant.html), so user-facing impact is bounded; the only known internal consumer was the project-management demo for v1.1, migrated alongside this change.

Fixed

Performance

Security

[1.0.0] - 2026-04-10

Added

  • Core reactive framework with component system
  • Reactive state management with computed properties and dependency tracking
  • Store system for cross-component state sharing
  • List rendering with automatic keyed reconciliation
  • Conditional rendering (data-show, data-render)
  • Event handling with modifiers (throttle, debounce, self, outside, once, passive, capture)
  • Two-way data binding (data-model) with modifiers (trim, number, debounce, lazy)
  • Attribute, style, and class binding (data-bind-attr, data-bind-style, data-bind-class)
  • Client-side routing with history and hash modes
  • Server-side rendering with hydration
  • Plugin system architecture
  • Portal, modal, and transition systems
  • Entity pools (data-pool) for high-frequency DOM rendering
  • Anti-FOUC data-cloak system
  • wildflower.whenSettled() API for deterministic async waits
  • 4 build variants (core, lite, spa, full)
  • Comprehensive test suite (3,646 tests in real Chromium)

Security

  • Expression evaluator blocklist for unsafe patterns (eval, Function, globalThis, window)
  • Pool renderer attribute blocklist and URL protocol sanitization
  • HTML sanitizer routing for data-bind-html and router outlet
  • data: URI blocking (except data:image/) in URL-bearing attributes