npm - @ktjs/mui - Versions diffs - 0.34.1 → 0.35.0 - Mend

@ktjs/mui 0.34.1 → 0.35.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +19 -3
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -17,10 +17,12 @@
 ## Recent Updates
-1. `ref.value` remains the standard read API, and it can also replace the whole outer value with `ref.value = nextValue`.
-2. `ref.draft` is the deep-mutation entry for literally any objects. Just use `someRef.draft.a = someValue`, and kt.js will add it to microqueue and redraw it on the next tick. Works for `Map`, `Set`, `Array`, `Date` and your custom objects.
+1. 0.35.x - `reactive.get('a','b')` is a shortcut for `reactive.map((v) => v.a.b)`. By default it has 5 levels of type annotations and it's convienient for common use cases.
+2. 0.34.x - `ref.notify()` no-longer has an optional argument.
+3. 0.33.x - `ref.value` remains the standard read API, and it can also replace the whole outer value with `ref.value = nextValue`.
+4. 0.33.x - `ref.draft` is the deep-mutation entry for literally any objects. Just use `someRef.draft.a = someValue`, and kt.js will add it to microqueue and redraw it on the next tick. Works for `Map`, `Set`, `Array`, `Date` and your custom objects.
    1. `ref.draft` itself is **not assignable**.
-3. `addOnChange((newValue, oldValue) => ...)` keeps `oldValue` as the previous reference, not a deep snapshot.
+5. `addOnChange((newValue, oldValue) => ...)` keeps `oldValue` as the previous reference, not a deep snapshot.
 ## Community
@@ -41,3 +43,17 @@ cd my-app
 pnpm install
 pnpm dev
 ```
+## Security model
+kt.js intentionally trusts application code and keeps DOM operations explicit.
+- Text children are inserted as text nodes by default.
+- `k-html` is a raw HTML escape hatch that writes to `innerHTML` without sanitization.
+- Prefer `on:*` event bindings. Do not pass raw `onclick` / `onerror` style strings.
+- Attributes such as `href`, `src`, `srcdoc`, `action`, and SVG URL attributes are forwarded as-is.
+- If you bind untrusted input, sanitization and validation must be handled by your application.
+## License
+MIT License.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ktjs/mui",
-  "version": "0.34.1",
+  "version": "0.35.0",
   "description": "Material-UI inspired components for kt.js - pre-styled UI components",
   "description_zh": "面向 kt.js 的类 Material-UI 预设组件库。",
   "type": "module",