diff --git a/docs/versions/3.0.0.md b/docs/versions/3.0.0.md index 9bf2908a..cb5cc885 100644 --- a/docs/versions/3.0.0.md +++ b/docs/versions/3.0.0.md @@ -270,30 +270,37 @@ See also "Locale breaking changes". (and if using `path.js` alone, it must also have its `setUiStrings` called); `RGBColor` must accept `new`; `readLang` no longer calls `setLang` (locales need not call this anymore anyways; it will be - imported); The dropping of XML internal subsets might cause breakage with - documents using entities (though browser support for entity declarations - has been low); remove `storagePromptClosed` state boolean in favor of + imported); the dropping of XML internal subsets (as a security fix + for entity expansion) might cause breakage with documents using + entities (though browser support for entity declarations has been + low); remove `storagePromptClosed` state boolean in favor of `storagePromptState` - **Extensions** - **ext-arrows** - Change name from `Arrows` to `arrows` for sake of consistency with file path (not localized anyways; only used for unique identification) - - **ext-overview-window** - Avoid global `overviewWindowGlobals` + - **ext-overview-window** - Avoid setting global `overviewWindowGlobals` ## Deprecations and situational regressions - While string based messaging continues to work with `ext-imagelib`, the **object-based messaging** should be used instead (as also used now in the embedded editor API and `ext-xdomain-messaging`) - - The IAN image library, for which access is built-in from svgedit, has + - The IAN image library, for which access is built-in to svgedit, has already adjusted to deploy our new recommended object-based messaging format. After more of their users migrate to version 3.\* of svgedit, we should then hopefully be able to avoid passing this site an argument, (`svgedit=3`) within their URL (a flag, if not present, which they are using to employ the old object messaging mode). -- **Situational regression**: Remove Openclipart as its site's now setting of +- **Situational regressions**: Remove Openclipart as its site's now setting of `X-Frame-Options` to `"sameorigin"` makes it unusable on our end - for our cross-origin uses (even with an attempt to use their API) + for our cross-origin uses (even with an attempt to use their API). We + did make and keep a file `openclipart-es.html` (and auto-converted file, + `openclipart.html`) within `editor/extensions/imagelib` for a + convenient browser of their library, but the SVG files it finds cannot + be accessed cross-origin to integrate into SVG-Edit; see also + Summary of Fixes (Embedded Editor -> Cross-origin issues and + Browser/device-specific fixes). ## Summary of fixes @@ -305,7 +312,7 @@ have since been fixed; search CHANGES for "regression" for these): - **URL Config**: 'extPath', 'imgPath', 'langPath' were not being prevented from URL setting - **Imagelib extension**: Avoid XSS, prevent billion laughs attack, only - allow `imgLibs` origins for messaging + allow `imgLibs` config origins for messaging - **xdomain HTML**: Namespace this file to avoid it being used to modify non-domain storage on the same domain - **Embedded API**: Avoid arbitrary property setting for trusted domains @@ -321,33 +328,33 @@ have since been fixed; search CHANGES for "regression" for these): updating of canvas at this time based on `storagePromptState` has seen `langReady` including the storage extension possibly having set a `storagePromptState` of "waiting" -- **Directly user-visible fixes**: imported images with rubberband - box placement and unattached dragtool, hidden font-size setting, and - resizing nullifying the stroke, layers panel, zoom centered on cursor - when scrolled, avoiding when shift key is pressed, Document Properties - dialog positioning; ensure repeated selection of same file overwrites - with that file's contents; center canvas properly on load +- **Directly user-visible fixes**: center canvas properly on load; + imported images with rubberband box placement and unattached dragtool; + hidden font-size setting; resizing nullifying the stroke; layers panel; + zoom centered on cursor when scrolled, avoiding when shift key is pressed; + Document Properties dialog positioning; ensure repeated selection of same + file overwrites with that file's contents - **Export fixes** - Alert if `exportWindow` blocked; avoid error - if `URL` is not defined; see also browser-specific; - polygon/polyline in PDF export -- **Keyboard/Command** with keypress double binding and text element - being triggered by input as well as keyup events, and pasting some lines - with markers; backspace key in Firefox navigating out of frame; - Ensure shift-key cycling through flyouts works with extension-added + if `URL` is not defined; polygon/polyline in PDF export; see also + "browser-specific" +- **Keyboard/Command**: keypress double binding; text element not + being triggered by input as well as keyup events; pasting lines with + markers in certain cases; backspace key in Firefox navigating out of frame; + ensure shift-key cycling through flyouts works with extension-added `includeWith` as well as toolbarbuttons; ensure line tool shows as selected when "L" key command is used -- **Processing fixes** such as browser feature detection - (`supportsPathInsertItemBefore` and `supportsPathReplaceItem`), layer fixes, - multiple selection, cloning of path segments during moving, `convertPath` - with complex paths, preserving `rx` and `ry` on ellipses to allow disabling +- **Processing fixes**: browser feature detection + (`supportsPathInsertItemBefore` and `supportsPathReplaceItem`); layer fixes; + multiple selection; cloning of path segments during moving; `convertPath` + with complex paths; preserving `rx` and `ry` on ellipses to allow disabling of rendering; proper handling in `ext-connector` of 2 connecting elements with same y-coordinate; `removeFromSelection` length issues; avoid errors for `tspan` passed to `getGradient`; avoid race condition in applying arrows revealing flyouts and ensure this icon is cloned so can be applied to more than one extension; avoid setting `Math.precision` pseudo-global in jPicker; precision argument had not been passed in previously to jPicker; - for image import, avoid race condition and avoid 0 width/neight import -- **API fixes**: Triggering of `svgEditorReady` when canvas is ready and via + for image import, avoid race condition and avoid 0 width/height import +- **API fixes**: Trigger `svgEditorReady` when canvas is ready and via iframe; properly default `rasterExport` without `imgType` - **Embedded editor**: - Do not add parent URL to iframe src URL when query string is empty. @@ -355,8 +362,7 @@ have since been fixed; search CHANGES for "regression" for these): on cross-origin iframes, the embedded editor broke in some contexts. We now avoid errors for same-origin checking, and avoid or recover from exceptions with cross-origin `localStorage` or `contentDocument` - access; apparently works on at least https sites (at least not localhost) - with `Access-Control-Allow-Origin` header and + access; apparently works with `Access-Control-Allow-Origin` header and locally set with `allowedOrigins` with `*` or the given origin(s) (such as in the xdomain editor); however, `localStorage`, as is needed for clipboard and saving in storage, does not work regardless; @@ -364,11 +370,11 @@ have since been fixed; search CHANGES for "regression" for these): through the embedded API), so it can get and set its own storage in response to SVG-Edit events. We are also still throwing for some `localStorage` access (e.g., context menu cut). -- **Browser/device-specific fixes** impacting Overview panel performance, - Multiselect with zoom, multiple element selection, `getInsectionList`, - pathseg, `supportsNativeTransformLists` detection, and save/export, - removing identity matrices, recover from `tspan` having no `getBBox` - image export, `supportsGoodTextCharPos`; force PDF download in Chrome +- **Browser/device-specific fixes** impacting Overview Panel performance; + multiselect with zoom; multiple element selection; `getInsectionList`; + pathseg; `supportsNativeTransformLists` detection; save/export; + removing identity matrices; recover from `tspan` having no `getBBox` + image export; `supportsGoodTextCharPos`; force PDF download in Chrome (dropped dataURI with window opening); map extension click events to "mousedown" so they can be received on touch devices - **Extension fixes**: ForeignObject editor dialog had not been opening; fix @@ -394,7 +400,7 @@ have since been fixed; search CHANGES for "regression" for these): canvg by default; allow path config for canvg and jspdf (not needed for built-in) - **Security**: Link placeholder defaults to `https` -- **APIs**: Current zoom level, `addSvgElementFromJson` capabilities, +- **APIs**: Current zoom level; `addSvgElementFromJson` capabilities; ability to set SVG drawings without adding to the undo stack; add to methods passed to extensions; allow `addSvgElementFromJson` to accept non-SVG namespaces as well with explicit `namespace` property; @@ -419,12 +425,13 @@ have since been fixed; search CHANGES for "regression" for these): and `xdomain-svg-editor.html` files are now available which possess default config which allows cross-origin use. It saves in a storage namespace distinct from the main editor so as to avoid potential data corruption - or unauthorized retrieval of data created in the main editor by other domains. + or unauthorized retrieval of data created in the main editor by other + domains. - **Modular JavaScript**: ES6 modules distribution format and module-based `svg-editor-es.html` HTML (for modern browsers only; otherwise, use one of the UMD distributions or `svg-editor.html` file) and also separate versions for `xdomain-svg-editor-es.html`; make SpinButton plugin independent of - svgedit (though still bundled) + svgedit (though still currently bundled) - **JavaScript-only distribution files** - While SVG-Edit's JavaScript currently very much presumes a certain HTML structure, for anyone who wishes to copy and possibly modify that HTML file outside of the editor @@ -453,17 +460,17 @@ have since been fixed; search CHANGES for "regression" for these): inline listeners and styles; more ES5/ES6 usage (e.g., `class`, `includes`, destructuring, object shorthand, arrow functions), prefer `const` and then `let` and place closer to used block, add favicons; - clearer and more camelCase variable names; - throw error objects instead of strings; allow Promises; add polyfills for - Babel and `ChildNode`/`ParentNode`; use new Event constructors + clearer and more camelCase variable names; throw error objects instead + of strings; allow Promises; add polyfills for Babel and + `ChildNode`/`ParentNode`; use new Event constructors - **Linting**: Move to ESLint, using a derivative of the "standard" convention; 80 char. lines; use LGTM - **Testing**: Add skeleton support for UI and accessibility testing with - TestCafe along with ESLint plugin/rules for it; add a draw test file; - separate JavaScript files out of HTML; use static server; fix - timing of `all_tests.html` for iframe size; comment out unused jQuery SVG - test while adding test1 and svgutils_performance_test to all tests page; fix - inadequate mocking in Path test + TestCafe (along with ESLint plugin/rules for it); add a draw test file; + separate JavaScript files out of HTML; use static server; fix timing of + `all_tests.html` for iframe size; comment out unused jQuery SVG + test while adding test1 and svgutils_performance_test to all tests page; + fix inadequate mocking in Path test ## Non-code/meta changes @@ -481,7 +488,7 @@ have since been fixed; search CHANGES for "regression" for these): update Release notes and add Contributing file, integrate Github wiki pages into docs, and copy over old docs. Begin "Editor" doc file to help general users -- **Demos**: Add svgcanvas demo +- **Demos**: Add svgcanvas demo (in using `svgcanvas.js` without an editor) - **i18n**: Locales now use ES6 Modules and extension locales are now contained in separate files relative to the extensions directory (for the sake of true modularity); see "Breaking Changes"