5.5.1

5.5.1 (2023-11-14)

Release Info

This release is all about CSP (Content Security Policy) compliance, all dynamic html string were replaced by native HTML Element and a lot of code refactoring had to be done to make it all work. There are some exception though, if you still use html string as template, for example Formatter returning html string, you will not be fully compliant unless you return TrustedHTML, for more info you can read the CSP Compliance Wiki.

A big thanks to @JesperJakobsenCIM for helping with CSP compliance.

We now also allow passing native HTML Element to Custom Formatter instead of HTML string to avoid the use of innerHTML and stay CSP safe. We also have a new grid option named enableHtmlRendering which is enabled by default to avoid being a breaking change, but when disabled will not allow to use innerHTML hence will remain CSP safe. You can take a look at this new Filtered DataView with HTML Formatter - CSP Header (Content Security Policy) example which uses this new approach.

Bug Fixes

• add nonce grid option set the nonce value for CSP header (#902) (fc0af7a)
• add nonce grid option set the nonce value for CSP header (#902) (#905) (fb0e4f5)
• add CSP safe option for DataView filtering and adjusting inline css for CSP (#908) (ff970c0)
• add missing RowMoveManager containerCssClass option (#906) (5f85574)
• improve build & types exports for all targets, Node, CJS/ESM (#910) (9013526)
• interface for controls/plugins w/Formatter might return HTMLElement (#911) (9190843)

Features

• add grid option enableHtmlRendering to use pure HTML not string (#894) (448ec4f)

---

Quick Survey ✨

We also made a quick little poll for fun, thanks for taking the time to participate

What do you think was the most exciting change(s) for you?