Posted 28 days ago. Visible to the public. Auto-destruct in 34 days

Unpoly 2.3.0 released

More control over loading Unpoly

  • Unpoly can now be loaded with <script defer>. This can be used to load your scripts without blocking the DOM parser.
  • Unpoly can now be loaded with <script type="module">. This can be used deliver a modern JS build to modern browsers only.
  • Unpoly can now be booted manually Archive at a time of your choice. By default Unpoly boots automatically once the initial DOM is parsed.
  • Event listeners registered with up.on() Archive will no longer be called before Unpoly was booted Archive . Like with compilers Archive , this lets you register behavior that is only active on supported browsers Archive .
  • Unpoly no longer boots on Edge 18 or lower. Edge 18 was the last version of Edge to use Microsoft's custom rendering engine. Later versions use Chromium.

Compatibility with strict Content Security Policies (CSP)

When your Content Security Policy Archive disallows eval(), Unpoly cannot directly run JavaScript code in HTML attributes. This affects [up-on-...] attributes like [up-on-loaded] Archive or [up-on-accepted] Archive .

Unpoly 2.3 lets your work around this by prefixing your callback with a CSP nonce Archive :

<a href="/path" up-follow up-on-loaded="nonce-kO52Iphm8B alert()">Click me</a>

Users of the unpoly-rails Archive gem can insert the nonce using the up.safe_callback helper:

<a href="/path" up-follow up-on-loaded="<%= up.safe_callback('alert()') %>">Click me</a>

Also see our new guide to working with strict Content Security Policies Archive .

New options for existing features

New properties for request-related events

Request-related events now expose additional context about the event. This affects the events up:fragment:loaded Archive , up:request:load Archive , up:request:loaded Archive , up:request:aborted Archive , up:request:fatal Archive .

The link or form element that caused the request can now be access through event.origin.

The layer associated with the request can now be accessed through event.layer. If the request is intended to update an existing fragment, this is that fragment's layer. If the request is intended to open an overlay Archive , the associated layer is the future overlay's parent layer.

Various changes

  • Fix a bug with a[up-back] Archive where Unpoly would follow the link's default [href] instead of visiting the previous URL.
  • Fix a bug where the URL pattern Archive * would not match most URLs when the current location is multiple directories deep.
  • When a target cannot be found and a fallback target is used, Unpoly now logs Archive a message.
  • When a compiler Archive is registered after booting Archive , Unpoly now explains in the log that the compiler will only run for fragments inserted in the future.
  • up.observe() and input[up-observe] now log Archive a warning when trying to observe a field without a [name] attribute.
  • up.browser.loadPage() has been renamed to
  • up.browser.isSupported() has been renamed to up.framework.isSupported().

By refactoring problematic code and creating automated tests, makandra can vastly improve the maintainability of your Rails application.

Owner of this card:

Henning Koch
Last edit:
26 days ago
by Michael Leimstädtner
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Henning Koch to makandra dev
This website uses short-lived cookies to improve usability.
Accept or learn more