@github/auto-complete-element
Advanced tools
Auto-complete input values from server search results.
$ npm install --save @github/auto-complete-element
Import as ES modules:
import '@github/auto-complete-element'
With a script tag:
<script type="module" src="./node_modules/@github/auto-complete-element/dist/bundle.js">
<auto-complete src="/users/search" for="users-popup">
<input type="text" name="users">
<!--
Optional clear button:
- id must match the id of the input or the name of the input plus "-clear"
- recommended to be *before* UL elements to avoid conflicting with their blur logic
Please see Note below on this button for more details
-->
<button id="users-clear">X</button>
<ul id="users-popup"></ul>
<!--
Optional div for screen reader feedback. Note the ID matches the ul, but with -feedback appended.
Recommended: Use a "Screen Reader Only" class to position the element off the visual boundary of the page.
-->
<div id="users-popup-feedback" class="sr-only"></div>
</auto-complete>
If you want to enable auto-select (pressing Enter in the input will select the first option), using the above example:
<auto-complete data-autoselect="true" src="/users/search" for="users-popup">
...
</auto-complete>
The server response should include the items that matched the search query.
<li role="option">Hubot</li>
<li role="option">Bender</li>
<li role="option">BB-8</li>
<li role="option" aria-disabled="true">R2-D2 (powered down)</li>
The data-autocomplete-value attribute can be used to define the value for an
item whose display text needs to be different:
<li role="option" data-autocomplete-value="bb8">BB-8 (astromech)</li>
Use data-no-result-found="true" to show a no results message inside the autocomplete popover. Be sure to add role="presentation"
to this element so that screen readers do not mistake this as an auto-complete option. The auto-complete-element has built in functionality that
handles aria-live announcing number of search results so this should be purely decorative.
<li role="presentation" aria-hidden="true" data-no-result-found="true">No results found!</li>
While input type="search" comes with an x that clears the content of the field and refocuses it on many browsers, the implementation for this control is not keyboard accessible, and so we've opted to enable a customizable clear button so that your keyboard users will be able to interact with it.
As an example:
In Chrome, this 'x' isn't a button but a div with a pseudo="-webkit-search-cancel-button". It doesn't have a tab index or a way to navigate to it without a mouse. Additionally, this control is only visible on mouse hover.
open is true when the auto-complete result list is visiblevalue is the selected value from the list or the empty string when clearedfetchResult you can override the default method used to query for results by overriding this property: document.querySelector('auto-complete').fetchResult = async (url) => (await fetch(url)).text()Request lifecycle events are dispatched on the <auto-complete> element. These events do not bubble.
loadstart - The server fetch has started.load - The network request completed successfully.error - The network request failed.loadend - The network request has completed.Network events are useful for displaying progress states while the request is in-flight.
const completer = document.querySelector('auto-complete')
const container = completer.parentElement
completer.addEventListener('loadstart', () => container.classList.add('is-loading'))
completer.addEventListener('loadend', () => container.classList.remove('is-loading'))
completer.addEventListener('load', () => container.classList.add('is-success'))
completer.addEventListener('error', () => container.classList.add('is-error'))
auto-complete-change is dispatched after a value is selected. In event you can find:
relatedTarget: The HTMLInputElement controlling the auto-complete result list.completer.addEventListener('auto-complete-change', function(event) {
console.log('Auto-completed value chosen or cleared', completer.value)
console.log('Related input element', event.relatedTarget)
})
You can call
setCSPTrustedTypesPolicy(policy: TrustedTypePolicy | Promise<TrustedTypePolicy> | null)
from JavaScript to set a
CSP trusted types policy, which can perform
(synchronous) filtering or rejection of the fetch response before it is
inserted into the page:
import AutoCompleteElement from 'auto-complete-element'
import DOMPurify from 'dompurify' // Using https://github.com/cure53/DOMPurify
// This policy removes all HTML markup except links.
const policy = trustedTypes.createPolicy('links-only', {
createHTML: (htmlText: string) => {
return DOMPurify.sanitize(htmlText, {
ALLOWED_TAGS: ['a'],
ALLOWED_ATTR: ['href'],
RETURN_TRUSTED_TYPE: true
})
}
})
AutoCompleteElement.setCSPTrustedTypesPolicy(policy)
The policy has access to the fetch response object. Due to platform
constraints, only synchronous information from the response (in addition to the
HTML text body) can be used in the policy:
import AutoCompleteElement from 'auto-complete-element'
const policy = trustedTypes.createPolicy('require-server-header', {
createHTML: (htmlText: string, response: Response) => {
if (response.headers.get('X-Server-Sanitized') !== 'sanitized=true') {
// Note: this will reject the contents, but the error may be caught before it shows in the JS console.
throw new Error('Rejecting HTML that was not marked by the server as sanitized.')
}
return htmlText
}
})
AutoCompleteElement.setCSPTrustedTypesPolicy(policy)
Note that:
AutoCompleteElement fetches.setCSPTrustedTypesPolicy() ahead of any other load of
auto-complete element in your code.
Promise<TrustedTypePolicy>.null to remove the policy.Browsers without native custom element support require a polyfill.
npm install
npm test
To view changes locally, run npm run examples.
In examples/index.html, uncomment <!--<script type="module" src="./dist/bundle.js"></script>--> and comment out the script referencing the unpkg version. This allows you to use the src code in this repo. Otherwise, you will be pulling the latest published code, which will not reflect the local changes you are making.
We have included some custom rules that assist in providing guardrails to confirm this component is being used accessibly.
If you are using the axe-core library in your project,
import axe from 'axe-core'
import autoCompleteRulesBuilder from '@github/auto-complete-element/validator'
const autoCompleteRules = autoCompleteRulesBuilder() // optionally, pass in your app's custom rules object, it will build and return the full object
axe.configure(autoCompleteRules)
axe.run(document)
To confirm your usage is working as designed,
import {validate} from '@github/auto-complete-element/validator'
validate(document)
Passes and failures may be determined by the length of the passes and violations arrays on the returned object:
{
passes: [],
violations: []
}
Distributed under the MIT license. See LICENSE for details.
FAQs
Auto-complete input values from server results
The npm package @github/auto-complete-element receives a total of 27,945 weekly downloads. As such, @github/auto-complete-element popularity was classified as popular.
We found that @github/auto-complete-element demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 19 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub postponed a new billing model for self-hosted Actions after developer pushback, but moved forward with hosted runner price cuts on January 1.
Research
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
Security News
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.