Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
datalist-polyfill
Advanced tools
A minimal and dependency-free vanilla JavaScript datalist polyfill. Supports all standard's functionality as well as mimics other browsers behavior.
This is a minimal and dependency-free vanilla JavaScript polyfill for the awesome datalist-functionality, that will bring joy and happiness into our lives :-)
<option>
stext
, email
, number
, search
, tel
and url
...input[type=email]
elements multiple
attribute.options
for datalist
elements and .list
for input
elementsoption
declarationsvalue
and label
valuesdatalist
is selectedESC
, and ENTER
The polyfill was designed with the following concepts kept in mind:
Just integrate the JavaScript file into your code - et voilà.
You may optionally load via NPM or Bower:
$ npm install datalist-polyfill
$ bower install datalist-polyfill
Nothing really, just plug it in, it will work out of the box.
This package is also enabling the .options
(for datalist
elements) and .list
(for input
elements) properties according to the specs.
If you set a title
-Attribute on the <datalist>
HTML tag, it would get used as label for the first disabled entry within the polyfilling select on non-touch interactions.
In case that you'd like to dynamically add or modify / create your HTML code, you're good to go with this polyfill, as it's based on event delegation and additionally using MutationObserver (IE11+) that makes your UI work easily - no refresh nor reinit function to call after DOM manipulation or something similar.
option
elementsIf you'd like to make a change to the integrated list of <option>
elements, feel free to either remove or add them right away - the list would get generated on the fly after the user typed in something into the <input>
field, so you're covered on this.
You can also disable <option>
elements by adding the disabled
attribute to the <option>
HTML tag if necessary.
value
and label
valuesAs the browser vendors (Google Chrome vs. the others) don't seem to be aligned on this topic, I've decided to enable the label
-attribute to serve as the definitive label being displayed, even if a value is being defined differing from the label. On different value
and text
values, both of them would get displayed within the suggestions, as Google Chrome does it. But if you define a differing label
-attribute, its value would get displayed exclusively (as all the other browsers do it) to give you some flexibility on how to define those suggestions. Check out the „Different ways of defining an option“ section on the demo page regarding this topic.
You'll need the declaration for the standard hidden
attribute, that you might already have included in case you're using normalize.css
. Otherwise just adapt it from there:
/**
* Add the correct
* display in IE 10-
*/
[hidden] {
display: none;
}
And you need to add a nesting select
element wrapped by a conditional comment into the datalist
element.
Please have a look at the demo page accordingly, the code is being mentioned within the Internet Explorer 9 support
section.
See the polyfill in action either by downloading / forking this repo and have a look at demo.html
, or at the hosted demo: https://mfranzke.github.io/datalist-polyfill/demo.html
<form>
are missing, and I've left the latin letters and english expressions for the right to left text-direction example. But lets focus on the relevant tags that this polyfill is all about for the demo.label
-attribute different from Safari on Mac OS. This is being equalized during the handling of the label
-attributes-value for differing value
and label
values.<select>
element to polyfill the <datalist>
, as it brought most of the functionality, whereas I accepted that it doesn't behave and doesn't look equally.
<option>
elements.multiple
attribute, as this is most likely already what you're up to regarding appearance, but it does violate the form-follows-function concept and results in - surprise - the possibility for multiple selections, which isn't always <datalist>
elements kind of thing... Then the size
attribute came to my attention, which much better fits the requirements and behaves as designed quite perfectly.Supported by Christian, Johannes, @mitchhentges, @mertenhanisch, @ailintom, @Kravimir, @mischah, @hryamzik, @ottoville, @IceCreamYou, @wlekin, @eddr, @beebee1987 and @mricherzhagen. Thank you very much for that, highly appreciated !
Personally I even also do like the "keep it simple" approach provided within the W3C specs even already.
But on the other hand this leads to an additional visible field, but doesn't emulate the (hopefully, fingers crossed) upcoming x-browser implementation and leaves unnecessary syntax for all of the clients that wouldn't even need it (anymore).
If you're trying out and using my work, feel free to contact me and give me any feedback. I'm curious about how it's gonna be used.
[1.17.0] - 2018-07-07
Tab
or other printable keys (#27)FAQs
A minimal and dependency-free vanilla JavaScript datalist polyfill. Supports all standard's functionality as well as mimics other browsers behavior.
The npm package datalist-polyfill receives a total of 3,411 weekly downloads. As such, datalist-polyfill popularity was classified as popular.
We found that datalist-polyfill demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.