Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
html-form
(htmf) is a minimalist library similar to HTMX and other
technologies (Behavior.js (RIP), unpoly, etc.) designed to work directly with
forms. It has a minimal API. It also makes it easy to build Multipage apps (MPA)
which works without JavaScript and the JS is just progressive enhancement.
htmf
is 4.1 kB minified and 2.2 kB minified and zipped.
A Todo MVC example can be found here.
This JavaScript code provides functionality for handling HTML form submissions with added features such as asynchronous submission, AJAX requests, and dynamic content updates.
The HTML Form Handler (HF) library utilizes custom attributes on HTML elements to enable various functionalities and customize the behavior of form submissions. These attributes are designed to provide flexibility and extensibility to meet different use cases.
hf-ignore
<form hf-ignore>
<!-- Form content -->
</form>
<button type="submit" hf-ignore>Submit</button>
hf-target
<form hf-target="#result-container">
<!-- Form content -->
</form>
<button type="submit" hf-target=".result">Submit</button>
hf-swap
hf-swap
attribute to a form or submit button.outerHTML
, innerHTML
, append
, prepend
,
beforebegin
, afterbegin
, beforeend
, afterend
, oob
.<form hf-swap="innerHTML">
<!-- Form content -->
</form>
<button type="submit" hf-swap="append">Submit</button>
hf-select
hf-select
attribute to a form or submit button.<form hf-select=".select-container,#other-item">
<!-- Form content -->
</form>
<button type="submit" hf-select=".select-container,#other-item">Submit</button>
hf-scroll-ignore
hf-scroll-ignore
attribute to a form or submit button.<form hf-scroll-ignore>
<!-- Form content -->
</form>
<button type="submit" hf-scroll-ignore>Submit</button>
hf-scroll-to
hf-scroll-to
attribute to a form or submit button.<form hf-scroll-to="#result-section">
<!-- Form content -->
</form>
<button type="submit" hf-scroll-to=".result-section">Submit</button>
hf-scroll-skip
<body hf-scroll-skip>
<!-- Page content -->
</body>
hf-focus-skip
hf-focus-skip
attribute to form elements.<form hf-focus-skip>
<!-- Form content -->
</form>
hf:script-loaded
hf:script-loaded
event.doc.addEventListener("hf:script-loaded", e => {
// Handle script-loaded event
});
hf:request-before
, hf:request-after
, hf:json
, hf:swap
,
hf:response-error
, hf:completed
doc.addEventListener("hf:json", e => {
// Handle JSON response event
});
doc.addEventListener("hf:swap", e => {
// Handle content swap event
});
// ... and so on
The HTML Form Handler library sends a custom header to the server to help identify AJAX requests and provide additional information.
HF-Request: true
The HTML Form Handler library provides the ability to include custom headers in the server's response, facilitating additional information or actions on the client side.
hf-events
Example:
hf-events: {"eventName1": {"detail1": "value1"}, "eventName2": {"detail2": "value2"}}
When a response is given outside of a 200 response a special handler will be treated for that response.
200 OK
hf:json
event with the parsed JSON data.hf:swap
event with the received HTML content.204 No Content
205 Reset Content
Substantial changes in this one. Fixed errors, use getAttribute
to get the
attributes to avoid conflicts with form names. Fixed other errors. Standardized
event naming and attribute naming. Code clean up. Removed the JS Doc typing.
Changed how double click detection is handled. Fixed 205 response to reset form.
Add ability to handle scripts returned in the HTML snippets.
Improved scrolling experience. Made it more like mpa-enhancer.
Add ability to scroll target a location on a page after swapping in new HTML.
Basically a rewrite.
hf-target
instead of target
.hf-swap
types similar to HTMX
which works with
insertAdjacentHTML
.submitter
instead of activeElement
to determine override of form
values.Introduced event for return status of 205 (Reset Content).
Fixed bug when a button which created the event doesn't exist.
Added more events and made events cancelable.
Added events: hf:completed
and hf:redirected
.
Added auto scroll for when appending above the input.
Bug fix - preventDefault()
wasn't called.
Bug fix - For http status of 204 or 400 don't print content type error message.
Removed click
and submit
methods as requestSubmit
is
available.
Note, a polyfill might be needed.
Removed debounce
helper (which removes all helpers for this project). Just use
underscore.js or any other library
implementation of it.
Added ability to submit the form directly through htmf
. Removed the ability of
click
to submit the form through the button click.
Prevent double submits. Added ability to send events from JSON
in a header.
Added ability to delete elements with empty string.
Default to innerHTML
swap type. Determine target from the form itself.
Removed hf-hidden
attribute as this is redundant - use the noscript
html tag
instead.
FAQs
A library for RESTful web development with an enhancement of forms.
The npm package html-form receives a total of 12 weekly downloads. As such, html-form popularity was classified as not popular.
We found that html-form demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.