Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
html-form
(htmf) is a minimalist library similar to HTMX and other
technologies (Behavior.js (RIP), unpoly, etc.) designed to work directly with
forms. It has a minimal API. It also makes it easy to build Multipage apps (MPA)
which works without JavaScript and the JS is just progressive enhancement.
I have successfully created offline-first applications with this library. I have also successfully used it to create an offline-first, SPA, PWA application.
htmf
is 4.1 kB minified and 2.2 kB minified and zipped.
A Todo MVC example can be found here.
This JavaScript code provides functionality for handling HTML form submissions with added features such as asynchronous submission, AJAX requests, and dynamic content updates.
Copy the file from the source code public/html-form.js
or the minified version
public/html-form.min.js
.
Or use npm
npm i html-form
and reference it like so import "html-form"
.
The HTML Form Handler (HF) library utilizes custom attributes on HTML elements to enable various functionalities and customize the behavior of form submissions. These attributes are designed to provide flexibility and extensibility to meet different use cases.
hf-ignore
<form hf-ignore>
<!-- Form content -->
</form>
<button type="submit" hf-ignore>Submit</button>
hf-target
<form hf-target="#result-container">
<!-- Form content -->
</form>
<button type="submit" hf-target=".result">Submit</button>
hf-swap
hf-swap
attribute to a form or submit button.outerHTML
, innerHTML
, append
, prepend
,
beforebegin
, afterbegin
, beforeend
, afterend
, oob
.<form hf-swap="innerHTML">
<!-- Form content -->
</form>
<button type="submit" hf-swap="append">Submit</button>
hf-select
hf-select
attribute to a form or submit button.<form hf-select=".select-container,#other-item">
<!-- Form content -->
</form>
<button type="submit" hf-select=".select-container,#other-item">Submit</button>
hf-scroll-ignore
hf-scroll-ignore
attribute to a form or submit button.<form hf-scroll-ignore>
<!-- Form content -->
</form>
<button type="submit" hf-scroll-ignore>Submit</button>
hf-scroll-to
hf-scroll-to
attribute to a form or submit button.<form hf-scroll-to="#result-section">
<!-- Form content -->
</form>
<button type="submit" hf-scroll-to=".result-section">Submit</button>
hf-scroll-skip
<body hf-scroll-skip>
<!-- Page content -->
</body>
hf-focus-skip
hf-focus-skip
attribute to form elements.<form hf-focus-skip>
<!-- Form content -->
</form>
hf:script-loaded
hf:script-loaded
event.doc.addEventListener("hf:script-loaded", e => {
// Handle script-loaded event
});
hf:request-before
, hf:request-after
, hf:json
, hf:swap
,
hf:response-error
, hf:completed
doc.addEventListener("hf:json", e => {
// Handle JSON response event
});
doc.addEventListener("hf:swap", e => {
// Handle content swap event
});
// ... and so on
The HTML Form Handler library sends a custom header to the server to help identify AJAX requests and provide additional information.
HF-Request: true
The HTML Form Handler library provides the ability to include custom headers in the server's response, facilitating additional information or actions on the client side.
hf-events
Example:
hf-events: {"eventName1": {"detail1": "value1"}, "eventName2": {"detail2": "value2"}}
When a response is given outside of a 200 response a special handler will be treated for that response.
200 OK
hf:json
event with the parsed JSON data.hf:swap
event with the received HTML content.204 No Content
205 Reset Content
Fixed event to match documented event naming.
Fixed preventDefault
being called for dialog
method.
Fixed bugs which occurred during the rewrite.
Substantial changes in this one. Fixed errors, use getAttribute
to get the
attributes to avoid conflicts with form names. Fixed other errors. Standardized
event naming and attribute naming. Code clean up. Removed the JS Doc typing.
Changed how double click detection is handled. Fixed 205 response to reset form.
Add ability to handle scripts returned in the HTML snippets.
Improved scrolling experience. Made it more like mpa-enhancer.
Add ability to scroll target a location on a page after swapping in new HTML.
Basically a rewrite.
hf-target
instead of target
.hf-swap
types similar to HTMX
which works with
insertAdjacentHTML
.submitter
instead of activeElement
to determine override of form
values.Introduced event for return status of 205 (Reset Content).
Fixed bug when a button which created the event doesn't exist.
Added more events and made events cancelable.
Added events: hf:completed
and hf:redirected
.
Added auto scroll for when appending above the input.
Bug fix - preventDefault()
wasn't called.
Bug fix - For http status of 204 or 400 don't print content type error message.
Removed click
and submit
methods as requestSubmit
is
available.
Note, a polyfill might be needed.
Removed debounce
helper (which removes all helpers for this project). Just use
underscore.js or any other library
implementation of it.
Added ability to submit the form directly through htmf
. Removed the ability of
click
to submit the form through the button click.
Prevent double submits. Added ability to send events from JSON
in a header.
Added ability to delete elements with empty string.
Default to innerHTML
swap type. Determine target from the form itself.
Removed hf-hidden
attribute as this is redundant - use the noscript
html tag
instead.
FAQs
A library for RESTful web development with an enhancement of forms.
The npm package html-form receives a total of 1 weekly downloads. As such, html-form popularity was classified as not popular.
We found that html-form demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.