Version 11.0.0

AUTHORS.txt

@@ -63,6 +63,7 @@ Federico Galassi <[email protected]>
 fegs <[email protected]>
 Felix Böhm <[email protected]>
 Felix Gnass <[email protected]>
+Flaviu Tamas <[email protected]>
 fr0z3nk0 <[email protected]>
 Francis Saul <[email protected]>
 Francisco Requena <[email protected]>
@@ -162,6 +163,7 @@ Nicolas LaCasse <[email protected]>
 Nik Nyby <[email protected]>
 Ojek <[email protected]>
 Olivier El Mekki <[email protected]>
+Ondřej Žára <[email protected]>
 Paul O’Shannessy <[email protected]>
 peller <[email protected]>
 Pepijn Verlaan <[email protected]>

Changelog.md

@@ -1,3 +1,39 @@
+## 11.0.0
+
+Breaking changes:
+
+* Custom parsers, via the `parser` option to the old API, can no longer be specified. They were never tested, often broken, and a maintenance burden. The defaults, of [parse5](https://www.npmjs.com/package/parse5) for HTML and [sax](https://www.npmjs.com/package/sax) for XML, now always apply.
+* Due to a parse5 upgrade, the location info objects returned by `dom.nodeLocation()` or the old API's `jsdom.nodeLocation()` now have a different structure.
+* Fixed how `runScripts` applies to event handler attributes; now they will no longer be converted into event handler functions unless `runScripts: "dangerously"` is set. However, event handler _properties_ will now work with any `runScripts` option value, instead of being blocked.
+
+Other changes:
+
+* Overhauled how event handler properties and attributes work to follow the spec. In particular, this adds various `oneventname` properties to various prototypes, ensures the correct order when interleaving event handlers and other event listeners, and ensures that event handlers are evaluated with the correct values in scope.
+* Upgraded parse5 from v1 to v3, bringing along several correctness improvements to HTML parsing. (Zirro)
+* Updated `Location` properties to be on the instance, instead of the prototype, and to be non-configurable.
+* Significantly improved the performance of `HTMLCollection`, and thus of parsing large documents. (Zirro)
+* Significantly improved the performance of `getComputedStyle()` by removing unsupported selectors from the default style sheet. (flaviut)
+* Fixed all web platform methods that accepted web platform objects to perform proper type checks on them, throwing a `TypeError` when given invalid values. (TimothyGu)
+* Fixed the `Symbol.toStringTag` properties to be non-writable and non-enumerable. (TimothyGu)
+* Fixed `tokenList.remove()` when the `DOMTokenList` corresponded to a non-existant attribute. (Zirro)
+* Fixed `fileReader.abort()` to terminate ongoing reads properly.
+* Fixed `xhr.send()` to support array buffer views, not just `ArrayBuffer`s. (ondras)
+* Fixed non-`GET` requests to `data:` URLs using `XMLHttpRequest`. (Zirro)
+* Fixed form submission to no longer happen for disconnected forms.
+* Fixed body event handler attributes to be treated like all others in terms of how they interact with `runScripts`.
+* Many updates per recent spec changes: (Zirro)
+  * Updated `tokenList.replace()` edge-case behavior.
+  * Invalid qualified names now throw `"InvalidCharacterError"` `DOMException`s, instead of `"NamespaceError"` `DOMException`s.
+  * Changed `input.select()` to no longer throw on types where selection does not apply.
+  * Updated `event.initEvent()` and various related methods to have additional defaults.
+  * Stopped lowercasing headers in `XMLHttpRequest` responses.
+  * Started lowercasing headers in `xhr.getAllResponseHeaders()`, and separating the header values with a comma-space (not just a comma).
+  * Allow a redirect after a CORS preflight when using `XMLHttpRequest`.
+  * Tweaked username/password CORS treatment when using `XMLHttpRequest`.
+  * Changed `xhr.overrideMimeType()` to no longer throw for invalid input.
+  * Removed `blob.close()` and `blob.isClosed()`.
+* Removed some remaining not-per-spec `toString()` methods on various prototypes, which were made redundant in v10.1.0 but we forgot to remove.
+
 ## 10.1.0
 
 * Added the value sanitization algorithm for password, search, tel, text, color, email, and url input types. (Zirro)
@@ -319,7 +355,7 @@ Although normally jsdom does not mark a new major release for changes that simpl
 * Fixed `Event` object creation to always initialize the event objects, unless using `document.createEvent`, even for events with name `""`.
 * Fixed iframes to go through the custom resource loader. (chrmarti)
 * Removed ["DOM Load and Save"](http://www.w3.org/TR/2003/CR-DOM-Level-3-LS-20031107/load-save.html) stub implementation. That spec was never implemented in browsers, and jsdom only contained stubs.
-* Removed other minor unimplemented, stub, or no-longer-standard APIs from "DOM Level 3", like the user-data API, `DOMException`, `DOMConfiguration`, and `DOMStringList`.
+* Removed other minor unimplemented, stub, or no-longer-standard APIs from "DOM Level 3", like the user-data API, `DOMError`, `DOMConfiguration`, and `DOMStringList`.
 
 ## 7.2.2
 

README.md

@@ -84,6 +84,8 @@ dom.window.document.body.children.length === 2;
 
 Again we emphasize to only use this when feeding jsdom code you know is safe. If you use it on arbitrary user-supplied code, or code from the Internet, you are effectively running untrusted Node.js code, and your machine could be compromised.
 
+Note that event handler attributes, like `<div onclick="">`, will also not function unless `runScripts` is set to `"dangerously"`. (However, event handler _properties_, like `div.onclick = ...`, will function regardless of `runScripts`.)
+
 If you are simply trying to execute script "from the outside", instead of letting `<script>` elements (and inline event handlers) run "from the inside", you can use the `runScripts: "outside-only"` option, which enables `window.eval`:
 
 ```js

package.json

@@ -1,6 +1,6 @@
 {
   "name": "jsdom",
-  "version": "10.1.0",
+  "version": "11.0.0",
   "description": "A JavaScript implementation of many web standards",
   "keywords": [
     "dom",