* fix: escape more template-literal-related characters
Escape `{` at the start of a string, because it could be preceeded by a `$`, which in combination loads to the following characters being treated as a value
Fixes#13258
(used the opportunity to merge closely-related tests into one)
* sanitize template strings once assembled (#13263)
* only sanitize template quasis once assembled
* changeset
* remove old changeset
---------
Co-authored-by: Rich Harris <rich.harris@vercel.com>
Our current validation was both too lax and too strict:
- too strict, because you can define a `$` variable in Svelte 4 if it's not at the top level
- too strict, because you can define `$`-prefixed function parameters, but not give the parameter the name `$`
- too lax, because you can define a `$`-prefixed variable if you're at least one level deep into a function. In runes mode, this should be an error
This PR aligns the behavior, ensures this isn't a breaking change in legacy anymore, and makes the validation in runes mode more strict
* fix: follow spec for `customElement` option
* tweak messages, add link to details that will be included on future docs site
---------
Co-authored-by: Rich Harris <rich.harris@vercel.com>
This adds a new dev-time only `dev_effect_stack` variable, which executed effects are pushed to and eventually cleared out after everything's settled. If it doesn't settle however, i.e. you run into an infinite loop, the last ten effects are printed out so you get an idea where the error is coming from.
For proper source mapping I also had add location info to the generated effects.
Closes#13192
Fixes#13162
We were going from parentNode to parentNode but if something is a slot of a custom element we should first go to the assignedSlot or else the inside of the custom element will be skipped.
---------
Co-authored-by: Oscar Dominguez <dominguez.celada@gmail.com>
fixes#13194
We narrowed the allowed characters in #13057, but didn't take into account all possible (and for JavaScript identifiers allowed) unicode characters. This widens that, which also removes the accidental breaking change (because in Svelte 4 you were allowed to use these unicode characters).
Fixes#13203
The problem is that we were checking for NestingSelectors only in the selectors of the immediate child of the selectors. Since Nesting could be in selectors like :is or :where or :has that can also be nested i think we need to walk the selectors to find if there's a selector or not.
Fixes#13187. This ensures that we update the local fallback value in the case where the fallback is used so that we persist local changes to bindable props. Otherwise, any incoming changes from the outside will reset the incoming value back to the old fallback value.
---------
Co-authored-by: Simon Holthausen <simon.holthausen@vercel.com>
Fixes#13146.
Sync effects are not possible with Svelte 5's push-pull system because they can make can break the reactive graph – which is also why we don't permit writes within a derived too. The same problem is occurring here, as inspect effects are run sync – they are actually happening as part of an existing derived – which means they're a bit like writes in a derived and can cause tearing to the reactive signal graph. To avoid this we can call flushSync just before invoking these effects, as that should ensure the graph is made consistent again.
Also another issue I found was that we don't "reset" the inspect_effects Set when we enter a derived – which we should as a derived can create it's own local state that should have no bearing on the parent inspect effect.
Add a new visitor to the "strip TS AST" logic. Strictly speaking this results in incorrect ASTs but esrap, our printer, just ignores them at those positions, so we can do that.
An alternative would be to adjust zimmerframe to be able to return something to say "delete this node"
Fixes#13173
In case of something like `foo = bar.map(...)`, foo would have ownership
of the array itself, while the individual items would have ownership
of the component that created the proxy. That means if we later do
`foo[0].baz = 42`, we could get a false-positive ownership violation,
since the two proxies are not connected to each other via the parent
relationship. For this reason, we need to widen the ownership of the
children upon access when we detect they are not connected.
Fixes#13137
Fixes#13174. Turns out that we we skipping this important work because we return true early – thus not connecting the unowned derived back to the reaction.
We have a `run_scripts` function which is invoked in case a template block contains a script tag, and that function replaces the script tags (so that they actually run). If such a script tag is first or last in the template, the replacement is not picked up by our `node.first_node/last_node` logic anymore, and so it contains a stale tag. That means on cleanup the remove logic fails. In the case of the referenced issue, it just runs past the script tag till the very end of the head, removing the just added style tag from the new page.
Fixes#13086
As a byproduct of #12239 some types were changed from being directly exported to indirectly exported. TypeScript is bad at following these types while generating d.ts files, so we can't do that. A check at the end of the types generation was added to prevent regressions in the future. Fixes#13128
Also removes the old types from `svelte/reactivity` which are deprecated for a while now.
part of #11502 - to close it completely, we also need to look at using and possibly implement heuristics within bundler plugins to give more details
---------
Co-authored-by: Simon Holthausen <simon.holthausen@vercel.com>