Accessible modal dialog component for React

Related tags

React react javascript modal
Overview

react-modal

Accessible modal dialog component for React.JS

Build Status Coverage Status gzip size Join the chat at https://gitter.im/react-modal/Lobby

Table of Contents

Installation

To install, you can use npm or yarn:

$ npm install --save react-modal
$ yarn add react-modal

API documentation

The primary documentation for react-modal is the reference book, which describes the API and gives examples of its usage.

Examples

Here is a simple example of react-modal being used in an app with some custom styles and focusable input elements within the modal content:

import React from 'react';
import ReactDOM from 'react-dom';
import Modal from 'react-modal';

const customStyles = {
  content : {
    top                   : '50%',
    left                  : '50%',
    right                 : 'auto',
    bottom                : 'auto',
    marginRight           : '-50%',
    transform             : 'translate(-50%, -50%)'
  }
};

// Make sure to bind modal to your appElement (http://reactcommunity.org/react-modal/accessibility/)
Modal.setAppElement('#yourAppElement')

function App(){
  var subtitle;
  const [modalIsOpen,setIsOpen] = React.useState(false);
  function openModal() {
    setIsOpen(true);
  }

  function afterOpenModal() {
    // references are now sync'd and can be accessed.
    subtitle.style.color = '#f00';
  }

  function closeModal(){
    setIsOpen(false);
  }

    return (
      <div>
        <button onClick={openModal}>Open Modal</button>
        <Modal
          isOpen={modalIsOpen}
          onAfterOpen={afterOpenModal}
          onRequestClose={closeModal}
          style={customStyles}
          contentLabel="Example Modal"
        >

          <h2 ref={_subtitle => (subtitle = _subtitle)}>Hello</h2>
          <button onClick={closeModal}>close</button>
          <div>I am a modal</div>
          <form>
            <input />
            <button>tab navigation</button>
            <button>stays</button>
            <button>inside</button>
            <button>the modal</button>
          </form>
        </Modal>
      </div>
    );
}

ReactDOM.render(<App />, appElement);

You can find more examples in the examples directory, which you can run in a local development server using npm start or yarn run start.

Demos

There are several demos hosted on CodePen which demonstrate various features of react-modal:

Comments
  • Undefined error in contentHasFocus method

    Undefined error in contentHasFocus method

    Summary:

    Got the following error in the browser console when using react modal Uncaught TypeError: Cannot read property 'contains' of undefined at Object.contentHasFocus (ModalPortal.js:171) at Object.focusContent (ModalPortal.js:101) at Object.componentDidUpdate (ModalPortal.js:66) at measureLifeCyclePerf (ReactCompositeComponent.js:75) at ReactCompositeComponent.js:729 at CallbackQueue.notifyAll (CallbackQueue.js:76) at ReactReconcileTransaction.close (ReactReconcileTransaction.js:80) at ReactReconcileTransaction.closeAll (Transaction.js:206) at ReactReconcileTransaction.perform (Transaction.js:153) at ReactUpdatesFlushTransaction.perform (Transaction.js:140)

    Steps to reproduce:

    1. When populating contents in the modal dynamically

    Expected behavior:

    Should be able to populate contents without any errors.

    Additional notes:

    A small undefined check in the react-modal.js resolved the issue. Will make a PR with the fix.

    bug needs info 
    opened by saradacp 35
  • Modals cannot be tested with React's TestUtil

    Modals cannot be tested with React's TestUtil

    react-modal is acting outside of the purview of any of React's test utilities.

    renderedModal.getDomNode()
// => <noscript data-reactid=".0"></noscript>

React.scryRenderedDOMComponentsWithClass(renderedModal, "my-modal-class");
// => []

    I see there are some work arounds that were developed circa React 0.12 but I can't figure out why that is necessary. If I was guessing I would say that this has to do with how you mount to the DOM to properly apply the overlay. If this is true, maybe a small wrapper around those helpers as a part of the release would be a helpful thing for us app devs who want to write lots of tests :)

    https://github.com/rackt/react-modal/blob/master/specs/helper.js

    opened by baer 29
  • [change] Class names being added to body during render of non-opened modals

    [change] Class names being added to body during render of non-opened modals

    Changes proposed:

    Modal reference tracking

    There is an issue where class names are being added to document.body during render of non-opened modals. With only one type of bodyOpenClassName it was "working", but if you added a custom bodyOpenClassName it was causing that value to be added regardless of isOpen status.

    See the tests to replicate the behavior against current codebase.

    This PR creates a new data structure for the modal references. Instead of an array of modals, we need to know which open modals are associated with each bodyOpenClassName.

    Proposed structure is:

    modals = {
    "bodyClassName1": [ modal1Ref, modal3Ref ],
    "bodyClassName2": [ modal2Ref ],
    "bodyClassName3": [ modal4Ref ],
}
    • Additionally fixed an issue where aria-hidden was being removed from the appElement before all open modals were actually closed.
    • Also refactored some of the demo app so I could manually see this functionality working

    I'm not a huge fan of the side-effects when manipulating the modals object, but it's consistent with the current code, and it works đź’…

    Acceptance Checklist:

    • [x] All commits have been squashed to one.
    • [x] The commit message follows the guidelines in CONTRIBUTING.md.
    • [x] Documentation (README.md) and examples have been updated as needed.
    • [x] If this is a code change, a spec testing the functionality has been added.
    • [x] If the commit message has [changed] or [removed], there is an upgrade path above.
    opened by fuller 27
  • iOS - Clicking on overlay does not dismiss the modal

    iOS - Clicking on overlay does not dismiss the modal

    Summary: iOS - Clicking on overlay does not dismiss the modal

    Steps to reproduce:

    1. Open the react modal with Safari or Chrome on an iOS device (was testing on iPod Touch 6th Gen/iOS 10)
    2. Click on the overlay. Modal is not closed and there is no error in the console.

    Expected behavior: Clicking on the overlay should close the modal

    Additional notes: Works fine on desktop and Android browsers.

    As a temporary workaround, added

    onAfterOpen={() => {
    let el = document.querySelector('.ReactModal__Overlay');
    el && el.addEventListener('click', closeModalFn);
}}

    to handle the click event manually...

    Code used:

    <Modal
    isOpen={this.state.isModalOpen}
    onRequestClose={() => this.setState({ isModalOpen: false })}
    style={modalStyle}
    shouldCloseOnOverlayClick={true}
>
    {children}
</Modal>
    bug 
    opened by kukikiloke 26
  • [added] shouldCloseOnEsc prop

    [added] shouldCloseOnEsc prop

    Fixes #481.

    Changes proposed:

    • Add a new prop: shouldCloseOnEsc
    • Allow disabling of closing the modal on esc press.

    Acceptance Checklist:

    • [x] All commits have been squashed to one.
    • [x] The commit message follows the guidelines in CONTRIBUTING.md.
    • [x] Documentation (README.md) and examples have been updated as needed.
    • [x] If this is a code change, a spec testing the functionality has been added.
    • [x] If the commit message has [changed] or [removed], there is an upgrade path above.
    opened by spen 25
  • React 16 compatibility

    React 16 compatibility

    Summary:

    I looked around in the issue tracker but couldn't find an existing issue. As React 16 is right around the corner, maybe it's time to prepare a PR that adds support for it?

    It looks like at least the call to unstable_renderSubtreeIntoContainer should be updated as there's now first class support for portals.

    Steps to reproduce:

    1. Render a modal.
    2. Unmount it.

    Expected behavior:

    Shouldn't throw any errors.

    Link to example of issue:

    https://codesandbox.io/s/xpl8r853o4

    enhancement react 
    opened by amannn 24
  • Allows for the modal to be appended to another element rather than the document body.

    Allows for the modal to be appended to another element rather than the document body.

    Use the property parentSelector to either be a string (for query selecting), a function (so that a parent component can supply its node once it has been rendered), or a dom element.

    The modal will detect if the parent element has changed and move it accordingly.

    The only thing I am skeptical of is if React will remove the node from the parent element's children if other children are rendered (but it hasn't so far in testing).

    opened by jshthornton 23
  • Discussion for v4 of react-modal

    Discussion for v4 of react-modal

    First, thanks for all the support through the years...reporting and answering issues, or submitting PRs. You guys are great.

    I try my best to find time to help improve this package, but I can't do it alone...

    I have a dream to finally release version 4 for react-modal, but I didn't have a good goal to invest time to push it forward.

    The goals for v4:

    1. Remove from the API everything that can disable accessibility

    It would be better to have a more stable releases without breaking accessibility.

    1. Fix the bogus default behavior related to hide the application.

    The default is to apply the aria-hidden attribute to the document.body. But this hides everything

    This will require the user to explicitly define the element(s), using its id or class or element, using Modal.setAppElement().

    To normalize the API, Modal.setAppElement() and appElement={} must use arrays to keep the API simple.

    1. Deprecate ariaHideApp

    This is an unnecessary flag, this behavior can be archived by passing [] to Modal.setAppElement() and appElement={}. But it shouldn't be recommended.

    1. Deprecate shouldFocusAfterRender={boolean}

    The modal must always gain focus and trap (correctly).

    1. Replace shouldReturnFocusAfterClose={boolean} with returnFocusTo={Element}

    This can be an element that will gain focus after the modal is closed.

    The default behavior is to return the focus to the element on document.activeElement before open the modal, but...in some browsers, this behavior is broken so we can't always trust it. So, the user can pass to this attribute an element that must receive the focus later.

    1. Review all additional systems that react-modal uses (see helpers folder)

    This package manages a lot of state (like open instances, styles classes added to external elements, focus system...)

    With this goals in mind, the API will be less flexible to disable the features related to accessibility, which should not be a problem, but maybe some users will not see this a gain...So, I decided to start a discussion before moving forward with this...

    I'll let this open until the end of Jun, and if the feedback is positive, I'll set up the project so everybody can participate!

    Thanks, Dias

    help wanted discussion styling testing refactoring easy accessibility 
    opened by diasbruno 22
  • 'You tried to return focus to but it is not in the DOM anymore' warning.

    'You tried to return focus to but it is not in the DOM anymore' warning.

    I have recently upgraded react-modal from 1.7.1 to 3.1.6. I am now getting a warning in the console whenever react-modal unmounts.

    Steps to reproduce:

    1. Mount a component that is using React Modal as a child.
    2. Dismount the component has has React Modal as a child. (this happens for me when I navigate between routes)

    Expected behavior:

    1. I'm not sure if this warning is due to incorrect implementation on my part or if this is expected behavior.

    Additional notes:

    The modals are behaving normally, I am just unsure why the focus manager is giving me this warning.

    question documentation easy missing documentation 
    opened by Jacob-Allen 22
  • [added] Support using multiple document.body classes

    [added] Support using multiple document.body classes

    Fixes #451.

    Changes proposed:

    • update bodyOpenClassName prop to handle adding and removing multiple class names
    • update String#includes polyfill to work properly
    • remove unmaintained and obsolete element-class library
    • add new helper for adding/removing classes from the body element
    • update refCount helper to have a getter and chainable methods

    Use Case

    I am using the Tachyons library for CSS styling in my app. If you have not worked with Tachyons before (it's wonderful), it is essentially a collection of atomic class names—i.e., class names that do only one thing (e.g. .fixed { position: fixed; }). Because of this, it is in the nature of Tachyons that multiple classes will be tacked on to a single element to achieve a desired style.

    Recently, I ran into the issue outlined in #369. To solve the issue, I need to apply two CSS properties to the document.body element when the modal opens: position: fixed and overflow: hidden.

    To do this with Tachyons, I need to have bodyOpenClassName='fixed overflow-hidden'.

    However, this causes a bug in the current version of the react-modal library in which the classes are appended ad infinitum (see here).

    Acceptance Checklist:

    • [x] All commits have been squashed to one.
    • [x] The commit message follows the guidelines in CONTRIBUTING.md.
    • [x] Documentation (README.md) and examples have been updated as needed.
    • [x] If this is a code change, a spec testing the functionality has been added.
    • [x] If the commit message has [changed] or [removed], there is an upgrade path above.
    opened by indiesquidge 20
  • Animation

    Animation

    Hi there!

    I am wondering, what is the best approach to animate this modal?

    The problem is – to create robust animation, which is easy to reuse across the whole application I have to create two wrappers to create actual animations and pass correct handlers to close modals.

    So, what is the best way to deal with animations, is it possible with a single wrapper? Maybe I just miss something obvious.

    Thanks for any advice!

    opened by Bloomca 20
  • fix(sec): upgrade uglify-js to 3.14.3

    fix(sec): upgrade uglify-js to 3.14.3

    What happened?

    There are 1 security vulnerabilities found in uglify-js 3.1.1

    What did I do?

    Upgrade uglify-js from 3.1.1 to 3.14.3 for vulnerability fix

    What did you expect to happen?

    Ideally, no insecure libs should be used.

    The specification of the pull request

    PR Specification from OSCS

    opened by chncaption 0
  • Bump express from 4.17.1 to 4.18.2

    Bump express from 4.17.1 to 4.18.2

    Bumps express from 4.17.1 to 4.18.2.

    Release notes

    Sourced from express's releases.

    4.18.2

    4.18.1

    • Fix hanging on large stack of sync routes

    4.18.0

    ... (truncated)

    Changelog

    Sourced from express's changelog.

    4.18.2 / 2022-10-08

    4.18.1 / 2022-04-29

    • Fix hanging on large stack of sync routes

    4.18.0 / 2022-04-25

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump qs from 6.5.2 to 6.5.3

    Bump qs from 6.5.2 to 6.5.3

    Bumps qs from 6.5.2 to 6.5.3.

    Changelog

    Sourced from qs's changelog.

    6.5.3

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
    • [Fix] correctly parse nested arrays
    • [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
    • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
    • [Fix] when parseArrays is false, properly handle keys ending in []
    • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
    • [Fix] utils.merge: avoid a crash with a null target and an array source
    • [Refactor] utils: reduce observable [[Get]]s
    • [Refactor] use cached Array.isArray
    • [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
    • [Refactor] parse: only need to reassign the var once
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
    • [Docs] Clarify the need for "arrayLimit" option
    • [meta] fix README.md (#399)
    • [meta] add FUNDING.yml
    • [actions] backport actions from main
    • [Tests] always use String(x) over x.toString()
    • [Tests] remove nonexistent tape option
    • [Dev Deps] backport from main
    Commits
    • 298bfa5 v6.5.3
    • ed0f5dc [Fix] parse: ignore __proto__ keys (#428)
    • 691e739 [Robustness] stringify: avoid relying on a global undefined (#427)
    • 1072d57 [readme] remove travis badge; add github actions/codecov badges; update URLs
    • 12ac1c4 [meta] fix README.md (#399)
    • 0338716 [actions] backport actions from main
    • 5639c20 Clean up license text so it’s properly detected as BSD-3-Clause
    • 51b8a0b add FUNDING.yml
    • 45f6759 [Fix] fix for an impossible situation: when the formatter is called with a no...
    • f814a7f [Dev Deps] backport from main
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump decode-uri-component from 0.2.0 to 0.2.2

    Bump decode-uri-component from 0.2.0 to 0.2.2

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump minimatch and mocha

    Bump minimatch and mocha

    Bumps minimatch to 3.1.2 and updates ancestor dependency mocha. These dependencies need to be updated together.

    Updates minimatch from 3.0.4 to 3.1.2

    Commits

    Updates mocha from 8.4.0 to 10.1.0

    Release notes

    Sourced from mocha's releases.

    v10.1.0

    10.1.0 / 2022-10-16

    :tada: Enhancements

    :nut_and_bolt: Other

    v10.0.0

    10.0.0 / 2022-05-01

    :boom: Breaking Changes

    :nut_and_bolt: Other

    Also thanks to @​ea2305 and @​SukkaW for improvements to our documentation.

    v9.2.2

    9.2.2 / 2022-03-11

    Please also note our announcements.

    :bug: Fixes

    ... (truncated)

    Changelog

    Sourced from mocha's changelog.

    10.1.0 / 2022-10-16

    :tada: Enhancements

    :nut_and_bolt: Other

    10.0.0 / 2022-05-01

    :boom: Breaking Changes

    :nut_and_bolt: Other

    Also thanks to @​ea2305 and @​SukkaW for improvements to our documentation.

    9.2.2 / 2022-03-11

    :bug: Fixes

    :nut_and_bolt: Other

    ... (truncated)

    Commits
    • 5f96d51 build(v10.1.0): release
    • ed74f16 build(v10.1.0): update CHANGELOG
    • 51d4746 chore(devDeps): update 'ESLint' to v8 (#4926)
    • 4e06a6f fix(browser): increase contrast for replay buttons (#4912)
    • 41567df Support prefers-color-scheme: dark (#4896)
    • 61b4b92 fix the regular expression for function clean in utils.js (#4770)
    • 77c18d2 chore: use standard 'Promise.allSettled' instead of polyfill (#4905)
    • 84b2f84 chore(ci): upgrade GH actions to latest versions (#4899)
    • 023f548 build(v10.0.0): release
    • 62b1566 build(v10.0.0): update CHANGELOG
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump engine.io and socket.io

    Bump engine.io and socket.io

    Bumps engine.io and socket.io. These dependencies needed to be updated together. Updates engine.io from 6.0.0 to 6.2.1

    Release notes

    Sourced from engine.io's releases.

    6.2.1

    :warning: This release contains an important security fix :warning:

    A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

    Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}

    Please upgrade as soon as possible.

    Bug Fixes

    • catch errors when destroying invalid upgrades (#658) (425e833)

    6.2.0

    Features

    • add the "maxPayload" field in the handshake details (088dcb4)

    So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize value.

    This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as we only add a field in the JSON-encoded handshake data:

    0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000}

    Links

    6.1.3

    Bug Fixes

    • typings: allow CorsOptionsDelegate as cors options (#641) (a463d26)
    • uws: properly handle chunked content (#642) (3367440)

    ... (truncated)

    Changelog

    Sourced from engine.io's changelog.

    6.2.1 (2022-11-20)

    :warning: This release contains an important security fix :warning:

    A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

    Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}

    Please upgrade as soon as possible.

    Bug Fixes

    • catch errors when destroying invalid upgrades (#658) (425e833)

    3.6.0 (2022-06-06)

    Bug Fixes

    Features

    • decrease the default value of maxHttpBufferSize (58e274c)

    This change reduces the default value from 100 mb to a more sane 1 mb.

    This helps protect the server against denial of service attacks by malicious clients sending huge amounts of data.

    See also: https://github.com/advisories/GHSA-j4f2-536g-r55m

    • increase the default value of pingTimeout (f55a79a)

    ... (truncated)

    Commits
    • 24b847b chore(release): 6.2.1
    • 425e833 fix: catch errors when destroying invalid upgrades (#658)
    • 99adb00 chore(deps): bump xmlhttprequest-ssl and engine.io-client in /examples/latenc...
    • d196f6a chore(deps): bump minimatch from 3.0.4 to 3.1.2 (#660)
    • 7c1270f chore(deps): bump nanoid from 3.1.25 to 3.3.1 (#659)
    • 535a01d ci: add Node.js 18 in the test matrix
    • 1b71a6f docs: remove "Vanilla JS" highlight from README (#656)
    • 917d1d2 refactor: replace deprecated String.prototype.substr() (#646)
    • 020801a chore: add changelog for version 3.6.0
    • ed1d6f9 test: make test script work on Windows (#643)
    • Additional commits viewable in compare view

    Updates socket.io from 4.3.1 to 4.5.3

    Release notes

    Sourced from socket.io's releases.

    4.5.3

    Bug Fixes

    • typings: accept an HTTP2 server in the constructor (d3d0a2d)
    • typings: apply types to "io.timeout(...).emit()" calls (e357daf)

    Links:

    4.5.2

    Bug Fixes

    • prevent the socket from joining a room after disconnection (18f3fda)
    • uws: prevent the server from crashing after upgrade (ba497ee)

    Links:

    4.5.1

    Bug Fixes

    • forward the local flag to the adapter when using fetchSockets() (30430f0)
    • typings: add HTTPS server to accepted types (#4351) (9b43c91)

    Links:

    4.5.0

    Bug Fixes

    • typings: ensure compatibility with TypeScript 3.x (#4259) (02c87a8)

    Features

    • add support for catch-all listeners for outgoing packets (531104d)

    This is similar to onAny(), but for outgoing packets.

    ... (truncated)

    Changelog

    Sourced from socket.io's changelog.

    4.5.3 (2022-10-15)

    Bug Fixes

    • typings: accept an HTTP2 server in the constructor (d3d0a2d)
    • typings: apply types to "io.timeout(...).emit()" calls (e357daf)

    4.5.2 (2022-09-02)

    Bug Fixes

    • prevent the socket from joining a room after disconnection (18f3fda)
    • uws: prevent the server from crashing after upgrade (ba497ee)

    2.5.0 (2022-06-26)

    Bug Fixes

    • fix race condition in dynamic namespaces (05e1278)
    • ignore packet received after disconnection (22d4bdf)
    • only set 'connected' to true after middleware execution (226cc16)
    • prevent the socket from joining a room after disconnection (f223178)

    4.5.1 (2022-05-17)

    Bug Fixes

    • forward the local flag to the adapter when using fetchSockets() (30430f0)
    • typings: add HTTPS server to accepted types (#4351) (9b43c91)

    4.5.0 (2022-04-23)

    Bug Fixes

    • typings: ensure compatibility with TypeScript 3.x (#4259) (02c87a8)

    ... (truncated)

    Commits
    • 945c84b chore(release): 4.5.3
    • d3d0a2d fix(typings): accept an HTTP2 server in the constructor
    • 19b225b docs(examples): update dependencies of the basic CRUD example
    • 8fae95d docs: add jsdoc for each public method
    • e6f6b90 docs: add deprecation notice for the allSockets() method
    • 596eb88 ci: upgrade to actions/checkout@3 and actions/setup-node@3
    • e357daf fix(typings): apply types to "io.timeout(...).emit()" calls
    • 10fa4a2 refactor: add list of possible disconnection reasons
    • 8be95b3 chore(release): 4.5.2
    • ba497ee fix(uws): prevent the server from crashing after upgrade
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
Releases(v3.16.1)

  • v3.16.1(Oct 18, 2022)

    What's Changed

    • [fixed]: css class added to root document instead of modal ownerDocument by @leoc4e in https://github.com/reactjs/react-modal/pull/965
    • update broken build badge by @memark in https://github.com/reactjs/react-modal/pull/968
    • [fixed] element with display 'contents' is visible and is tabbable by @galexandrade in https://github.com/reactjs/react-modal/pull/969
    • [fixed] switched from KeyboardEvent.keyCode to KeyboardEvent.code by @robinmetral in https://github.com/reactjs/react-modal/pull/953

    New Contributors

    • @leoc4e made their first contribution in https://github.com/reactjs/react-modal/pull/965
    • @memark made their first contribution in https://github.com/reactjs/react-modal/pull/968
    • @galexandrade made their first contribution in https://github.com/reactjs/react-modal/pull/969
    • @robinmetral made their first contribution in https://github.com/reactjs/react-modal/pull/953

    Full Changelog: https://github.com/reactjs/react-modal/blob/master/CHANGELOG.md

    Source code(tar.gz)
    Source code(zip)

  • v3.14.4(Nov 10, 2021)

    • Ensure that we know about every "tabbable" element within Shadow DOM
    • Correctly wrap NODE_ENV conditional code in block to eliminate unreachable code
    • Updated some dependencies
    Source code(tar.gz)
    Source code(zip)
Owner
React Community
React website and its localizations
React Community
GitHub http://reactcommunity.org/react-modal
react-dialog is a custom react hook to use a dialog easily

react-dialog react-dialog is a custom react hook to use a dialog easily. Documentation To use react-dialog follow the documentation. useDialog Returns

Levy Mateus Macedo 2 Mar 29, 2022
Material-UI is a simple and customizable component library to build faster, beautiful, and more accessible React applications. Follow your own design system, or start with Material Design.

Material-UI Quickly build beautiful React apps. Material-UI is a simple and customizable component library to build faster, beautiful, and more access

Material-UI 83.6k Dec 30, 2022
Accessible, unstyled, open-sourced, and fully functional react component library for building design systems

DORAI UI Accessible, unstyled, open-sourced and fully functional react component library for building design systems Documentation site coming soon St

Fakorede Boluwatife 38 Dec 30, 2022
This is an online dialog with realtime chat, voice and face to face.

Getting Started with Create React App This project was bootstrapped with Create React App. Available Scripts In the project directory, you can run: np

Gökhan ERGEN 2 Jun 7, 2022
Makes the HTML element dialog draggable

Makes the HTML element dialog draggable

Naeemo 2 Sep 9, 2022
An accessible dropdown component for use in Ember apps.

ember-a11y-dropdown This is an accessible dropdown that you can use in your Ember app for a menu dropdown. I'm making it so people can stop using the

Melanie Sumner 2 Feb 10, 2022
Beautiful and accessible drag and drop for lists with React

react-beautiful-dnd (rbd) Beautiful and accessible drag and drop for lists with React Play with this example if you want! Core characteristics Beautif

Atlassian 28.9k Jan 7, 2023
⚡️ Simple, Modular & Accessible UI Components for your React Applications

Build Accessible React Apps with Speed ⚡️ Chakra UI provides a set of accessible, reusable, and composable React components that make it super easy to

Chakra UI 30.5k Jan 4, 2023
Modal in desktop, fullscreen in mobile

React Full Screen Modal Why? Modals typically don't work well for modals. They take up a lot of space and often squish their contents. This library ai

Chris 2 Mar 7, 2022
React tooltip is a React.JS Component that brings usefull UX and UI information in selected elements of your website.

React Tooltip ✅ React tooltip is a React.JS Component that brings usefull UX and UI information in elements of your website. Installation ⌨️ React Too

Marc Ramos 1 Dec 22, 2021
A react component available on npm to easily link to your project on github and is made using React, TypeScript and styled-components.

fork-me-corner fork-me-corner is a react component available on npm to easily link to your project on github and is made using React, TypeScript and s

Victor Dantas 9 Jun 30, 2022
A set of higher-order components to turn any list into an animated, accessible and touch-friendly sortable list✌️

A set of higher-order components to turn any list into an animated, accessible and touch-friendly sortable list Examples available here: http://claude

Claudéric Demers 10.3k Jan 2, 2023
Providing accessible components with Web Components & Material You

tiny-material Still on developing, DO NOT use for production environment Run well on Google Chrome, Firefox, Chrome for Android, Microsoft Edge (Chrom

HugePancake 11 Dec 31, 2022
Recoil is an experimental state management library for React apps. It provides several capabilities that are difficult to achieve with React alone, while being compatible with the newest features of React.

Recoil · Recoil is an experimental set of utilities for state management with React. Please see the website: https://recoiljs.org Installation The Rec

Facebook Experimental 18.2k Jan 8, 2023
đź““ The UI component explorer. Develop, document, & test React, Vue, Angular, Web Components, Ember, Svelte & more!

Build bulletproof UI components faster Storybook is a development environment for UI components. It allows you to browse a component library, view the

Storybook 75.8k Jan 4, 2023
The Select Component for React.js

React-Select The Select control for React. Initially built for use in KeystoneJS. See react-select.com for live demos and comprehensive docs. React Se

Jed Watson 25.6k Jan 3, 2023
A Higher Order Component using react-redux to keep form state in a Redux store

redux-form You build great forms, but do you know HOW users use your forms? Find out with Form Nerd! Professional analytics from the creator of Redux

Redux Form 12.6k Jan 3, 2023
Isolated React component development environment with a living style guide

Isolated React component development environment with a living style guide React Styleguidist is a component development environment with hot reloaded

Styleguidist 10.6k Jan 5, 2023
Markdown component for React

react-markdown Markdown component for React using remark. Learn markdown here and check out the demo here. Install npm: npm install react-markdown Why

remark 9.7k Jan 4, 2023