ReactJS.NET 2.3 - React 15

April 11, 2016 by Daniel Lo Nigro


I'm happy to announce the release of ReactJS.NET 2.3. This is a minor release, with most of the updates being updates to third-party components:

  • #252 - Update to React 15
  • #248 - Update babel-standalone to a version that bundles the transform-decorators-legacy plugin
  • #251 - Upgrade to JSPool 0.4.1. Includes some fixes for high-concurrency environments
  • Upgrade to JavaScriptEngineSwitcher 1.5.2
  • Upgrade to ASP.NET RC1 Update 1
  • #230 - Use GUIDs for container IDs, rather than sequential IDs

Have fun, and as always, please feel free to send feedback or bug reports on GitHub.

— Daniel

ReactJS.NET 2.2

January 23, 2016 by Daniel Lo Nigro


Happy new year! I'm happy to announce the release of ReactJS.NET 2.2. This is a minor release, and includes a number of changes and fixes since 2.1. These are mainly under-the-hood changes.

  • #210 - Add support for specifying class name of the wrapper element. Thanks to Jonas Tibbling
  • #216 - Upgrade to latest version of JavaScriptEngineSwitcher.
  • #193 and #207 - Upgrade to Babel 6.
  • #197 - Use React from NPM rather than manually bundling it.

Have fun, and as always, please feel free to send feedback or bug reports on GitHub.

— Daniel

ReactJS.NET 2.1

November 16, 2015 by Daniel Lo Nigro


I'm happy to announce the release of ReactJS.NET 2.1! This is a minor release, and includes a number of changes and fixes since 2.0:

  • #189 - If errors occur while loading a JS file, don't throw an exception until we actually try to use the script. This ensures that a syntax error in a file loaded with AddScriptWithoutTransform will not crash IIS.
  • #186 - Expose ReactDOM just in case it's used in some script.
  • #182 - Use SHA1 rather than MD5 for cache hashing so that it can be used in a FIPS-compliant environment. Thanks to Ruaidhri Primrose
  • Added a console sample to show how ReactJS.NET can be used outside of a web context.
  • #195 - Add ReactEnvironment.Current property as a shortcut to get the current React environment. This replaces the old method of directly using the DI container (React.AssemblyRegistration.Container.Resolve<IReactEnvironment>()).

Have fun, and as always, please feel free to send feedback or bug reports on GitHub.

— Daniel

ReactJS.NET 2.0 - Babel and React 0.14

October 17, 2015 by Daniel Lo Nigro


I'm happy to announce the release of ReactJS.NET 2.0! The major change in this release is the switch from JSXTransformer to Babel for transformation of JavaScript files. JSXTransformer is now deprecated, and Babel supports many more ES6 features than JSXTransformer did (see the Babel site for a full list). Additionally, syntax error messages are now more detailed and display the correct file name and line number.

Full list of changes:

  • #138 - Use Babel to transform JavaScript files.
  • #171 - Updated ASP.NET 5 integration to support Beta 8.
  • #164 - Upgraded to React 0.14.
  • By default, only handle *.jsx files in ASP.NET 5 and OWIN middleware. You can modify the Extensions setting in BabelFileOptions to change this behaviour.

Under the hood:

  • #168 - Everything relating to JSX transformer has been renamed to Babel (eg. IJsxTransformer is now IBabel).
  • Renamed React assembly to React.Core. The NuGet package has been called "React.Core" forever, but the corresponding assembly name didn't match, resulting in confusion.
  • Deprecated IReactEnvironment.TransformJsxFile and IReactEnvironment.TransformJsx have finally been removed. These methods have been obsolete since ReactJS.NET 0.2.

Have fun, and as always, please feel free to send feedback or bug reports on GitHub.

— Daniel

ReactJS.NET 1.5.1 - Security update

April 23, 2015 by Daniel Lo Nigro


I'm happy to announce the release of ReactJS.NET 1.5.1! This is a bug fix release and fixes a potential XSS issue with server-side rendering. JSON.NET does not escape HTML characters in its JSON output by default. As ReactJS.NET uses JSON.NET to output the props of server-side rendered components, a prop that accepts arbitrary user input could potentially contain script tags, allowing for XSS.

Escaping of HTML is now enabled by default. If you are using custom JSON serializer settings, you can enable HTML escaping by setting StringEscapeHandling to StringEscapeHandling.EscapeHtml:

ReactSiteConfiguration.Configuration.SetJsonSerializerSettings(
  new JsonSerializerSettings
  {
    StringEscapeHandling = StringEscapeHandling.EscapeHtml
  }
);

Have fun, and as always, please feel free to send feedback or bug reports on GitHub.

— Daniel

Thanks to Li Huan Jeow for the report.