SurveyJS v1.10.4
Released: May 15, 2024
SurveyJS v1.10.4 contains an important fix of a security vulnerability, implements a capability to filter values used in built-in calculation functions within expressions (sumInArray
, avgInArray
, countInArray
, etc.), and includes other bug fixes and minor enhancements.
[Critical bug fix] Image: The "imageLink" property allows executing JS code when "contentMode" is "youtube"
In previous releases, the imageLink
property of an Image question accepts and executes JavaScript code when the contentMode
is set to "youtube"
. This security vulnerability enables an attacker to create a survey JSON schema with malicious code injected into it and execute this code on a victim's device when running the survey. SurveyJS v1.10.4 fixes this vulnerability. Please migrate to the latest SurveyJS version if you use Form Library or Survey Creator in your application.
Expressions: Filter values used in built-in calculation functions
Expressions support a number of built-in functions used to perform calculations within a survey JSON schema. Such functions as sumInArray
, maxInArray
, minInArray
, avgInArray
, and countInArray
aggregate data in an array that contains a response to a Single- or Multi-Select Matrix, Dynamic Matrix, or Dynamic Panel question. Since SurveyJS v1.10.4, these functions have a third (optional) parameter—filter
—which is an expression that defines a rule according to which values are included in the calculation. For instance, the code below finds a minimum value within a "quantity"
matrix column. The expression passed as the third parameter imposes additional conditions: include only positive values and search for the minimum value only in the rows with a "categoryId"
column equaling 1.
"expression": "minInArray({matrixdynamic}, 'quantity', {quantity} > 0 and {categoryId} = 1)"
Refer to the Built-In Functions help topic for more information:
Expressions > Built-In Functions
New and Updated Demos
Bug Fixes and Minor Enhancements
Form Library
- Introduce an option to override the choices separator used when choices are displayed in a list (#8265)
- Dynamic Matrix with a File Upload column: The "Take Photo" button is unavailable for the second and subsequent rows (#8242)
- Conditional visibility animation is triggered at startup (#8240)
- Multi-Select Matrix: A column's "Visible" checkbox is selected in Property Grid despite being set to
false
in the survey JSON schema (#8246) - Numeric input mask: It's impossible to clear a field's value (#8231)
- When duplicated, a Rating Scale question applies the Dropdown display mode on the design surface (#8248)
- Dynamic Matrix: Setting 0 as a default value for the
rowCount
property doesn't work as expected (#8258) - Dynamic Matrix on a page with Tailwind CSS: An animation side effect appears when adding a row (#8264)
- Auto-advance: A survey jumps over a page when using the Next button to navigate to the next page (#8253)
- The
onTriggerExecuted
event is not raised when a trigger expression is evaluated (#8273) - Hide the progress bar if
questionsOnPageMode: "singlePage"
(#8260)
Survey Creator
- Preview tab: Add a
visibleIndex
property to device configuration objects to reorder them within the simulator device list (#5461) - Translation tab: The "All Strings / Used Strings Only" dropdown is not translated when switching the locale at runtime (#5490)
- An error is thrown when using a deprecated progress bar UI (#5486)
- Pages editor in Property Grid: A drag icon appears far from the mouse pointer (#5484)
Dashboard
- Allow hiding questions without visualizers in code (#433)
PDF Generator
- PDF Generator properties are visible in Survey Creator if both the libraries are included within a web page (#317)
How to Update SurveyJS Libraries in Your Application
Angular
npm i survey-core@1.10.4 survey-angular-ui@1.10.4 --save
npm i survey-creator-core@1.10.4 survey-creator-angular@1.10.4 --save
npm i survey-analytics@1.10.4 --save
npm i survey-pdf@1.10.4 --save
React
npm i survey-core@1.10.4 survey-react-ui@1.10.4 --save
npm i survey-creator-core@1.10.4 survey-creator-react@1.10.4 --save
npm i survey-analytics@1.10.4 --save
npm i survey-pdf@1.10.4 --save
Vue 3
npm i survey-core@1.10.4 survey-vue3-ui@1.10.4 --save
npm i survey-creator-core@1.10.4 survey-creator-vue@1.10.4 --save
npm i survey-analytics@1.10.4 --save
npm i survey-pdf@1.10.4 --save
Vue 2
npm i survey-core@1.10.4 survey-vue-ui@1.10.4 --save
npm i survey-creator-core@1.10.4 survey-creator-knockout@1.10.4 --save
npm i survey-analytics@1.10.4 --save
npm i survey-pdf@1.10.4 --save
Knockout / jQuery
<link href="https://unpkg.com/survey-core@1.10.4/defaultV2.min.css" type="text/css" rel="stylesheet">
<script type="text/javascript" src="https://unpkg.com/survey-core@1.10.4/survey.core.min.js"></script>
<script type="text/javascript" src="https://unpkg.com/survey-knockout-ui@1.10.4/survey-knockout-ui.min.js"></script>
<link href="https://unpkg.com/survey-creator-core@1.10.4/survey-creator-core.min.css" type="text/css" rel="stylesheet">
<script src="https://unpkg.com/survey-creator-core@1.10.4/survey-creator-core.min.js"></script>
<script src="https://unpkg.com/survey-creator-knockout@1.10.4/survey-creator-knockout.min.js"></script>
<link href="https://unpkg.com/survey-analytics@1.10.4/survey.analytics.min.css" rel="stylesheet">
<script src="https://unpkg.com/survey-analytics@1.10.4/survey.analytics.min.js"></script>
<script src="https://unpkg.com/survey-pdf@1.10.4/survey.pdf.min.js"></script>