SurveyJS v1.11.7
Released: July 16, 2024
SurveyJS v1.11.7 includes an important fix of a security vulnerability and introduces a capability to store date-time values in UTC.
[Critical bug fix] The "navigateToUrl" property allows executing JS code
In previous releases, SurveyModel
's navigateToUrl
property accepted JavaScript code that could be executed when respondents finished the survey. This security vulnerability enabled an attacker to create a survey JSON schema with malicious code injected into it and execute this code on a victim's device when running the survey. SurveyJS v1.11.7 fixes this vulnerability. Please migrate to the latest SurveyJS version if you use Form Library or Survey Creator in your application.
Store Dates in UTC
Text entry form fields with inputType
set to "datetime-local"
can now store date-time values in UTC. To enable this functionality, set the storeUtcDates
property to true
in global settings.
import { settings } from "survey-core";
settings.storeUtcDates = true;
With this setting, date-time values are converted from local time to UTC when they are saved to the survey's data
object, while the question values remain in local time. Therefore, when you specify default values using a question's defaultValue
property, you need to use local time, but if you specify them using the data
object, use a UTC date-time value in the following format: "YYYY-MM-DDThh:mm:ss.sssZ"
.
const surveyJson = {
"elements": [{
"name": "datetime",
"type": "text",
"title": "Select a date and time",
"inputType": "datetime-local",
"defaultValue": "2024-07-16T12:15:00" // Local date-time value
}]
}
import { Model } from "survey-core";
const surveyJson = { ... }
const survey = new Model(surveyJson);
survey.data = {
datetime: "2024-07-16T12:15:00.000Z" // UTC date-time value
}
Bug Fixes and Minor Enhancements
Form Library
- Carry Forward: Ranked items reset their order once another item is carried forward (#8541)
- Carry Forward: It's impossible to specify a default order for rank items if they are copied from another question (#8558)
questionTitleWidth
specified without units (for example,"150"
) applies on the preview in Survey Creator but not when the survey is standalone (#8555)- [Knockout] A page is auto-scrolled to focus a survey question (#8530)
- Pattern input mask: Separator characters are ignored when using the browser's autofill feature with
inputType: "tel"
(#8526) - Long Text: It's impossible to override the
allowResize
andautoGrow
settings defined at the survey level (#8470) - Timer is suspended and displays the wrong time if another browser tab was opened during the quiz (#8509)
today()
function cannot be used to get today's month (#8552)- Progress bar counts invisible questions when calculating the total progress value (#8514)
- Radio buttons appear in a single column regardless of the
colCount
property value when the panelless theme mode is enabled (#8528) checkErrorsMode: "onValueChanged"
: Validation error doesn't disappear even though the dependent field was corrected (#8539)- Dynamic Matrix: Condition Editor doesn't list questions located within a detail section (#8561)
- Multi-Select Matrix: Hide the Choices setting when changing the matrix cell type from Dropdown to Text (or other type which doesn't require choices) (#8560)
Survey Creator
- Convert To: Use a default JSON object for the converted question (#5647)
- Dynamic Matrix: "Default row value" dialog doesn't allow changing the default value specified in the JSON schema (#5663)
onModified
withoptions.type: "ADDED_FROM_TOOLBOX"
isn't raised if a survey element is dragged from the Toolbox (#5670)- [Documentation]
options.type: "ADDED_FROM_PAGEBUTTON"
is missing in theonModified
event description (#5655) - Multi-Select Matrix: It's impossible to change the input placeholder for a column of a Dropdown type (#5664)
- Select-base questions: "Column count" setting is missing a hint regarding the 0 value (#5677)
- A click on a toolbox item inserts a new question at the end of the page (#5674)
Dashboard
- Word cloud is cropped when words have the same size (#448)
How to Update SurveyJS Libraries in Your Application
Angular
npm i survey-core@1.11.7 survey-angular-ui@1.11.7 --save
npm i survey-creator-core@1.11.7 survey-creator-angular@1.11.7 --save
npm i survey-analytics@1.11.7 --save
npm i survey-pdf@1.11.7 --save
React
npm i survey-core@1.11.7 survey-react-ui@1.11.7 --save
npm i survey-creator-core@1.11.7 survey-creator-react@1.11.7 --save
npm i survey-analytics@1.11.7 --save
npm i survey-pdf@1.11.7 --save
Vue 3
npm i survey-core@1.11.7 survey-vue3-ui@1.11.7 --save
npm i survey-creator-core@1.11.7 survey-creator-vue@1.11.7 --save
npm i survey-analytics@1.11.7 --save
npm i survey-pdf@1.11.7 --save
Vue 2
npm i survey-core@1.11.7 survey-vue-ui@1.11.7 --save
npm i survey-creator-core@1.11.7 survey-creator-knockout@1.11.7 --save
npm i survey-analytics@1.11.7 --save
npm i survey-pdf@1.11.7 --save
Knockout / jQuery
<link href="https://unpkg.com/survey-core@1.11.7/defaultV2.min.css" type="text/css" rel="stylesheet">
<script type="text/javascript" src="https://unpkg.com/survey-core@1.11.7/survey.core.min.js"></script>
<script type="text/javascript" src="https://unpkg.com/survey-knockout-ui@1.11.7/survey-knockout-ui.min.js"></script>
<link href="https://unpkg.com/survey-creator-core@1.11.7/survey-creator-core.min.css" type="text/css" rel="stylesheet">
<script src="https://unpkg.com/survey-creator-core@1.11.7/survey-creator-core.min.js"></script>
<script src="https://unpkg.com/survey-creator-knockout@1.11.7/survey-creator-knockout.min.js"></script>
<link href="https://unpkg.com/survey-analytics@1.11.7/survey.analytics.min.css" rel="stylesheet">
<script src="https://unpkg.com/survey-analytics@1.11.7/survey.analytics.min.js"></script>
<script src="https://unpkg.com/survey-pdf@1.11.7/survey.pdf.min.js"></script>