Merge branch 'master' into chore/cancellable-onbeforerowdetail

Author: ghiscoding

README.md

@@ -17,7 +17,7 @@ One of the best JavasSript datagrid [SlickGrid](https://github.com/mleibman/Slic
 [MIT License](LICENSE)
 
 ## Documentation
-A new [Documentation](https://ghiscoding.gitbook.io/angular-slickgrid/getting-started/quick-start) website is powered by GitBook.
+📕 [Documentation](https://ghiscoding.gitbook.io/angular-slickgrid/getting-started/quick-start) website powered by GitBook.
 
 ## Installation
 A good starting point is the **[Docs - Quick Start](https://ghiscoding.gitbook.io/angular-slickgrid/getting-started/quick-start)** and/or simply clone the [Angular-Slickgrid Demos](https://github.com/ghiscoding/angular-slickgrid-demos) repository. Please review all documentation and closed issues before opening any new issue, also consider asking installation and/or general questions on [Stack Overflow](https://stackoverflow.com/search?tab=newest&q=slickgrid) unless you think there's a bug with the library.

docs/TOC.md

@@ -71,6 +71,7 @@
 * [Row Detail](grid-functionalities/row-detail.md)
 * [Row Selection](grid-functionalities/Row-Selection.md)
 * [Tree Data Grid](grid-functionalities/Tree-Data-Grid.md)
+* [FAQ](grid-functionalities/FAQ.md)
 
 ## Backend Services
 
@@ -82,6 +83,10 @@
   * [Pagination Schema](backend-services/graphql/GraphQL-Pagination.md)
   * [Sorting Schema](backend-services/graphql/GraphQL-Sorting.md)
 
+## Developer Guides
+
+* [CSP Compliance](developer-guides/csp-compliance.md)
+
 ## Migrations
 
 * [Migration Guide to 2.x](migrations/Migration-to-2.x.md)

docs/column-functionalities/editors/Autocomplete-Editor-(Kraaden-lib).md

@@ -1,5 +1,3 @@
-##### _updated for version 2.x_
-
 #### Index
 - [Using fixed `collection` or `collectionAsync`](#using-collection-or-collectionasync)
 - [Editor Options (`AutocompleterOption` interface)](#editor-options-autocompleteroption-interface)

docs/developer-guides/csp-compliance.md

@@ -0,0 +1,57 @@
+## CSP Compliance
+The library is now, at least mostly, CSP (Content Security Policy) compliant since `v4.0`, however there are some exceptions to be aware of. When using any html string as template (for example with Custom Formatter returning an html string), you will not be fully compliant unless you return `TrustedHTML`. You can achieve this by using the `sanitizer` method in combo with [DOMPurify](https://github.com/cure53/DOMPurify) to return `TrustedHTML` as shown below and with that in place you should be CSP compliant.
+
+> **Note** the default sanitizer in Slickgrid-Universal is actually already configured to return `TrustedHTML` but the CSP safe in the DataView is opt-in via `useCSPSafeFilter`
+
+```typescript
+import DOMPurify from 'dompurify';
+import { GridOption } from 'angular-slickgrid';
+
+export class Example1 {
+  gridOptions: GridOption;
+
+  prepareGrid() {
+    // ...
+
+    this.gridOptions = {
+      // NOTE: DOM Purify is already configured in Slickgrid-Universal with the configuration shown below
+      sanitizer: (html) => DOMPurify.sanitize(html, { RETURN_TRUSTED_TYPE: true }),
+      // you could also optionally use the sanitizerOptions instead
+      // sanitizerOptions: { RETURN_TRUSTED_TYPE: true }
+    }
+  }
+}
+```
+with this code in place, we can use the following CSP meta tag (which is what we use in the lib demo, ref: [index.html](https://github.com/ghiscoding/slickgrid-universal/blob/master/examples/vite-demo-vanilla-bundle/index.html#L8-L14))
+```html
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'nonce-random-string'; require-trusted-types-for 'script'; trusted-types dompurify">
+```
+
+#### DataView
+Since we use the DataView, you will also need to enable a new `useCSPSafeFilter` flag to be CSP safe as the name suggest. This option is opt-in because it has a slight performance impact when enabling this option (it shouldn't be noticeable unless you use a very large dataset).
+
+```typescript
+import DOMPurify from 'dompurify';
+import { GridOption } from 'angular-slickgrid';
+
+export class Example1 {
+  gridOptions: GridOption;
+
+  prepareGrid() {
+    // ...
+
+    this.gridOptions = {
+      // you could also optionally use the sanitizerOptions instead
+      // sanitizerOptions: { RETURN_TRUSTED_TYPE: true }
+      dataView: {
+        useCSPSafeFilter: true
+      },
+    }
+  }
+}
+```
+
+### Custom Formatter using native HTML
+We now also allow passing native HTML Element as a Custom Formatter instead of HTML string in order to avoid the use of `innerHTML` and stay CSP safe. We also have a new grid option named `enableHtmlRendering`, which is enabled by default and is allowing the use of `innerHTML` in the library (by Formatters and others), however when disabled it will totally restrict the use of `innerHTML` which will help to stay CSP safe.
+
+You can take a look at the original SlickGrid library with this new [Filtered DataView with HTML Formatter - CSP Header (Content Security Policy)](https://6pac.github.io/SlickGrid/examples/example4-model-html-formatters.html) example which uses this new approach. There was no new Example created in Slickgrid-Universal specifically for this but the approach is the same.

docs/grid-functionalities/FAQ.md

@@ -0,0 +1,53 @@
+#### index
+- Frequently asked questions
+  - [Merging grid options with applied defaults](#merging-grid-options-with-applied-defaults)
+
+### Description
+When working with the grid, you might want to Add / Update or Hightlight an item row from the Datagrid.
+
+**Note:** This is strictly a client side event, you still have to implement any backend change yourself.
+
+### Demo
+[Demo Page](https://ghiscoding.github.io/Angular-Slickgrid/#/additem) / [Demo Component](https://github.com/ghiscoding/angular-slickgrid/blob/master/src/app/examples/grid-additem.component.ts)
+
+## Frequently asked questions
+### Merging grid options with applied defaults
+When you pass gridOptions to the `angular-slickgrid` component, keep in mind that they get overloaded with the [Default Grid Options](https://github.com/ghiscoding/angular-slickgrid/blob/master/src/app/modules/angular-slickgrid/global-grid-options.ts). In contrast to what might be expected, this change won't overwrite your provided object.
+
+In cases, where depending on your data you might want to update the options (e.g. make columns readonly based on permissions) make sure to update your reference in the onAngularGridCreated event handler as shown below:
+
+#### View
+```html
+<angular-slickgrid
+     gridId="grid1"
+     [columnDefinitions]="columnDefinitions"
+     [gridOptions]="gridOptions"
+     [dataset]="dataset"
+     (onAngularGridCreated)="angularGridReady($event.detail)">
+</angular-slickgrid>
+```
+
+#### Component
+```typescript
+import { Component, OnInit} from '@angular/core';
+import { AngularGridInstance } from 'angular-slickgrid';
+
+export class GridBasicComponent implements OnInit {
+  columnDefinitions: Column[];
+  gridOptions: GridOption = {
+    // your initial settings
+  };
+  dataset: any[];
+
+  ngOnInit(): void {
+    this.columnDefinitions = [];
+  }
+
+  angularGridReady(angularGrid: AngularGridInstance) {
+    this.angularGrid = angularGrid;
+
+    // update your reference to make use of applied defaults
+    this.gridOptions = this.angularGrid.slickGrid.getOptions() as GridOption;
+  }
+}
+```

package.json

@@ -37,7 +37,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "git+ssh://git@github.com/ghiscoding/angular-slickgrid.git"
+    "url": "https://github.com/ghiscoding/angular-slickgrid.git"
   },
   "main": "src/app/modules/angular-slickgrid/index",
   "private": false,