React v0.8

December 19, 2013 by Paul O’Shannessy


I'll start by answering the obvious question:

What happened to 0.6 and 0.7?

It's become increasingly obvious since our launch in May that people want to use React on the server. With the server-side rendering abilities, that's a perfect fit. However using the same copy of React on the server and then packaging it up for the client is surprisingly a harder problem. People have been using our react-tools module which includes React, but when browserifying that ends up packaging all of esprima and some other dependencies that aren't needed on the client. So we wanted to make this whole experience better.

We talked with Jeff Barczewski who was the owner of the react module on npm. He was kind enough to transition ownership to us and release his package under a different name: autoflow. I encourage you to check it out if you're writing a lot of asynchronous code. In order to not break all of react's current users of 0.7.x, we decided to bump our version to 0.8 and skip the issue entirely. We're also including a warning if you use our react module like you would use the previous package.

In order to make the transition to 0.8 for our current users as painless as possible, we decided to make 0.8 primarily a bug fix release on top of 0.5. No public APIs were changed (even if they were already marked as deprecated). We haven't added any of the new features we have in master, though we did take the opportunity to pull in some improvements to internals.

We hope that by releasing react on npm, we will enable a new set of uses that have been otherwise difficult. All feedback is welcome!

Changelog #

React #

  • Added support for more attributes:
    • rows & cols for <textarea>
    • defer & async for <script>
    • loop for <audio> & <video>
    • autoCorrect for form fields (a non-standard attribute only supported by mobile WebKit)
  • Improved error messages
  • Fixed Selection events in IE11
  • Added onContextMenu events

React with Addons #

  • Fixed bugs with TransitionGroup when children were undefined
  • Added support for onTransition

react-tools #

  • Upgraded jstransform and esprima-fb

JSXTransformer #

  • Added support for use in IE8
  • Upgraded browserify, which reduced file size by ~65KB (16KB gzipped)

React v0.5.2, v0.4.2

December 18, 2013 by Paul O’Shannessy


Today we're releasing an update to address a potential XSS vulnerability that can arise when using user data as a key. Typically "safe" data is used for a key, for example, an id from your database, or a unique hash. However there are cases where it may be reasonable to use user generated content. A carefully crafted piece of content could result in arbitrary JS execution. While we make a very concerted effort to ensure all text is escaped before inserting it into the DOM, we missed one case. Immediately following the discovery of this vulnerability, we performed an audit to ensure we this was the only such vulnerability.

This only affects v0.5.x and v0.4.x. Versions in the 0.3.x family are unaffected.

Updated versions are available for immediate download via npm, bower, and on our download page.

We take security very seriously at Facebook. For most of our products, users don't need to know that a security issue has been fixed. But with libraries like React, we need to make sure developers using React have access to fixes to keep their users safe.

While we've encouraged responsible disclosure as part of Facebook's whitehat bounty program since we launched, we don't have a good process for notifying our users. Hopefully we don't need to use it, but moving forward we'll set up a little bit more process to ensure the safety of our users. Ember.js has an excellent policy which we may use as our model.

You can learn more about the vulnerability discussed here: CVE-2013-7035.

Community Round-up #11

November 18, 2013 by Vjeux


This round-up is the proof that React has taken off from its Facebook's root: it features three in-depth presentations of React done by external people. This is awesome, keep them coming!

Super VanJS 2013 Talk #

Steve Luscher working at LeanPub made a 30 min talk at Super VanJS. He does a remarkable job at explaining why React is so fast with very exciting demos using the HTML5 Audio API.

React Tips #

Connor McSheffrey and Cheng Lou added a new section to the documentation. It's a list of small tips that you will probably find useful while working on React. Since each article is very small and focused, we encourage you to contribute!

Intro to the React Framework #

Pavan Podila wrote an in-depth introduction to React on TutsPlus. This is definitively worth reading.

Within a component-tree, data should always flow down. A parent-component should set the props of a child-component to pass any data from the parent to the child. This is termed as the Owner-Owned pair. On the other hand user-events (mouse, keyboard, touches) will always bubble up from the child all the way to the root component, unless handled in between.

Read the full article ...

140-characters textarea #

Brian Kim wrote a small textarea component that gradually turns red as you reach the 140-characters limit. Because he only changes the background color, React is smart enough not to mess with the text selection.

See the Pen FECGb by Brian Kim (@brainkim) on CodePen

Genesis Skeleton #

Eric Clemmons is working on a "Modern, opinionated, full-stack starter kit for rapid, streamlined application development". The version 0.4.0 has just been released and has first-class support for React.

AgFlow Talk #

Robert Zaremba working on AgFlow recently talked in Poland about React.

In a nutshell, I presented why we chose React among other available options (ember.js, angular, backbone ...) in AgFlow, where I’m leading an application development.

During the talk a wanted to highlight that React is not about implementing a Model, but a way to construct visible components with some state. React is simple. It is super simple, you can learn it in 1h. On the other hand what is model? Which functionality it should provide? React does one thing and does it the best (for me)!

Read the full article...

JSX #

Todd Kennedy working at Condé Nast wrote JSXHint and explains in a blog post his perspective on JSX.

Lets start with the elephant in the room: JSX? Is this some sort of template language? Specifically no. This might have been the first big stumbling block. What looks like to be a templating language is actually an in-line DSL that gets transpiled directly into JavaScript by the JSX transpiler.

Creating elements in memory is quick -- copying those elements into the DOM is where the slowness occurs. This is due to a variety of issues, most namely reflow/paint. Changing the items in the DOM causes the browser to re-paint the display, apply styles, etc. We want to keep those operations to an absolute minimum, especially if we're dealing with something that needs to update the DOM frequently.

Read the full article...

Photo Gallery #

Maykel Loomans, designer at Instagram, wrote a gallery for photos he shot using React.

Random Tweet #

Community Round-up #10

November 6, 2013 by Vjeux


This is the 10th round-up already and React has come quite far since it was open sourced. Almost all new web projects at Khan Academy, Facebook, and Instagram are being developed using React. React has been deployed in a variety of contexts: a Chrome extension, a Windows 8 application, mobile websites, and desktop websites supporting Internet Explorer 8! Language-wise, React is not only being used within JavaScript but also CoffeeScript and ClojureScript.

The best part is that no drastic changes have been required to support all those use cases. Most of the efforts were targeted at polishing edge cases, performance improvements, and documentation.

Khan Academy - Officially moving to React #

Joel Burget announced at Hack Reactor that new front-end code at Khan Academy should be written in React!

How did we get the rest of the team to adopt React? Using interns as an attack vector! Most full-time devs had already been working on their existing projects for a while and weren't looking to try something new at the time, but our class of summer interns was just arriving. For whatever reason, a lot of them decided to try React for their projects. Then mentors became exposed through code reviews or otherwise touching the new code. In this way React knowledge diffused to almost the whole team over the summer.

Since the first React checkin on June 5, we've somehow managed to accumulate 23500 lines of jsx (React-flavored js) code. Which is terrifying in a way - that's a lot of code - but also really exciting that it was picked up so quickly.

We held three meetings about how we should proceed with React. At the first two we decided to continue experimenting with React and deferred a final decision on whether to adopt it. At the third we adopted the policy that new code should be written in React.

I'm excited that we were able to start nudging code quality forward. However, we still have a lot of work to do! One of the selling points of this transition is adopting a uniform frontend style. We're trying to upgrade all the code from (really old) pure jQuery and (regular old) Backbone views / Handlebars to shiny React. At the moment all we've done is introduce more fragmentation. We won't be gratuitously updating working code (if it ain't broke, don't fix it), but are seeking out parts of the codebase where we can shoot two birds with one stone by rewriting in React while fixing bugs or adding functionality.

Read the full article

React: Rethinking best practices #

Pete Hunt's talk at JSConf EU 2013 is now available in video.

Server-side React with PHP #

Stoyan Stefanov's series of articles on React has two new entries on how to execute React on the server to generate the initial page load.

This post is an initial hack to have React components render server-side in PHP.

  • Problem: Build web UIs
  • Solution: React
  • Problem: UI built in JS is anti-SEO (assuming search engines are still noscript) and bad for perceived performance (blank page till JS arrives)
  • Solution: React page to render the first view
  • Problem: Can't host node.js apps / I have tons of PHP code
  • Solution: Use PHP then!

Read part 1 ...

Read part 2 ...

Rendered markup on the server:

TodoMVC Benchmarks #

Webkit has a TodoMVC Benchmark that compares different frameworks. They recently included React and here are the results (average of 10 runs in Chrome 30):

  • AngularJS: 4043ms
  • AngularJSPerf: 3227ms
  • BackboneJS: 1874ms
  • EmberJS: 6822ms
  • jQuery: 14628ms
  • React: 2864ms
  • VanillaJS: 5567ms

Try it yourself!

Please don't take those numbers too seriously, they only reflect one very specific use case and are testing code that wasn't written with performance in mind.

Even though React scores as one of the fastest frameworks in the benchmark, the React code is simple and idiomatic. The only performance tweak used is the following function:

/**
 * This is a completely optional performance enhancement that you can implement
 * on any React component. If you were to delete this method the app would still
 * work correctly (and still be very performant!), we just use it as an example
 * of how little code it takes to get an order of magnitude performance improvement.
 */
shouldComponentUpdate: function (nextProps, nextState) {
  return (
    nextProps.todo.id !== this.props.todo.id ||
    nextProps.todo !== this.props.todo ||
    nextProps.editing !== this.props.editing ||
    nextState.editText !== this.state.editText
  );
},

By default, React "re-renders" all the components when anything changes. This is usually fast enough that you don't need to care. However, you can provide a function that can tell whether there will be any change based on the previous and next states and props. If it is faster than re-rendering the component, then you get a performance improvement.

The fact that you can control when components are rendered is a very important characteristic of React as it gives you control over its performance. We are going to talk more about performance in the future, stay tuned.

Guess the filter #

Connor McSheffrey implemented a small game using React. The goal is to guess which filter has been used to create the Instagram photo.

React vs FruitMachine #

Andrew Betts, director of the Financial Times Labs, posted an article comparing FruitMachine and React.

Eerily similar, no? Maybe Facebook was inspired by Fruit Machine (after all, we got there first), but more likely, it just shows that this is a pretty decent way to solve the problem, and great minds think alike. We're graduating to a third phase in the evolution of web best practice - from intermingling of markup, style and behaviour, through a phase in which those concerns became ever more separated and encapsulated, and finally to a model where we can do that separation at a component level. Developments like Web Components show the direction the web community is moving, and frameworks like React and Fruit Machine are in fact not a lot more than polyfills for that promised behaviour to come.

Read the full article...

Even though we weren't inspired by FruitMachine (React has been used in production since before FruitMachine was open sourced), it's great to see similar technologies emerging and becoming popular.

React Brunch #

Matthew McCray implemented react-brunch, a JSX compilation step for Brunch.

Adds React support to brunch by automatically compiling *.jsx files.

You can configure react-brunch to automatically insert a react header (/** @jsx React.DOM */) into all *.jsx files. Disabled by default.

Install the plugin via npm with npm install --save react-brunch.

Read more...

Random Tweet #

I'm going to start adding a tweet at the end of each round-up. We'll start with this one:

React v0.5.1

October 29, 2013 by Paul O’Shannessy


This release focuses on fixing some small bugs that have been uncovered over the past two weeks. I would like to thank everybody involved, specifically members of the community who fixed half of the issues found. Thanks to Ben Alpert, Andrey Popp, and Laurence Rowe for their contributions!

Changelog #

React #

  • Fixed bug with <input type="range"> and selection events.
  • Fixed bug with selection and focus.
  • Made it possible to unmount components from the document root.
  • Fixed bug for disabled attribute handling on non-<input> elements.

React with Addons #

  • Fixed bug with transition and animation event detection.