release prep

README.md

@@ -35,7 +35,7 @@ By removing these arbitrary constraints htmx completes HTML as a
 
 ```html
   <!-- Load from unpkg -->
-  <script src="https://unpkg.com/htmx.org@1.3.2" ></script>
+  <script src="https://unpkg.com/htmx.org@1.3.3" ></script>
   <!-- have a button POST a click via AJAX -->
   <button hx-post="/clicked" hx-swap="outerHTML">
     Click Me

package.json

@@ -5,7 +5,7 @@
     "AJAX",
     "HTML"
   ],
-  "version": "1.3.4",
+  "version": "1.3.3",
   "homepage": "https://htmx.org/",
   "bugs": {
     "url": "https://github.com/bigskysoftware/htmx/issues"

www/docs.md

@@ -101,7 +101,7 @@ It can be used via [NPM](https://www.npmjs.com/) as "`htmx.org`" or downloaded o
 [unpkg](https://unpkg.com/browse/htmx.org/) or your other favorite NPM-based CDN:
 
 ``` html
-    <script src="https://unpkg.com/htmx.org@1.3.2"></script>
+    <script src="https://unpkg.com/htmx.org@1.3.3"></script>
 ```
 
 For added security, you can load the script using [Subresource Integrity (SRI)](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity).

www/index.md

@@ -35,7 +35,7 @@ By removing these arbitrary constraints htmx completes HTML as a
 
 ```html
   <!-- Load from unpkg -->
-  <script src="https://unpkg.com/htmx.org@1.3.2"></script>
+  <script src="https://unpkg.com/htmx.org@1.3.3"></script>
   <!-- have a button POST a click via AJAX -->
   <button hx-post="/clicked" hx-swap="outerHTML">
     Click Me

www/test/1.3.3/src/htmx.js

@@ -49,7 +49,8 @@ return (function () {
                 swappingClass:'htmx-swapping',
                 allowEval:true,
                 attributesToSettle:["class", "style", "width", "height"],
-                wsReconnectDelay: 'full-jitter'
+                wsReconnectDelay: 'full-jitter',
+                disableSelector: "[hx-disable], [data-hx-disable]",
             },
             parseInterval:parseInterval,
             _:internalEval,
@@ -1355,6 +1356,9 @@ return (function () {
         }
 
         function initNode(elt) {
+            if (elt.closest && elt.closest(htmx.config.disableSelector)) {
+                return;
+            }
             var nodeData = getInternalData(elt);
             if (!nodeData.initialized) {
                 nodeData.initialized = true;

www/test/1.3.3/test/core/security.js

@@ -0,0 +1,32 @@
+describe("security options", function() {
+
+    beforeEach(function() {
+        this.server = makeServer();
+        clearWorkArea();
+    });
+    afterEach(function()  {
+        this.server.restore();
+        clearWorkArea();
+    });
+
+    it("can disable a single elt", function(){
+        this.server.respondWith("GET", "/test", "Clicked!");
+
+        var btn = make('<button hx-disable hx-get="/test">Initial</button>')
+        btn.click();
+        this.server.respond();
+        btn.innerHTML.should.equal("Initial");
+    })
+
+    it("can disable a parent  elt", function(){
+        this.server.respondWith("GET", "/test", "Clicked!");
+
+        var div = make('<div hx-disable><button id="b1" hx-get="/test">Initial</button></div>')
+        var btn = byId("b1");
+        btn.click();
+        this.server.respond();
+        btn.innerHTML.should.equal("Initial");
+    })
+
+
+});

www/test/1.3.3/test/index.html

@@ -85,6 +85,7 @@
 <script src="core/parameters.js"></script>
 <script src="core/headers.js"></script>
 <script src="core/regressions.js"></script>
+<script src="core/security.js"></script>
 <script src="core/perf.js"></script>
 <script src="core/validation.js"></script>
 <script src="core/tokenizer.js"></script>