Released: July 16, 2024

SurveyJS v1.11.7 includes an important fix of a security vulnerability and introduces a capability to store date-time values in UTC.

In previous releases, SurveyModel's navigateToUrl property accepted JavaScript code that could be executed when respondents finished the survey. This security vulnerability enabled an attacker to create a survey JSON schema with malicious code injected into it and execute this code on a victim's device when running the survey. SurveyJS v1.11.7 fixes this vulnerability. Please migrate to the latest SurveyJS version if you use Form Library or Survey Creator in your application.

Text entry form fields with inputType set to "datetime-local" can now store date-time values in UTC. To enable this functionality, set the storeUtcDates property to true in global settings.

import { settings } from "survey-core";

settings.storeUtcDates = true;

With this setting, date-time values are converted from local time to UTC when they are saved to the survey's data object, while the question values remain in local time. Therefore, when you specify default values using a question's defaultValue property, you need to use local time, but if you specify them using the data object, use a UTC date-time value in the following format: "YYYY-MM-DDThh:mm:ss.sssZ".

const surveyJson = {
  "elements": [{
    "name": "datetime",
    "type": "text",
    "title": "Select a date and time",
    "inputType": "datetime-local",
    "defaultValue": "2024-07-16T12:15:00" // Local date-time value
  }]
}

import { Model } from "survey-core";
const surveyJson = { ... }
const survey = new Model(surveyJson);

survey.data = {
  datetime: "2024-07-16T12:15:00.000Z" // UTC date-time value
}

Form Library

• Carry Forward: Ranked items reset their order once another item is carried forward (#8541)
• Carry Forward: It's impossible to specify a default order for rank items if they are copied from another question (#8558)
• questionTitleWidth specified without units (for example, "150") applies on the preview in Survey Creator but not when the survey is standalone (#8555)
• [Knockout] A page is auto-scrolled to focus a survey question (#8530)
• Pattern input mask: Separator characters are ignored when using the browser's autofill feature with inputType: "tel" (#8526)
• Long Text: It's impossible to override the allowResize and autoGrow settings defined at the survey level (#8470)
• Timer is suspended and displays the wrong time if another browser tab was opened during the quiz (#8509)
• today() function cannot be used to get today's month (#8552)
• Progress bar counts invisible questions when calculating the total progress value (#8514)
• Radio buttons appear in a single column regardless of the colCount property value when the panelless theme mode is enabled (#8528)
• checkErrorsMode: "onValueChanged": Validation error doesn't disappear even though the dependent field was corrected (#8539)
• Dynamic Matrix: Condition Editor doesn't list questions located within a detail section (#8561)
• Multi-Select Matrix: Hide the Choices setting when changing the matrix cell type from Dropdown to Text (or other type which doesn't require choices) (#8560)

Survey Creator

• Convert To: Use a default JSON object for the converted question (#5647)
• Dynamic Matrix: "Default row value" dialog doesn't allow changing the default value specified in the JSON schema (#5663)
• onModified with options.type: "ADDED_FROM_TOOLBOX" isn't raised if a survey element is dragged from the Toolbox (#5670)
• [Documentation] options.type: "ADDED_FROM_PAGEBUTTON" is missing in the onModified event description (#5655)
• Multi-Select Matrix: It's impossible to change the input placeholder for a column of a Dropdown type (#5664)
• Select-base questions: "Column count" setting is missing a hint regarding the 0 value (#5677)
• A click on a toolbox item inserts a new question at the end of the page (#5674)

Dashboard

• Word cloud is cropped when words have the same size (#448)

npm i survey-core@1.11.7 survey-angular-ui@1.11.7 --save
npm i survey-creator-core@1.11.7 survey-creator-angular@1.11.7 --save
npm i survey-analytics@1.11.7 --save
npm i survey-pdf@1.11.7 --save

npm i survey-core@1.11.7 survey-react-ui@1.11.7 --save
npm i survey-creator-core@1.11.7 survey-creator-react@1.11.7 --save
npm i survey-analytics@1.11.7 --save
npm i survey-pdf@1.11.7 --save

npm i survey-core@1.11.7 survey-vue3-ui@1.11.7 --save
npm i survey-creator-core@1.11.7 survey-creator-vue@1.11.7 --save
npm i survey-analytics@1.11.7 --save
npm i survey-pdf@1.11.7 --save

npm i survey-core@1.11.7 survey-vue-ui@1.11.7 --save
npm i survey-creator-core@1.11.7 survey-creator-knockout@1.11.7 --save
npm i survey-analytics@1.11.7 --save
npm i survey-pdf@1.11.7 --save

<link href="https://unpkg.com/survey-core@1.11.7/defaultV2.min.css" type="text/css" rel="stylesheet">
<script type="text/javascript" src="https://unpkg.com/survey-core@1.11.7/survey.core.min.js"></script>
<script type="text/javascript" src="https://unpkg.com/survey-knockout-ui@1.11.7/survey-knockout-ui.min.js"></script>

<link href="https://unpkg.com/survey-creator-core@1.11.7/survey-creator-core.min.css" type="text/css" rel="stylesheet">
<script src="https://unpkg.com/survey-creator-core@1.11.7/survey-creator-core.min.js"></script>
<script src="https://unpkg.com/survey-creator-knockout@1.11.7/survey-creator-knockout.min.js"></script>

<link href="https://unpkg.com/survey-analytics@1.11.7/survey.analytics.min.css" rel="stylesheet">
<script src="https://unpkg.com/survey-analytics@1.11.7/survey.analytics.min.js"></script>

<script src="https://unpkg.com/survey-pdf@1.11.7/survey.pdf.min.js"></script>