web/admin: bug: stage update forms not rendering, several modal form buttons missing#20373
Merged
kensternberg-authentik merged 1 commit intomainfrom Feb 18, 2026
Merged
Conversation
…buttons missing ## What Names being passed to the browser were being incorrectly rendered. This commit updates the code in `StrictUnsafe` so that after the correct-use assertion is passed, the elementProperties are checked to see if the attribute has been named differently from the typed attribute field, and if so, retrieves the attribute name and passes it, rather than the field name, to the browser. ## Why Since we have a lot of components with similar interfaces, it makes sense to try and check that they’re being used correctly and that the types associated with them are correct. Plus Lit, unlike React, doesn’t have a self-erasing syntax: every Lit element *is* an element, whereas JSX is an esoteric function call syntax that happens to look like XML. JavaScript templates aren’t as pretty as JSX, but they get the job done just as readily. But in this case, cleverness bit us: we want to use the component’s JavaScript field names and types to validate that we’re using it correctly and passing the right types, but in the end we’re constructing a tag that will trigger the browser to construct the component and use it– and the field names don’t always correspond to the attribute name. Lit has a syntax for mapping the one to the other and stores it in the `elementProperties` field. This code checks that, after we’ve determined the correct prefix for an property field that has been passed into the component, that we’ve also checked and extracted the correct *attribute name* for that property field. Most of the time it will be the same as the property field, but it muts always be checked.
✅ Deploy Preview for authentik-storybook ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
✅ Deploy Preview for authentik-docs ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #20373 +/- ##
==========================================
- Coverage 93.30% 93.25% -0.05%
==========================================
Files 981 981
Lines 55161 55161
==========================================
- Hits 51466 51443 -23
- Misses 3695 3718 +23
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Contributor
|
authentik PR Installation instructions Instructions for docker-composeAdd the following block to your AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-1f3efeadf0d4ec0494c348e2c19b65e62e76eee6
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)sAfterwards, run the upgrade commands from the latest release notes. Instructions for KubernetesAdd the following block to your authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-1f3efeadf0d4ec0494c348e2c19b65e62e76eee6Afterwards, run the upgrade commands from the latest release notes. |
BeryJu
approved these changes
Feb 18, 2026
GirlBossRush
approved these changes
Feb 18, 2026
authentik-automation bot
pushed a commit
that referenced
this pull request
Feb 18, 2026
…buttons missing (#20373) ## What Names being passed to the browser were being incorrectly rendered. This commit updates the code in `StrictUnsafe` so that after the correct-use assertion is passed, the elementProperties are checked to see if the attribute has been named differently from the typed attribute field, and if so, retrieves the attribute name and passes it, rather than the field name, to the browser. ## Why Since we have a lot of components with similar interfaces, it makes sense to try and check that they’re being used correctly and that the types associated with them are correct. Plus Lit, unlike React, doesn’t have a self-erasing syntax: every Lit element *is* an element, whereas JSX is an esoteric function call syntax that happens to look like XML. JavaScript templates aren’t as pretty as JSX, but they get the job done just as readily. But in this case, cleverness bit us: we want to use the component’s JavaScript field names and types to validate that we’re using it correctly and passing the right types, but in the end we’re constructing a tag that will trigger the browser to construct the component and use it– and the field names don’t always correspond to the attribute name. Lit has a syntax for mapping the one to the other and stores it in the `elementProperties` field. This code checks that, after we’ve determined the correct prefix for an property field that has been passed into the component, that we’ve also checked and extracted the correct *attribute name* for that property field. Most of the time it will be the same as the property field, but it muts always be checked.
Contributor
|
🍒 Cherry-pick to |
kensternberg-authentik
added a commit
that referenced
this pull request
Feb 18, 2026
* main: (52 commits) web/admin: bug: stage update forms not rendering, several modal form buttons missing (#20373) lifecycle: bump rac guacd base image (#20390) web: revert `tree-sitter` removal from lockfile (#20377) root: fix dependabot config for docker (#20380) website/docs: Fix broken link to flow executor (#20364) core: add cause to `ak_groups` deprecation event and logs (#20361) rbac: fix object permission request (#20304) enterprise/providers/ws_federation: fix incorrect metadata download URL (#20173) core, web: update translations (#20303) stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#20305) core: bump django-countries from 7.6.1 to 8.2.0 (#19459) web: bump the storybook group across 1 directory with 5 updates (#20130) web: bump pino from 10.3.0 to 10.3.1 in /web (#20133) core: bump github.com/pires/go-proxyproto from 0.10.0 to 0.11.0 (#20182) web: bump @patternfly/elements from 4.2.0 to 4.3.1 in /web (#20185) lifecycle/aws: bump aws-cdk from 2.1105.0 to 2.1106.0 in /lifecycle/aws (#20272) web: bump chromedriver from 145.0.1 to 145.0.3 in /web (#20313) web: bump @sentry/browser from 10.38.0 to 10.39.0 in /web in the sentry group across 1 directory (#20340) web: bump mermaid from 11.12.2 to 11.12.3 in /web (#20359) ci: bump tj-actions/changed-files from 47.0.2 to 47.0.3 (#20357) ...
kensternberg-authentik
added a commit
that referenced
this pull request
Feb 18, 2026
…to web/flow/tablize-token-component-relationship-v3-error-handling * web/flow/19999-tablize-token-component-relationship: (58 commits) web/admin: maintenance: centralize types that are used across stages (#20398) website/integrations: beszel: remove slug reference (#20393) web/admin: maintenance: give dialogs default exports (#20397) web: Fix element property names with custom attributes. (#20396) enterprise/providers/microsoft_entra: fix dangling comma (#20391) web/admin: bug: stage update forms not rendering, several modal form buttons missing (#20373) lifecycle: bump rac guacd base image (#20390) web: revert `tree-sitter` removal from lockfile (#20377) root: fix dependabot config for docker (#20380) website/docs: Fix broken link to flow executor (#20364) core: add cause to `ak_groups` deprecation event and logs (#20361) rbac: fix object permission request (#20304) enterprise/providers/ws_federation: fix incorrect metadata download URL (#20173) core, web: update translations (#20303) stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#20305) core: bump django-countries from 7.6.1 to 8.2.0 (#19459) web: bump the storybook group across 1 directory with 5 updates (#20130) web: bump pino from 10.3.0 to 10.3.1 in /web (#20133) core: bump github.com/pires/go-proxyproto from 0.10.0 to 0.11.0 (#20182) web: bump @patternfly/elements from 4.2.0 to 4.3.1 in /web (#20185) ...
GirlBossRush
added a commit
that referenced
this pull request
Feb 19, 2026
…buttons missing (cherry-pick #20373 to version-2026.2) (#20394) * web/admin: bug: stage update forms not rendering, several modal form buttons missing (#20373) ## What Names being passed to the browser were being incorrectly rendered. This commit updates the code in `StrictUnsafe` so that after the correct-use assertion is passed, the elementProperties are checked to see if the attribute has been named differently from the typed attribute field, and if so, retrieves the attribute name and passes it, rather than the field name, to the browser. ## Why Since we have a lot of components with similar interfaces, it makes sense to try and check that they’re being used correctly and that the types associated with them are correct. Plus Lit, unlike React, doesn’t have a self-erasing syntax: every Lit element *is* an element, whereas JSX is an esoteric function call syntax that happens to look like XML. JavaScript templates aren’t as pretty as JSX, but they get the job done just as readily. But in this case, cleverness bit us: we want to use the component’s JavaScript field names and types to validate that we’re using it correctly and passing the right types, but in the end we’re constructing a tag that will trigger the browser to construct the component and use it– and the field names don’t always correspond to the attribute name. Lit has a syntax for mapping the one to the other and stores it in the `elementProperties` field. This code checks that, after we’ve determined the correct prefix for an property field that has been passed into the component, that we’ve also checked and extracted the correct *attribute name* for that property field. Most of the time it will be the same as the property field, but it muts always be checked. * web: Fix element property names with custom attributes. --------- Co-authored-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com> Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
kensternberg-authentik
added a commit
that referenced
this pull request
Feb 21, 2026
…to web/flow/20030-one-true-api * web/flow/19999-tablize-token-component-relationship: (58 commits) web: Flesh out stage mapping error handling. (#20292) web/admin: maintenance: centralize types that are used across stages (#20398) website/integrations: beszel: remove slug reference (#20393) web/admin: maintenance: give dialogs default exports (#20397) web: Fix element property names with custom attributes. (#20396) enterprise/providers/microsoft_entra: fix dangling comma (#20391) web/admin: bug: stage update forms not rendering, several modal form buttons missing (#20373) lifecycle: bump rac guacd base image (#20390) web: revert `tree-sitter` removal from lockfile (#20377) root: fix dependabot config for docker (#20380) website/docs: Fix broken link to flow executor (#20364) core: add cause to `ak_groups` deprecation event and logs (#20361) rbac: fix object permission request (#20304) enterprise/providers/ws_federation: fix incorrect metadata download URL (#20173) core, web: update translations (#20303) stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#20305) core: bump django-countries from 7.6.1 to 8.2.0 (#19459) web: bump the storybook group across 1 directory with 5 updates (#20130) web: bump pino from 10.3.0 to 10.3.1 in /web (#20133) core: bump github.com/pires/go-proxyproto from 0.10.0 to 0.11.0 (#20182) ...
kensternberg-authentik
added a commit
that referenced
this pull request
Feb 23, 2026
…t-flow-inspector * web/flow/20030-one-true-api: (58 commits) web: Flesh out stage mapping error handling. (#20292) web/admin: maintenance: centralize types that are used across stages (#20398) website/integrations: beszel: remove slug reference (#20393) web/admin: maintenance: give dialogs default exports (#20397) web: Fix element property names with custom attributes. (#20396) enterprise/providers/microsoft_entra: fix dangling comma (#20391) web/admin: bug: stage update forms not rendering, several modal form buttons missing (#20373) lifecycle: bump rac guacd base image (#20390) web: revert `tree-sitter` removal from lockfile (#20377) root: fix dependabot config for docker (#20380) website/docs: Fix broken link to flow executor (#20364) core: add cause to `ak_groups` deprecation event and logs (#20361) rbac: fix object permission request (#20304) enterprise/providers/ws_federation: fix incorrect metadata download URL (#20173) core, web: update translations (#20303) stages/authenticator_webauthn: Update FIDO MDS3 & Passkey aaguid blobs (#20305) core: bump django-countries from 7.6.1 to 8.2.0 (#19459) web: bump the storybook group across 1 directory with 5 updates (#20130) web: bump pino from 10.3.0 to 10.3.1 in /web (#20133) core: bump github.com/pires/go-proxyproto from 0.10.0 to 0.11.0 (#20182) ...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Names being passed to the browser were being incorrectly rendered. This commit updates the code in
StrictUnsafeso that after the correct-use assertion is passed, the elementProperties are checked to see if the attribute has been named differently from the typed attribute field, and if so, retrieves the attribute name and passes it, rather than the field name, to the browser.Why
Since we have a lot of components with similar interfaces, it makes sense to try and check that they’re being used correctly and that the types associated with them are correct. Plus Lit, unlike React, doesn’t have a self-erasing syntax: every Lit element is an element, whereas JSX is an esoteric function call syntax that happens to look like XML. JavaScript templates aren’t as pretty as JSX, but they get the job done just as readily.
But in this case, cleverness bit us: we want to use the component’s JavaScript field names and types to validate that we’re using it correctly and passing the right types, but in the end we’re constructing a tag that will trigger the browser to construct the component and use it– and the field names don’t always correspond to the attribute name. Lit has a syntax for mapping the one to the other and stores it in the
elementPropertiesfield.This code checks that, after we’ve determined the correct prefix for an property field that has been passed into the component, that we’ve also checked and extracted the correct attribute name for that property field. Most of the time it will be the same as the property field, but it must always be checked.
make web)