Skip to content

feat(core): add calculated fields and gated JavaScript evaluation#73

Open
lattln wants to merge 3 commits into
mainfrom
41-support-calculations-to-set-value-of-esheet-items
Open

feat(core): add calculated fields and gated JavaScript evaluation#73
lattln wants to merge 3 commits into
mainfrom
41-support-calculations-to-set-value-of-esheet-items

Conversation

@lattln

@lattln lattln commented Jun 22, 2026

Copy link
Copy Markdown
Collaborator

Overview

This pull request adds JavaScript-based field calculations and JavaScript rule conditions to eSheet.

Calculated fields automatically update when questionnaire responses change. JavaScript execution is protected by a two-layer opt-in model. The schema must explicitly enable dangerous JavaScript, and the host application must separately allow it. If either setting is disabled, calculations and JavaScript conditions are not evaluated.

This change also separates display fields from standard response fields so presentational content cannot define questions, validation requirements, or calculations.

What Changed

  • Added a calculation property to standard field definitions
  • Recalculate calculated fields when questionnaire responses change
  • Added js as a supported rule condition type
  • Added shared JavaScript expression evaluation for calculations and conditions
  • Required both schema-level and host-level permission before executing JavaScript
  • Propagated JavaScript permissions through rule evaluation, effects, and validation
  • Added builder controls for configuring calculations and JavaScript conditions
  • Passed JavaScript permissions through builder and renderer initialization
  • Updated FHIR, SurveyJS, and MCP-related code for the revised field types
  • Separated display field definitions from response-based field definitions
  • Added test schemas for calculated fields and JavaScript conditions
  • Added dangerous JavaScript documentation
  • Split field-type documentation into individual pages

How to Test

  1. Start the eSheet development environment.

  2. Load a schema that includes:

    • dangerouslyAllowJS: true
    • A field with a calculation expression
    • A rule using conditionType: "js"

  3. Enable JavaScript execution through the builder or renderer host configuration.

  4. Change a response referenced by the calculation.

  5. Verify the calculated field updates with the expected value.

  6. Change responses referenced by the JavaScript condition.

  7. Verify the associated rule effect is applied correctly.

  8. Disable JavaScript permission at the host level.

  9. Verify calculations and JavaScript conditions no longer execute.

  10. Re-enable host permission and remove dangerouslyAllowJS from the schema.

  11. Verify JavaScript execution remains disabled.

  12. Add or render a display field.

  13. Verify display fields remain presentational and do not support questions, required validation, responses, or calculations.

  14. Run the existing test, lint, type-check, and build commands for the monorepo.

Security Considerations

JavaScript execution requires both of the following:

  • The form definition includes dangerouslyAllowJS: true
  • The host application explicitly enables dangerous JavaScript

Neither setting enables JavaScript independently. Schemas that use this feature must be treated as trusted code because expressions are evaluated at runtime.

Breaking Changes

Display fields no longer inherit from the standard base field definition. Properties intended for response-based fields, including question, required, and calculation, are no longer supported on display fields.

No breaking changes are expected for standard questionnaire fields that do not rely on the previous display field type structure.

@lattln
feat(core): add calculated fields and gated JavaScript evaluation
949b9d8 
Add JavaScript-based field calculations and rule conditions behind a two-layer opt-in security model.

* Add `calculation` support to standard field definitions
* Recalculate calculated fields when dependent responses change
* Add JavaScript expressions as a supported condition type
* Require both the schema and host application to enable JavaScript execution
* Propagate JavaScript permissions through rules, effects, and validation
* Keep display fields presentational by removing response-oriented properties
* Add builder controls for calculations and JavaScript conditions
* Pass JavaScript permissions through the renderer initialization flow
* Update adapters for the revised field and condition types
* Add dangerous JavaScript documentation and calculation test schemas
* Split field-type documentation into individual pages
@lattln lattln linked an issue Jun 22, 2026 that may be closed by this pull request
Support calculations to set value of eSheet items #41
Open
@lattln

lattln commented Jun 22, 2026

Copy link
Copy Markdown
Collaborator Author

Closes Ticket #41 #40

@lattln lattln linked an issue Jun 22, 2026 that may be closed by this pull request
Conditional expressions should be able to contain arbitrary JavaScript #40
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support calculations to set value of eSheet items Conditional expressions should be able to contain arbitrary JavaScript

1 participant

@lattln