Download Latest Version v3.9.0 source code.tar.gz (22.2 MB)
Email in envelope

Get an email when there's a new version of NiceGUI

Home / v3.8.0
Name Modified Size InfoDownloads / Week
Parent folder
README.md 2026-02-24 5.2 kB
0
v3.8.0 source code.tar.gz 2026-02-24 22.2 MB
0
v3.8.0 source code.zip 2026-02-24 22.9 MB
0
Totals: 3 Items   45.1 MB 0

Security

  • ⚠️ Prevent XSS via unsanitized method names in run_method() (GHSA-78qv-3mpx-9cqq by @anuraagbaishya, @evnchn, @falkoschindler)

    Breaking change: For security reasons, run_method() and run_*_method() no longer accept arbitrary JavaScript expressions as method names. Only actual method names are supported now. If you previously passed JS functions like py row = await grid.run_grid_method('(g) => g.getDisplayedRowAtIndex(0).data') use py row = await run_javascript(f'return getElement({grid.id}).api.getDisplayedRowAtIndex(0).data') instead.

New features and enhancements

  • Preserve cursor position when calling ui.codemirror.set_value (#5775 by @falkoschindler, @evnchn)
  • Wake outbox loop on stop() to avoid ~1s shutdown delay (#5804, [#5805] by @Denubis, @evnchn, @falkoschindler)
  • Prevent prune_user_storage crash when UI elements are created before ui.run_with() (#5480, [#5768] by @TulyOpt, @Phloog, @jammerhund, @evnchn, @falkoschindler)
  • Expose ui.aggrid.VERSION constant for AG Grid version reference (#5726, [#5727] by @taschini, @evnchn, @falkoschindler)

Bugfixes

  • Guard innerHTML writes in ui.html, ui.markdown and ui.interactive_image to avoid server-side updates overwriting client-side DOM modifications (#5749, [#5761], [#5816], [#5821], [#5823], [#5826] by @Denubis, @phifuh, @evnchn, @falkoschindler)
  • Fix ui.echart zoom reset on data update by using getOption() API (#5819, [#5822] by @rtrrtr, @falkoschindler, @evnchn)
  • Fix ui.log background color being tinted by inner scroll-area element (#5828, [#5831] by @rolfn, @falkoschindler, @evnchn)
  • Cancel connection-wait task when page coroutine completes first to prevent task leak (#5803, [#5806] by @Denubis, @evnchn, @falkoschindler)
  • Fix jumpy ui.table fullscreen toggle with smooth scrolling enabled (#5789 by @falkoschindler, @evnchn)
  • Guard against missing element in beforeUnmount hooks during @ui.refreshable rebuild (#5765, [#5766] by @evnchn, @falkoschindler)
  • Fix Leaflet Draw circle resize broken by ES module strict mode (#5751, [#5756] by @MicaelJarniac, @evnchn, @falkoschindler)
  • Exclude Python prefix directory from reload file watcher to prevent spurious reloads (#5750, [#5780] by @phifuh, @evnchn)
  • Fix WebSocket URL missing host on HTTPS due to JS operator precedence (#5734 by @evnchn)
  • Fix race condition: use static DOMPurify import to avoid mid-module yield (#5732, [#5799] by @evnchn, @codingpaula, @rodja, @falkoschindler)

Documentation

  • Add security best practices section (#5736 by @evnchn, @falkoschindler)
  • Add a "Reaktiv Order Calculator" example (#4758, [#5783], [#5812] by @FabianGoessling, @buiapp, @evnchn, @buiapp, @falkoschindler)
  • Add a "Device Control" example with events and logging (#5201, [#5737] by @weinibuliu, @rodja, @eddie3ruff, @evnchn, @falkoschindler)
  • Add AI co-authorship attribution guidance to CONTRIBUTING.md (#5758 by @evnchn, @falkoschindler)
  • Upgrade the "SQLite Database" example to Tortoise ORM 1.0.0 (#5754 by @falkoschindler)
  • Improve Plausible's SPA compatibility for website analytics (#5830 by @evnchn, @rodja)
  • Make first demo always load immediately for better SEO (#5793, [#5800] by @evnchn, @falkoschindler)
  • Fix Googlebot homepage screenshot with unbounded h-screen (#5792 by @evnchn)
  • Select search text when reopening search dialog (#5744, [#5779] by @Aleborg-Finansforbundet, @marcrichard22, @evnchn, @falkoschindler)
  • Fix sponsor button border styling with dark mode support (#5778 by @evnchn)
  • Use static URL for sponsor images instead of local path (#5733 by @evnchn)

Testing

  • Reuse Chrome driver across screen tests for faster execution (#5729 by @evnchn, @falkoschindler)
  • Add support for typing numbers in UserInteraction (#5771, [#5772] by @atollk, @falkoschindler, @evnchn)
  • Reset _page_exception_handler in App.reset() for test isolation (#5809 by @evnchn)
  • Fix flaky page test (#5818 by @falkoschindler, @evnchn)

Dependencies

  • Update bundled Google Fonts: Material Symbols and Roboto v50 (#5743, [#5762] by @VerteinPL, @evnchn, @falkoschindler)
  • Bump Mermaid to 11.12.2 (#5755 by @henriknoren, @falkoschindler, @evnchn)

Infrastructure

  • Add Copilot coding agent setup (#5770 by @evnchn, @falkoschindler)
  • Remove nanasess/setup-chromedriver from CI in favor of runner's preinstalled Chrome (#5740 by @evnchn)
  • Add GitHub CLI and pre-commit hooks to devcontainer (#5741 by @evnchn, @falkoschindler)
  • Add CLAUDE.md with native @AGENTS.md import (#5730 by @rodja, @evnchn)

Special thanks to our top sponsors Lechler GmbH and TestMu AI

and all our other sponsors and contributors for supporting this project!

🙏 Want to support this project? Check out our GitHub Sponsors page to help us keep building amazing features!

Source: README.md, updated 2026-02-24