Highlights
This release hardens the local editor runtime, improves desktop and live-import reliability, and refocuses the documentation on backend code generation.
Security
- Test helpers now extract the embedded runtime configuration from script tags with Python's HTML parser instead of a regular expression, matching browser HTML behavior and closing CodeQL coverage warnings.
- Shortcut tooltips now render text with DOM
textContentnodes instead of writing generated HTML, avoiding DOM text-to-HTML reinterpretation. - Static asset requests now normalize and reject unsafe URL path segments, then serve only keys already present in the static asset cache allowlist.
Changed
- The optional
desktopextra now targetspywebview6.2.1 or newer within the 6.x series, and desktop exports now use the modernFileDialog.SAVEAPI while keeping a compatibility fallback for older local environments. - Pywebview launches now reject non-main-thread calls before allocating the local HTTP server, server startup cleanup also covers interrupted readiness probes, and advertised editor URLs now format IPv6 correctly while mapping wildcard binds to loopback URLs for local clients.
- Live Python imports now normalize inherited relative
PYTHONPATHentries before switching the subprocess working directory, so helper imports and optional backends keep working when the caller relies on relative paths. scripts/run_pyright.pynow falls back to the active interpreter when the shared.venvlauncher exists but cannot actually start, which keeps targeted type-check tests usable on Windows after Python upgrades.- Documentation now presents the library primarily as a simple way to generate backend code for complex tensor networks across several frameworks, with figure rendering described as a secondary export workflow.
Full changelog: https://github.com/DOKOS-TAYOS/Tensor-Network-Editor/blob/v1.1.0/CHANGELOG.md