BREAKING CHANGES:
`containsRegexp` is no more exported from `@angular/core/testing`. It should not have been part of the public API in the first place.
BREAKING CHANGE: Parse5Adapter is no longer exported as public API, use serverBootstrap()
Parse5Adapter is an implementation detail not a public API
Closes#9237Closes#9205
After splitting the facades into multiple modules,
enabling prod mode for code had no effect for the compiler.
Also in a change between RC1 and RC2 we created the `CompilerConfig`
via a provider with `useValue` and not via a `useFactory`, which reads
the prod mode too early.
Closes#9318Closes#8508Closes#9318
Also modified static reflector to allow writing tests in using
the .ts and using the MetadataCollector.
Also made MetadataCollector be able to use SourceFiles that have
not been bound (that is, don't have the parent property set).
Fixes#9182Fixes#9265
This lets users continue using runtime-sideeffect Decorators if they choose,
only down-leveling the marked ones to Annotations.
Also remove the "skipTemplateCodegen" option, which is no longer needed
since Angular compiles with tsc-wrapped rather than ngc. The former doesn't
include any codegen.
"render" is gramatically incorrect and confusing to developers who used this api.
Since webworker apis were exposed only in master, renaming these before the rc2 release
is not a breaking change
Previously these symbols were exposed via platform-browser-dynamic, then we merged then into platform-browser
thinking that tools would know how to shake off the compiler and other dynamic bits not used with the offline
compilation flow. This turned out to be wrong as both webpack and rollup don't have good enough tree-shaking
capabilities to do this today. We think that in the future we'll be able to merge these two entry points into
one, but we need to give tooling some time before we can do it. In the meantime the reintroduction of the -dynamic
package point allows us to separate the compiler dependencies from the rest of the framework.
This change undoes the previous breaking change that removed the platform-browser-dynamic package.
The collector now collects the body of functions that return an
expression as a symbolic 'function'. The static reflector supports
expanding these functions statically to allow provider macros.
Also added support for the array spread operator in both the
collector and the static reflector.
Now that we have --noImplicitAny we don't need these checks for explicit types in specific locations.
Also re-enable the check to disallow keywords as variable names.
* Revert "fix(d.ts): enable angular2 compilation with TS flag --strictNullChecks (#8902)"
This reverts commit 7e352a27f7.
* test: add typescript test for our typings
currently this doesn't throw or break the build, first we need to resolve all
of the existing issues.
to run execute: ./tools/tree-shaking-test/test.sh
then inspect dist/tree-shaking/test/**/*.bundle.js
* test: add tree-shaking test
currently this doesn't throw or break the build, first we need to resolve all
of the existing issues.
to run execute: ./tools/tree-shaking-test/test.sh
then inspect dist/tree-shaking/test/**/*.bundle.js
* fix(http): remove peerDep on @angular/common
it is not needed there because it will get transitively installed by @angular/platform-browser
we only need to declare this dependency in tsconfig.json because tsconfig.json's
do not support transitive dependencies in this way.
StaticReflector provides more context on errors reported by the
collector.
The metadata collector now records the line and character of the node that
caused it to report the error.
Includes other minor fixes to error reporting and a wording change.
Fixes#8978Closes#9011
There is no need to expose this additional method inside of the Renderer
API. The functionality can be restored by looping and calling
`setElementStyle` instead.
Note that this change is changing code that was was introduced after
the last release therefore this fix is not a breaking change.
Closes#9000Closes#9009
The metadata collector was modified to look up references in the
import list instead of resolving the symbol using the TypeChecker
making the use of the TypeChecker vestigial. This change removes
all uses of the TypeChecker.
Modified the schema to be able to record global and local (non-module
specific references).
Added error messages to the schema and errors are recorded in
the metadata file allowing the static reflector to throw errors
if an unsupported construct is referenced by metadata.
Closes#8966Fixes#8893Fixes#8894
- many entry points were previously missing (e.g. all testing entry points, http, etc)
- upgrade ts-api-guardian to 0.0.3 that adds support for more api surface
- add all info to the spec that was surfaced by ts-api-guardian@0.0.3
This ensures we run in a clean directory, using our real distribution. It finds bugs like @internal
APIs needed to type-check in the offline compiler, as well as problems in package.json.
Also move tsc-wrapped under tools/@angular
This allows angular's build to depend on some extensions, but not on code generation, and breaks a cycle in the angular build
We now merge ts-metadata-collector into tsc-wrapped and stop publishing the former.
Added and used the cors middleware:
- add the module as a dev depedency in the package.json file
- require the module in the jsserve.js file
- add the module in the middleware list
Closes#7273Closes#7274
Summary:
This adds basic security hooks to Angular 2.
* `SecurityContext` is a private API between core, compiler, and
platform-browser. `SecurityContext` communicates what context a value is used
in across template parser, compiler, and sanitization at runtime.
* `SanitizationService` is the bare bones interface to sanitize values for a
particular context.
* `SchemaElementRegistry.securityContext(tagName, attributeOrPropertyName)`
determines the security context for an attribute or property (it turns out
attributes and properties match for the purposes of sanitization).
Based on these hooks:
* `DomSchemaElementRegistry` decides what sanitization applies in a particular
context.
* `DomSanitizationService` implements `SanitizationService` and adds *Safe
Value*s, i.e. the ability to mark a value as safe and not requiring further
sanitization.
* `url_sanitizer` and `style_sanitizer` sanitize URLs and Styles, respectively
(surprise!).
`DomSanitizationService` is the default implementation bound for browser
applications, in the three contexts (browser rendering, web worker rendering,
server side rendering).
BREAKING CHANGES:
*** SECURITY WARNING ***
Angular 2 Release Candidates do not implement proper contextual escaping yet.
Make sure to correctly escape all values that go into the DOM.
*** SECURITY WARNING ***
Reviewers: IgorMinar
Differential Revision: https://reviews.angular.io/D103
Marc Laval
ScottSWu
Victor Berchet
vsavkin
Misko Hevery
Tobias Bosch
Chuck Jazdzewski
Pawel Kozlowski
Alex Eagle
Olivier Chafik
Igor Minar
Kara
Shlomi Assaf
Rob Wormald
Martin Probst
Kara Erickson
Igor Minar
Matias Niemelä
Hannah Howard
laco0416
Suguru Inatomi
Anton Moiseev
Alex Eagle
Felix Itzenplitz
Thierry Templier
Tero Parviainen