honeymoose
/
angular-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,361 Commits 5 Branches 1 Tag 210 MiB
Commit Graph

4361 Commits

Author SHA1 Message Date
Martin Probst 7bb5167239 chore(security): fix CHANGELOG formatting. (#8687) 
Turns out the fenced code block needs to be in its own paragraph.
 2016-05-17 15:00:28 -07:00
Hannah Howard 6cdc53c497 fix(UpgradeNg1ComponentAdapter): make bindings available on $scope in controller & link function (#8645) 
Delays NG1 Directive controller instatiation where possible and pre-link function always
to the ngOnInit() lifecycle hook. This way bindings are always available on $scope in both
the controller and the link function.
 2016-05-17 14:53:59 -07:00
Martin Probst 15ae710d22 feat(security): allow url(...) style values. 
Allows sanitized URLs for CSS properties. These can be abused for information
leakage, but only if the CSS rules are already set up to allow for it. That is,
an attacker cannot cause information leakage without controlling the style rules
present, or a very particular setup.

Fixes #8514.
 2016-05-17 11:23:31 +02:00
Martin Probst dd50124254 feat(security): allow data: URLs for images and videos. 
Allows known-to-be-safe media types in data URIs.

Part of #8511.
 2016-05-17 10:57:14 +02:00
Tobias Bosch ff36b0384a fix(compiler_cli): normalize used directives 
- e.g. needed for content projection.

Closes #8677
 2016-05-16 13:07:13 -07:00
Martin Probst 50c9bed630 feat(security): expose the safe value types. 
This allows users to properly type their `SafeHtml`, `SafeStyle`, etc values.

Fixes #8568.
 2016-05-15 11:47:06 +02:00
Martin Probst 8b1b427195 feat(security): support transform CSS functions for sanitization. 
Fixes part of #8514.
 2016-05-14 13:25:45 +02:00
Vikram Subramanian 9a05ca95f6 fix(build): Release compiler_cli packages along with rest of @angular packages and use ANGULAR_VERSION for package version and peer dependencies. 2016-05-13 13:35:10 -07:00
Pawel Kozlowski 05266241af build(npm): short-circuit npm install if node_modules are healthy 
Closes #8627
 2016-05-13 22:07:41 +02:00
Fabian Raetz 4ddf5536b4 docs(DEVELOPER.md): state that git-clang-format must be in PATH 
To use ```git clang-format``` your have to make sure that
```git-clang-format``` is in your path.

Closes #7778
 2016-05-13 12:25:09 -07:00
Mathias Raacke f389b5a961 docs(changelog): add missing breaking changes for testing providers 
Closes #8440
 2016-05-13 12:21:33 -07:00
Vikram Subramanian bac1a6eab3 fix(build): Fix an error in package publishing step where the script errors when a UMD bundle is not found for compiler-cli package. 2016-05-12 16:49:03 -07:00
Vikram Subramanian ff400726ca fix(build): Declare the secure GITHUB_TOKEN_ANGULAR for package publishing from Travis 2016-05-12 15:08:28 -07:00
Vikram Subramanian 267d864976 fix(build): Fix broken e2e test Travis task by running the right variation of sed on Travis 2016-05-12 13:58:42 -07:00
Vikram Subramanian 97a1084c99 fix(build): Hook up publish-build-artifacts to Travis 2016-05-12 12:01:53 -07:00
Marc Laval 61b339678d test(compiler): test schema generation only in Chrome 
Closes #8581
 2016-05-11 17:01:26 -07:00
Marc Laval d537a26297 chore(build): reenable optional jobs in SL and BS 
Closes #8558
 2016-05-11 17:00:43 -07:00
Vikram Subramanian d414734aac fix(build): Change publish-build-artifacts.sh to work with new packaging system 2016-05-11 16:58:18 -07:00
Alex Eagle 817ddfa847 fix(compiler): allow --noImplicitAny 2016-05-11 16:56:12 -07:00
Alex Eagle c1154b30c7 fix(compiler): allow decorators defined in the same file 2016-05-11 16:56:12 -07:00
Alex Eagle 0d71345b93 fix(codegen): codegen all files in the program, not just roots 
fixes #8475
 2016-05-11 16:56:12 -07:00
Igor Minar f235454dd6 ci: temporarily disable Edge because of SauceLabs issues 
https://github.com/angular/angular/issues/8604

On Sauce we've been getting the following error:

11 05 2016 00:58:35.765:ERROR [launcher.sauce]: Heartbeat to microsoftedge 20.10240 (Windows 10) failed
  [title()] Error response status: 13, , UnknownError - An unknown server-side error occurred while processing the command. Selenium error: Unknown error (WARNING: The server did not provide any stacktrace information)
Command duration or timeout: 285 milliseconds
Build info: version: '2.52.0', revision: '4c2593c', time: '2016-02-11 19:06:42'
System info: host: 'WIN-SB3ER6JQ6ME', ip: '172.20.60.246', os.name: 'Windows 10', os.arch: 'x86', os.version: '10.0', java.version: '1.8.0_73'
Driver info: org.openqa.selenium.edge.EdgeDriver
Capabilities [{acceptSslCerts=true, browserVersion=25.10586.0.0, platformVersion=10, browserName=MicrosoftEdge, takesScreenshot=true, pageLoadStrategy=normal, takesElementScreenshot=true, platformName=windows, platform=ANY}]
Session ID: XXXXXXXX-XXXX-XXXX-XXXX-XXXX478C1C1A
11 05 2016 00:58:35.766:ERROR [launcher]: microsoftedge 20.10240 (Windows 10) on SauceLabs failed 2 times (failure). Giving up.
 2016-05-11 11:06:37 -07:00
Igor Minar 6a80578d05 build: create the dist directory before building 2016-05-11 10:11:59 -07:00
Igor Minar d33cd43db1 docs(PULL_REQUEST_TEMPLATE.md): reorganize and improve the pull request template 
Closes #7921
 2016-05-10 10:55:35 -07:00
Alex Eagle 9e3df8eefe chore(tsickle): remove redundant jsdoc types 
tsickle doesn't like them, and anyway they are bound to get out-of-sync with the inline TS types
 2016-05-10 17:38:10 +02:00
Martin Probst cf73ad7c8f chore(security): document sanitization breaking change. 
Sanitizing style and URL values breaks specific patterns, see #8491 for
an example. This documents and acknowledges the breaking change while we
work on improving CSS sanitization to allow more values through.
 2016-05-10 17:36:36 +02:00
Martin Probst 3e68b7eb1f feat(security): warn users when sanitizing in dev mode. 
This should help developers to figure out what's going on when the sanitizer
strips some input.

Fixes #8522.
 2016-05-09 16:46:31 +02:00
Matias Niemelä 9fbafba993 chore(parsing): change internal usage of `@` to `:` for namespaced values 
Closes #8346
 2016-05-09 16:20:32 +02:00
Martin Probst 7a524e3deb feat(security): add tests for URL sanitization. 2016-05-09 16:00:24 +02:00
Martin Probst 7b6c4d5acc feat(security): add tests for style sanitisation. 2016-05-09 16:00:24 +02:00
Martin Probst 99c0d503d7 chore(build): run security tests in NodeJS, too. 2016-05-09 16:00:24 +02:00
Martin Probst f86edae9f3 feat(security): add an HTML sanitizer. 
This is based on Angular 1's implementation, parsing an HTML document
into an inert DOM Document implementation, and then serializing only
specifically whitelisted elements.

It currently does not support SVG sanitization, all SVG elements are
rejected.

If available, the sanitizer uses the `<template>` HTML element as an
inert container.

Sanitization works client and server-side.

Reviewers: rjamet, tbosch , molnarg , koto

Differential Revision: https://reviews.angular.io/D108
 2016-05-09 16:00:24 +02:00
Martin Probst df1b1f6957 feat(security): strip XSSI prefix from XHR responses. 2016-05-05 14:25:44 -07:00
Martin Probst 9099160038 chore: fix comment indent. 2016-05-05 12:46:07 -07:00
Tobias Bosch 119abe7bb9 chore: fail build if a command from tsc-watch fails. 
This bug was introduced with eba6e7946d
to integrate the compiler_cli into the build properly.

Closes #8480
 2016-05-04 20:30:10 -07:00
Martin Probst 67ed2e2c0a feat(security): fill in missing security contexts. 
Reviewers: koto, rjamet, molnarg

Differential Revision: https://reviews.angular.io/D109
 2016-05-04 19:28:50 -07:00
Tobias Bosch 6d36a7a45f chore: fix unit tests on node.js 
Closes #8476
 2016-05-04 18:00:29 -07:00
Tobias Bosch e2b1e1577d fix(core): don’t detach nested view containers when destroying a view 
When a view is destroyed, we destroy all
views in view containers and should not detach them. However, previously, we also detached them which lead to problems during the iteration loop.

Closes #8458
Closes #8471

Introduced by 0c600cf6e3
 2016-05-04 16:27:20 -07:00
vsavkin b30ddfbfc5 chore(router): clang-format 2016-05-04 15:01:27 -07:00
vsavkin abfb522f83 refactor(router): reuse existing segmentes when constructing new route trees 2016-05-04 14:51:04 -07:00
vsavkin b8136cc26e fix(router): provide a top-level route segment for injection 2016-05-04 14:51:04 -07:00
vsavkin d00b26d941 refactor(router): update link to reuse url segments when possible 2016-05-04 14:51:04 -07:00
vsavkin 12637a761c refactor(router): make names consistent 2016-05-04 14:50:00 -07:00
vsavkin 1a0aea67a0 feat(core): add a component resolver that can load components lazily using system.js 2016-05-04 14:50:00 -07:00
vsavkin 0f1465b899 feat(router): update router to support lazy loading 2016-05-04 14:50:00 -07:00
Tobias Bosch c0cfd3c6ed chore: remove ts-metadata-collector from shrinkwrap 
We need to use the locally installed one.

Closes #8467
 2016-05-04 12:29:47 -07:00
Tobias Bosch a81923b793 fix(compiler): emit correct types for literal arrays and maps. 2016-05-04 12:14:44 -07:00
Tobias Bosch 7150ace7c7 fix(compiler): support lifecycle hooks in compiler_cli 2016-05-04 12:14:43 -07:00
Tobias Bosch bdce154282 chore: add test script for compiler_cli 2016-05-04 12:14:43 -07:00
Tobias Bosch 5a84048f72 chore: adjust build for `tools/metadata` name change 2016-05-04 12:14:38 -07:00