Commit Graph

3068 Commits

Author SHA1 Message Date
Martin Probst 3e68b7eb1f feat(security): warn users when sanitizing in dev mode.
This should help developers to figure out what's going on when the sanitizer
strips some input.

Fixes #8522.
2016-05-09 16:46:31 +02:00
Matias Niemelä 9fbafba993 chore(parsing): change internal usage of `@` to `:` for namespaced values
Closes #8346
2016-05-09 16:20:32 +02:00
Martin Probst 7a524e3deb feat(security): add tests for URL sanitization. 2016-05-09 16:00:24 +02:00
Martin Probst 7b6c4d5acc feat(security): add tests for style sanitisation. 2016-05-09 16:00:24 +02:00
Martin Probst f86edae9f3 feat(security): add an HTML sanitizer.
This is based on Angular 1's implementation, parsing an HTML document
into an inert DOM Document implementation, and then serializing only
specifically whitelisted elements.

It currently does not support SVG sanitization, all SVG elements are
rejected.

If available, the sanitizer uses the `<template>` HTML element as an
inert container.

Sanitization works client and server-side.

Reviewers: rjamet, tbosch , molnarg , koto

Differential Revision: https://reviews.angular.io/D108
2016-05-09 16:00:24 +02:00
Martin Probst df1b1f6957 feat(security): strip XSSI prefix from XHR responses. 2016-05-05 14:25:44 -07:00
Martin Probst 9099160038 chore: fix comment indent. 2016-05-05 12:46:07 -07:00
Martin Probst 67ed2e2c0a feat(security): fill in missing security contexts.
Reviewers: koto, rjamet, molnarg

Differential Revision: https://reviews.angular.io/D109
2016-05-04 19:28:50 -07:00
Tobias Bosch 6d36a7a45f chore: fix unit tests on node.js
Closes #8476
2016-05-04 18:00:29 -07:00
Tobias Bosch e2b1e1577d fix(core): don’t detach nested view containers when destroying a view
When a view is destroyed, we destroy all
views in view containers and should not detach them. However, previously, we also detached them which lead to problems during the iteration loop.

Closes #8458
Closes #8471

Introduced by 0c600cf6e3
2016-05-04 16:27:20 -07:00
vsavkin b30ddfbfc5 chore(router): clang-format 2016-05-04 15:01:27 -07:00
vsavkin abfb522f83 refactor(router): reuse existing segmentes when constructing new route trees 2016-05-04 14:51:04 -07:00
vsavkin b8136cc26e fix(router): provide a top-level route segment for injection 2016-05-04 14:51:04 -07:00
vsavkin d00b26d941 refactor(router): update link to reuse url segments when possible 2016-05-04 14:51:04 -07:00
vsavkin 12637a761c refactor(router): make names consistent 2016-05-04 14:50:00 -07:00
vsavkin 1a0aea67a0 feat(core): add a component resolver that can load components lazily using system.js 2016-05-04 14:50:00 -07:00
vsavkin 0f1465b899 feat(router): update router to support lazy loading 2016-05-04 14:50:00 -07:00
Tobias Bosch a81923b793 fix(compiler): emit correct types for literal arrays and maps. 2016-05-04 12:14:44 -07:00
Tobias Bosch 7150ace7c7 fix(compiler): support lifecycle hooks in compiler_cli 2016-05-04 12:14:43 -07:00
Tobias Bosch bdce154282 chore: add test script for compiler_cli 2016-05-04 12:14:43 -07:00
Tobias Bosch 5a84048f72 chore: adjust build for `tools/metadata` name change 2016-05-04 12:14:38 -07:00
Igor Minar 52595f52f9 chore: make workaround_empty_observable_list_diff @internal 2016-05-04 01:12:40 -06:00
Tobias Bosch edec158dd8 fix(compiler_cli): allow to use builtin directives like `NgIf`, …
Related to #8448
Closes #8454
2016-05-03 20:49:17 -07:00
Tobias Bosch 0297398f5e chore: clang-format master 2016-05-03 18:56:39 -07:00
Igor Minar 9485f5a813 fix: platform-server should declare it's dependency on parse5 via package.json 2016-05-03 18:07:52 -06:00
Tobias Bosch eba6e7946d refactor(compiler_cli): move it into modules/@angular and integrate properly into the build
This also does no more depend on a version
on npm for the compiler_cli.

Also runs the tests for tools/metadata
2016-05-03 15:57:49 -07:00
Igor Minar b600915953 build: add licensing preamble to umd bundles 2016-05-03 13:59:30 -06:00
Igor Minar 905f38acb8 build: fix source map paths for npm packages
the bundles have source mpas disabled for now because when we downlevel
the esm bundle to es5 tsc doesn't consider the original source map so
we end up with a source map pointing to the esm bundle instead which is
not useful.
2016-05-03 13:36:33 -06:00
Vikram Subramanian 509f4ec611 fix(testing): Check for pending macrotasks in ComponentFixture.whenStable() and ComponentFixture.isStable()
Closes #8389
2016-05-03 11:50:35 -07:00
Felix Itzenplitz 27a7b51d99 fix(docs): upgrade deprecated ngFor-Syntax 2016-05-03 11:49:33 -07:00
vsavkin b98c9e74e1 docs(router): add api docs 2016-05-03 11:35:07 -07:00
vsavkin 9f784dcc5a cleanup(router): fix e2e tests 2016-05-03 10:25:44 -07:00
vsavkin b625f2471a feat(router): make RouterLink accept single values 2016-05-03 10:25:44 -07:00
vsavkin 3aa2606ff1 cleanup(router): make names consistent 2016-05-03 10:25:44 -07:00
vsavkin 89704e0f93 fix(router): add support for ../ 2016-05-03 10:25:44 -07:00
Martin Probst 908a102a87 feat: security implementation in Angular 2.
Summary:
This adds basic security hooks to Angular 2.

* `SecurityContext` is a private API between core, compiler, and
  platform-browser. `SecurityContext` communicates what context a value is used
  in across template parser, compiler, and sanitization at runtime.
* `SanitizationService` is the bare bones interface to sanitize values for a
  particular context.
* `SchemaElementRegistry.securityContext(tagName, attributeOrPropertyName)`
  determines the security context for an attribute or property (it turns out
  attributes and properties match for the purposes of sanitization).

Based on these hooks:

* `DomSchemaElementRegistry` decides what sanitization applies in a particular
  context.
* `DomSanitizationService` implements `SanitizationService` and adds *Safe
  Value*s, i.e. the ability to mark a value as safe and not requiring further
  sanitization.
* `url_sanitizer` and `style_sanitizer` sanitize URLs and Styles, respectively
  (surprise!).

`DomSanitizationService` is the default implementation bound for browser
applications, in the three contexts (browser rendering, web worker rendering,
server side rendering).

BREAKING CHANGES:
*** SECURITY WARNING ***
Angular 2 Release Candidates do not implement proper contextual escaping yet.
Make sure to correctly escape all values that go into the DOM.
*** SECURITY WARNING ***

Reviewers: IgorMinar

Differential Revision: https://reviews.angular.io/D103
2016-05-03 09:21:43 -07:00
Tobias Bosch dd6e0cf1b5 fix(compiler): fix where pipes live
Impure pipes need to live on the view
that used them and need a new instance for
each call site.

Impure pipes need to live on the component view, cached across all child views,
and need a new pure proxy for each for
each call site that lives on the view
of the call site.

Fixes #8408

This bug was introduced not long ago by 152a117d5c
2016-05-03 09:00:23 -07:00
Tobias Bosch 3a40cb1a85 fix(compiler): calculate the right moduleUrl 2016-05-02 22:36:32 -06:00
Tobias Bosch 00d3b6083c fix(compiler): support css stylesheets in offline compiler 2016-05-02 15:06:46 -07:00
Tobias Bosch 43527172ed chore: don’t shadow `tsconfig.json` used for editors by build specific tsconfig.json 2016-05-02 15:06:46 -07:00
Misko Hevery 107016ec12 chore: router move import changes 2016-05-02 13:27:03 -07:00
Miško Hevery d930ad1816 chore: router move-only 2016-05-02 13:27:03 -07:00
Igor Minar 2e1f3f003d build: adding basic e2e testing infrastructure 2016-05-02 08:15:10 -07:00
Tobias Bosch b6fd81169b feat(core): support the decorator data that tsickle produces 2016-05-01 23:40:59 -07:00
Alex Eagle 3ae856ab8b build(tsc): Use angular2-template-compiler in place of tsc
This lets us down-level Decorators with tsickle and produce .metadata.json
files for users to reference when offline-compiling their app.
2016-05-01 23:40:59 -07:00
Misko Hevery 3e17c99f4e chore: clang-reformat 2016-05-01 22:59:41 -07:00
Misko Hevery cd52318f48 fix: parse browser detection lazily 2016-05-01 22:27:55 -07:00
Misko Hevery 2570b72158 fix: textSelection on FireFox 2016-05-01 22:27:55 -07:00
Misko Hevery 6e79de794c fix: function name shim test 2016-05-01 22:27:55 -07:00
Alex Eagle c4be30d2e8 Revert "build(tsc): Use angular2-template-compiler in place of tsc"
This reverts commit 3d25294f706e0fd6224b20372be1e961959c0af8.
2016-05-01 20:51:00 -07:00
Alex Eagle 57240c85a5 build(tsc): Use angular2-template-compiler in place of tsc
This gives us tsickle pre-processing of Decorators, and produces
.metadata.json files for users to consume in their offline compilation.
2016-05-01 20:51:00 -07:00
Igor Minar a66cdb469f repackaging: all the repackaging changes squashed 2016-05-01 20:51:00 -07:00
Igor Minar 505da6c0a8 repackaging: all the file moves 2016-05-01 20:51:00 -07:00
vsavkin 4fe0f1fa65 feat(router): set router-link-active when RouterLink is active
Closes #8376
2016-05-02 01:03:22 +00:00
vsavkin ec4ca0eace feat(router): implements support for router-link-active 2016-05-02 01:03:22 +00:00
vsavkin ca13f1c024 fix(router): create a route tree when creating the router service
Closes #8365
2016-05-01 21:38:25 +00:00
vsavkin 277b1fc473 feat(router): add RouteTree and UrlTree as aliases to Tree<RouteSegment> and Tree<UrlSegment> 2016-05-01 21:38:25 +00:00
vsavkin 8836219b16 feat(router): add support for wildcards 2016-05-01 21:38:25 +00:00
Tobias Bosch f114d6c560 fix(compiler): fix cross view references and providers with `useValue`.
Before, we would create all fields in the generated views
with visibility `private`. This does not work if an embedded
view references a directive / element in a parent view.
In Dart, this was no problem so far as it does not have
a `private` modifier.

Before, `useValue` in a provider did not work when doing
offline compile, as so far the `MetadataResolver` was only
used for jit mode. Now, `useValue` supports any kind of value
that the static reflector can return. E.g. primitives,
arrays, string maps, …

Closes #8366
2016-05-01 02:30:33 +00:00
Tobias Bosch ab56be46e1 chore: move static_reflector into compiler_cli
Most of the bugs discovered so far in the offline compiler were related to the StaticReflector. As it was part of angular2 core, it was hard to update. Moving it into the compiler_cli allows to release more often until the compiler_cli gets more stable.

Note: Moving the unit test next to the sources is the simplest option for now in terms of build setup.

Note: This commit only does the move. The next commit updates the build to run it again.
2016-04-30 20:53:54 +00:00
Tobias Bosch 6a0cbb8a57 refactor(core): type `ComponentRef`, `ComponentFactory` and `ComponentFixture` by the component type
BREAKING CHANGE:
- `ComponetRef`, `ComponentFactory`, `ComponentFixture` now all require a type
  parameter with the component type.
Closes #8361
2016-04-30 19:47:54 +00:00
vsavkin 62a0809e81 feat(router): listen to location changes
Closes #8362
2016-04-30 19:02:14 +00:00
vsavkin 76d6f5fa0d fix(router): canDeactivate should not change the url when returns false
Closes #8360
2016-04-30 17:50:28 +00:00
Julie Ralph 0f1b370117 feat(tests): add ROUTER_FAKE_PROVIDERS to angular2/alt_router/router_testing_providers
This change adds providers for fake router dependecies.
This allows TestComponentBuilder to create components with RouterLink and RouterOutlet directives
without the test writer needing to override them.
2016-04-30 09:42:15 -07:00
Tobias Bosch 0f774df811 fix(compiler): project using the right directive as component.
Closes #8344
2016-04-29 18:30:30 -07:00
Tobias Bosch 351f24e8eb fix(core): return the ChangeDetectorRef of the component also for embedded views. 2016-04-29 18:30:30 -07:00
Tobias Bosch aecb60a604 refactor(core): use `Function.bind` for referring to event listeners instead of a closure. 2016-04-29 18:30:30 -07:00
Tobias Bosch 4d691b61ee fix(core): check components if an event handler inside of an embedded view fires.
BREAKING CHANGE:
- ViewRef.changeDetectorRef was removed as using ChangeDetectorRefs
  for EmbeddedViewRefs does not make sense. Use ComponentRef.changeDetectorRef
  or inject ChangeDetectorRef instead.

Fixes #8242
2016-04-29 18:30:29 -07:00
Tobias Bosch 11955f9b13 fix(compiler): support empty array and map literals.
This was broken after 152a117d5c

Fixes #8336
2016-04-29 18:30:29 -07:00
vsavkin deba804671 feat(router): add CanDeactivate 2016-04-29 18:05:06 -07:00
vsavkin e5b87e55da feat(router): implement relative navigation 2016-04-29 18:04:55 -07:00
Tobias Bosch 15f6b27ae0 refactor(compiler): support referenced `OpaqueToken`s correctly in offline compiler. 2016-04-29 16:53:51 -07:00
Martin Probst 176e55927c refactor(compiler): support hash syntax for providers. 2016-04-29 16:53:50 -07:00
Martin Probst 365be6a309 chore: clang-format after various changes. 2016-04-29 16:53:50 -07:00
Martin Probst 713e6d4aff chore: adjust router to /*@ts2dart...*/ 2016-04-29 16:53:50 -07:00
Misko Hevery a8e277b067 chore: remove const Provider() in favor of /* @ts2dart_Provider */ {provide:} 2016-04-29 16:53:50 -07:00
Misko Hevery 3aa322a9c6 chore: replace @CONST() with /*@ts2dart_const*/ 2016-04-29 16:53:50 -07:00
Misko Hevery a02614beaa chore: replace CONST_EXPR with /*@ts2dart_const*/ 2016-04-29 16:53:49 -07:00
Misko Hevery d2527b504a chore: upgrade to ts2dart@0.9.9 2016-04-29 16:53:49 -07:00
Misko Hevery 46cd868827 feat(di): support map literals as providers 2016-04-29 16:53:49 -07:00
Tobias Bosch b1a9e445b3 fix(perf): don’t use `try/catch` in production mode
The previous code that had `try/catch` statements in methods could not be optimized by Chrome. 

This change separates `AppView` (no `try/catch`) form `DebugAppView` (always `try/catch`). Our codegen will use `AppView` in production mode and `DebugAppView` in debug mode.

Closes #8338
2016-04-29 10:18:57 -07:00
Tobias Bosch 5297c9d9cc refactor(core): deprecate `DynamicComponentLoader` and `DebugNode.inject`
BREAKING CHANGE:
- `DynamicComponentLoader` is deprecated. Use `ComponentResolver` and `ViewContainerRef` directly.
- `DebugNode.inject` is deprecated. use `DebugNode.injector.get` instead.
2016-04-29 01:37:58 -07:00
Tobias Bosch ee7caceec7 Revert "docs: deprecate `DynamicComponentLoader` and `DebugNode.inject`"
This reverts commit a0b5964a63.
2016-04-29 01:36:58 -07:00
Tobias Bosch a0b5964a63 docs: deprecate `DynamicComponentLoader` and `DebugNode.inject` 2016-04-29 01:34:06 -07:00
Tobias Bosch cacdead96d feat(core): introduce template context
BREAKING CHANGE:
- Before, a `EmbeddedViewRef` used to have methods for 
  setting variables. Now, a user has to pass in a context
  object that represents all variables when an `EmbeddedViewRef`
  should be created.
- `ViewContainerRef.createEmbeddedViewRef` now takes
   a context object as 2nd argument.
- `EmbeddedViewRef.setLocal` and `getLocal` have been removed.
  Use `EmbeddedViewRef.context` to access the context.
- `DebugNode.locals` has been removed. Use the new methods `DebugElement.references`
  to get the references that are present on this element,
  or `DebugElement.context` to get the context of the `EmbeddedViewRef` or the component to which the element belongs.

Closes #8321
2016-04-29 01:22:13 -07:00
Alex Eagle 96ae348648 chore(build): fix formatting and tests
Closes #8098
2016-04-28 23:59:06 -07:00
Alex Eagle c493d88405 chore(compiler): refactoring for offline compiler cli
- pass a baseUrl for asset resolution from static symbols
- fixes in StaticReflector to work with a path-aware host

see #7483
2016-04-28 21:54:02 -07:00
Alex Eagle 8bf6ef6544 fix(metadata): expose Providers in metadata
These worked in Dart because they were effectively exported even without the export keyword.
Without exporting these symbols, they are not produced in .metadata.json files, which leaves
dangling references from the Decorators that use them.
2016-04-28 21:31:28 -07:00
Alex Eagle ca40ef5ac7 fix(codegen): event handler has boolean return type 2016-04-28 21:31:28 -07:00
vsavkin 30de2db349 cleanup(router): make analyzer happy
Closes #8220
2016-04-29 02:45:57 +00:00
vsavkin 602641dffd feat(router): adds an example app using the new router 2016-04-29 02:45:57 +00:00
vsavkin 560cc14d97 feat(router): change location when navigating 2016-04-29 02:45:57 +00:00
vsavkin de56dd5f30 feat(router): add RouterLink 2016-04-29 02:45:57 +00:00
vsavkin fa5bfe4b64 feat(router): add link that support only absolute urls 2016-04-29 02:45:57 +00:00
vsavkin 446657bdd5 feat(router): update recognize to handle matrix parameters 2016-04-29 02:45:57 +00:00
vsavkin 79830f1c75 feat(router): add RouterUrlSerializer 2016-04-29 02:45:57 +00:00
vsavkin 6e1fed42b7 feat(router): add Router and RouterOutlet to support aux routes 2016-04-29 02:45:57 +00:00
vsavkin d35c109cb9 feat(router): update recognize to support aux routes 2016-04-29 02:45:57 +00:00
vsavkin fad3b6434c feat(router): update url parser to handle aux routes 2016-04-29 02:45:57 +00:00
Alex Eagle 70b23ae2ca refactor(compiler): make static reflector work
Also adjust `RuntimeMetadataResolver` to
be able to use it. 

Also rename `RuntimeMetadataResolver` into `CompileMetadataResolver`.
Closes #8313
2016-04-28 23:06:17 +00:00