Commit Graph

255 Commits

Author SHA1 Message Date
Martin Probst 3ad81b1beb test(security): simplify integration test. 2016-06-23 13:57:51 -07:00
Martin Probst 5ab0534164 test(security): Ensure xlink:href is not bindable.
The DOM schema does not allow binding any properties to dangerous SVG
attributes/properties. This change adds a smoke test to verify that
behaviour, by testing that `xlink:href` (a sample dangerous property)
is not bindable.

Fixes #9510.
2016-06-23 13:57:51 -07:00
Tobias Bosch 6c5b653593 feat(core): add `@Component.precompile` and `ComponentFactoryResolver`
Part to #9467
Closes #9543
2016-06-23 12:10:04 -07:00
Tobias Bosch 9ed8f2d26e fix(compiler): don't inject `viewProviders` into content child elements
E.g. in the following scenario,
`some-directive` should not be able to inject
any view provider that `my-comp-with-view-providers`
declares.

```
<my-comp-with-view-providers>
  <div some-directive></div>
</my-comp-with-view-providers>
```
2016-06-23 12:10:04 -07:00
Tobias Bosch 33a2f86b28 chore: remove stale tsconfig.json
This tsconfig.json prevents fast round trip cycles in VsCode
as it relies on the package-dist folders to be filled.
2016-06-23 12:10:04 -07:00
ScottSWu ae75e3640a chore(lint): Added license headers to most TypeScript files
Relates to #9380
2016-06-23 09:47:54 -07:00
Victor Berchet e1e5c40ef7 fix(testing): remove the `toThrowErrorWith` matcher (jasmine has `toThrowError`)
BREAKING CHANGE:

Before:

    expect(...).toThrowErrorWith(msg);

After:

    expect(...).toThrowError(msg);
2016-06-23 08:58:52 -07:00
Victor Berchet 6420f75320 fix(testing): remove the `toMatchPattern` matcher (jasmine has `toMatch`)
BREAKING CHANGE:

Before:

    expect(...).toMatchPattern(pattern);

After:

    expect(...).toMatch(pattern);
2016-06-23 08:58:28 -07:00
Victor Berchet 5face35ae5 refactor: misc cleanup 2016-06-23 08:56:10 -07:00
Victor Berchet f6a410a4a8 feat(QueryList): implement some() (#9464)
closes #9443
2016-06-22 13:13:31 -07:00
tycho01 3d5bb23184 fix(Compiler): relax childIsRecursive check (#8705)
Fix how the compiler checks for recursive components by also considering
component descendants. Previously, it only checked if the current
component was evaluated previously. This failed in certain cases of
mutually recursive components, causing `createAsync` in tests to not
resolve.

closes [7084](https://github.com/angular/angular/issues/7084)
2016-06-22 07:02:11 -07:00
Victor Berchet c5c456120c refactor: delete containsRegexp() (there is escapeRegExp() in the lang facade)
BREAKING CHANGES:

`containsRegexp` is no more exported from `@angular/core/testing`. It should not have been part of the public API in the first place.
2016-06-21 09:15:21 -07:00
Victor Berchet 1b28cf71f5 feat(compiler): make interpolation symbols configurable (`@Component` config) (#9367)
closes #9158
2016-06-20 09:52:41 -07:00
vsavkin af2f5c3d7d cleanup(router): removes router 2016-06-20 08:47:54 -07:00
Tobias Bosch c0f2a22a08 fix(perf): support prod mode again
After splitting the facades into multiple modules,
enabling prod mode for code had no effect for the compiler.

Also in a change between RC1 and RC2 we created the `CompilerConfig`
via a provider with `useValue` and not via a `useFactory`, which reads
the prod mode too early.

Closes #9318
Closes #8508
Closes #9318
2016-06-17 15:59:27 -07:00
Alfonso Presa 773c34900f fix(change_detection): ChangeDetectorRef reattach should restore original mode
After using ChangeDetectorRef detach, it should keep the ChangeDetector mode so that it is restored after calling reattach.

closes #7078
closes #7080
2016-06-17 15:00:41 -07:00
Martin Probst 8879aa1df4 feat(security): fail more detectably when using a safe value in an interpolation.
If a user ends up with a safe value in an interpolation context, that's probably
a bug. Returning `"SafeValue must use [property]= binding"` will make it easier
to detect and correct the situation. Detecting the situation and throwing an
error for it could cause performance issues, so we're not doing this at this
point (but might revisit later).

Part of #8511 and #9253.
2016-06-17 10:00:30 -07:00
Pawel Kozlowski 5fe60759f9 feat(QueryList): support index in callbacks
Closes #9278
2016-06-17 08:09:42 -07:00
Alex Eagle 37b617dccf chore(tsickle): add @Annotation annotations
This lets users continue using runtime-sideeffect Decorators if they choose,
only down-leveling the marked ones to Annotations.

Also remove the "skipTemplateCodegen" option, which is no longer needed
since Angular compiles with tsc-wrapped rather than ngc. The former doesn't
include any codegen.
2016-06-16 12:29:46 -07:00
Victor Berchet 9cbd8f7afc test(ng-container): test nesting ng-containers 2016-06-15 18:13:57 -07:00
Victor Berchet 8a54c1a115 refactor(ViewBuilder): cleanup 2016-06-14 19:11:30 -07:00
Victor Berchet 0dbff55bc6 feat(Compiler): add support for `<ng-container>`
`<ng-container>` is a logical container that can be used to group nodes but is not rendered in the DOM tree as a node.

`<ng-container>` is rendered as an HTML comment.
2016-06-14 19:11:30 -07:00
Igor Minar 6fc267f22c fix: split dynamic bits in platform-browser into platform-browser-dynamic
Previously these symbols were exposed via platform-browser-dynamic, then we merged then into platform-browser
thinking that tools would know how to shake off the compiler and other dynamic bits not used with the offline
compilation flow. This turned out to be wrong as both webpack and rollup don't have good enough tree-shaking
capabilities to do this today. We think that in the future we'll be able to merge these two entry points into
one, but we need to give tooling some time before we can do it. In the meantime the reintroduction of the -dynamic
package point allows us to separate the compiler dependencies from the rest of the framework.

This change undoes the previous breaking change that removed the platform-browser-dynamic package.
2016-06-14 15:31:24 -07:00
Tobias Bosch bc888bf3a1 refactor(compiler): Change arguments of `CompilerConfig` to named arguments
BREAKIKNG CHANGE:
`CompilerConfig` used to take positional arguments and now takes named arguments.

Closes #9172
2016-06-13 13:14:07 -07:00
Tobias Bosch 1745366530 refactor(compiler): make `PLATFORM_PIPES` / `PLATFORM_DIRECTIVES` an option on `CompilerConfig`
This aligns the configuration of platform pipes / directives with offline compilation.

BREAKING CHANGE:
- `PLATFORM_PIPES` and `PLATFORM_DIRECTIVES` now are fields on `CompilerConfig`. 
  Instead of providing a binding to these tokens, provide a binding for `CompilerConfig` instead.
2016-06-13 13:13:45 -07:00
Matias Niemelä 55860e1621 fix(animations): ensure AUTO styles are cleared at the end of the state-change animation
Closes #9014
Closes #9015
2016-06-11 00:08:41 -07:00
Alex Eagle f39c9c9e75 style(lint): re-format modules/@angular 2016-06-09 17:00:15 -07:00
Victor Berchet 7ce0fc7d47 refactor: add types (#9116) 2016-06-09 11:04:15 -07:00
ScottSWu 86fbd50c3d refactor(TypeScript): Add noImplicitAny
We automatically insert explicit 'any's where needed. These need to be
addressed as in #9100.

Fixes #4924
2016-06-08 16:20:50 -07:00
Matias Niemelä 36d25f2a07 feat(animations): support styling of the default animation state
It is now possible to set a fallback state that will apply its
styling when the destination state is not detected.

```ts
state("*", style({ ... }))
```

Closes #9013
2016-06-07 12:59:33 -07:00
Tobias Bosch c3d2459a4e fix(query): set fixed `@ViewChild` / `@ContentChild` right after the view is created
This is needed to have a true replacement of the previous
`DynamicComponentLoader.loadNextToLocation`, so that components
can be loaded into the view before change detection runs.

Closes #9040
2016-06-07 12:40:35 -07:00
Pawel Kozlowski 057abefe50 fix(compiler): report errors for queries without selectors (#9018)
Fixes #4489
2016-06-04 19:46:03 -07:00
Victor Berchet a6ad61d83e refactor: change provide(...) for {provide: ...}
- provide() is deprecated,
- {} syntax is required by the offline compiler
2016-06-03 15:03:49 -07:00
Matias Niemelä fa0718ba9a feat(animations): provide support for offline compilation 2016-06-03 14:36:11 -07:00
Matias Niemelä 155b88213c feat(debug): collect styles and classes for the DebugElement 2016-06-03 14:36:06 -07:00
Tobias Bosch 04220be8fd chore: remove old tests (#8954)
These tests are already captured in template_parser_spec.ts
2016-06-01 16:30:51 -07:00
Andrii Nechytailov 9036f78b74 fix(compiler): throw an error if variable with the same name is already defined. (#7209)
* fix(compiler): throw an error if variable with the same name is already defined. Closes #6492

* fix(compiler): Clean up formatting for issue #6492

* fix(compiler): throw an error if reference with the same name is already defined.

Closes #6492
2016-05-26 13:04:17 -07:00
Julie Ralph 0cb93a436d fix(testing): add discardPeriodicTasks to be used with fakeAsync (#8629)
Closes #8616
2016-05-26 10:19:30 -07:00
Suguru Inatomi b2e804c961 fix(metadata): Allow spacing in multiple selectors (#7418) 2016-05-26 10:18:31 -07:00
Rob Wormald e5904f4089 fix(facade): change EventEmitter to be sync by default (#8761) 2016-05-26 09:34:04 -07:00
Matias Niemelä 5e0f8cf3f0 feat(core): introduce support for animations
Closes #8734
2016-05-25 13:56:50 -07:00
Igor Minar 16dfe3c63f build: consolidate tsc to ease migration to @types/ based typings delivery
I actually tried to use @types/* directly but came across several issues which prevented me
from switching over:
- https://github.com/Microsoft/TypeScript/issues/8715
- https://github.com/Microsoft/TypeScript/issues/8723
2016-05-25 08:22:07 -07:00
Victor Berchet f95a604b59 fix(bootstrap): swap coreBootstrap() and coreLoadAndBootstrap() arguments 2016-05-23 17:57:28 -07:00
Vamsi Varikuti 0795dd307b refactor(chore): Replace all 'bindings' with 'providers'
BREAKING CHANGE

Deprecated `bindings:` and `viewBindings:` are replaced with
`providers:` and `viewProviders:`

Closes #7687
2016-05-23 13:31:08 -07:00
Martin Probst f86edae9f3 feat(security): add an HTML sanitizer.
This is based on Angular 1's implementation, parsing an HTML document
into an inert DOM Document implementation, and then serializing only
specifically whitelisted elements.

It currently does not support SVG sanitization, all SVG elements are
rejected.

If available, the sanitizer uses the `<template>` HTML element as an
inert container.

Sanitization works client and server-side.

Reviewers: rjamet, tbosch , molnarg , koto

Differential Revision: https://reviews.angular.io/D108
2016-05-09 16:00:24 +02:00
Tobias Bosch 6d36a7a45f chore: fix unit tests on node.js
Closes #8476
2016-05-04 18:00:29 -07:00
Tobias Bosch e2b1e1577d fix(core): don’t detach nested view containers when destroying a view
When a view is destroyed, we destroy all
views in view containers and should not detach them. However, previously, we also detached them which lead to problems during the iteration loop.

Closes #8458
Closes #8471

Introduced by 0c600cf6e3
2016-05-04 16:27:20 -07:00
vsavkin 0f1465b899 feat(router): update router to support lazy loading 2016-05-04 14:50:00 -07:00
Tobias Bosch 0297398f5e chore: clang-format master 2016-05-03 18:56:39 -07:00
Martin Probst 908a102a87 feat: security implementation in Angular 2.
Summary:
This adds basic security hooks to Angular 2.

* `SecurityContext` is a private API between core, compiler, and
  platform-browser. `SecurityContext` communicates what context a value is used
  in across template parser, compiler, and sanitization at runtime.
* `SanitizationService` is the bare bones interface to sanitize values for a
  particular context.
* `SchemaElementRegistry.securityContext(tagName, attributeOrPropertyName)`
  determines the security context for an attribute or property (it turns out
  attributes and properties match for the purposes of sanitization).

Based on these hooks:

* `DomSchemaElementRegistry` decides what sanitization applies in a particular
  context.
* `DomSanitizationService` implements `SanitizationService` and adds *Safe
  Value*s, i.e. the ability to mark a value as safe and not requiring further
  sanitization.
* `url_sanitizer` and `style_sanitizer` sanitize URLs and Styles, respectively
  (surprise!).

`DomSanitizationService` is the default implementation bound for browser
applications, in the three contexts (browser rendering, web worker rendering,
server side rendering).

BREAKING CHANGES:
*** SECURITY WARNING ***
Angular 2 Release Candidates do not implement proper contextual escaping yet.
Make sure to correctly escape all values that go into the DOM.
*** SECURITY WARNING ***

Reviewers: IgorMinar

Differential Revision: https://reviews.angular.io/D103
2016-05-03 09:21:43 -07:00
Tobias Bosch dd6e0cf1b5 fix(compiler): fix where pipes live
Impure pipes need to live on the view
that used them and need a new instance for
each call site.

Impure pipes need to live on the component view, cached across all child views,
and need a new pure proxy for each for
each call site that lives on the view
of the call site.

Fixes #8408

This bug was introduced not long ago by 152a117d5c
2016-05-03 09:00:23 -07:00
Misko Hevery 3e17c99f4e chore: clang-reformat 2016-05-01 22:59:41 -07:00
Misko Hevery 6e79de794c fix: function name shim test 2016-05-01 22:27:55 -07:00
Igor Minar a66cdb469f repackaging: all the repackaging changes squashed 2016-05-01 20:51:00 -07:00
Igor Minar 505da6c0a8 repackaging: all the file moves 2016-05-01 20:51:00 -07:00