Go to file

Bjarki 49197d12a0 feat(core): create a Trusted Types policy for bypass conversions (#39218 )

When an application uses a custom sanitizer or one of the
bypassSecurityTrust functions, Angular has no way of knowing whether
they are implemented in a secure way. (It doesn't even know if they're
introduced by the application or by a shady third-party dependency.)
Thus using Angular's main Trusted Types policy to bless values coming
from these two sources would undermine the security that Trusted Types
brings.

Instead, introduce a Trusted Types policy called angular#unsafe-bypass
specifically for blessing values from these sources. This allows an
application to enforce Trusted Types even if their application uses a
custom sanitizer or the bypassSecurityTrust functions, knowing that
compromises to either of these two sources may lead to arbitrary script
execution. In the future Angular will provide a way to implement
custom sanitizers in a manner that makes better use of Trusted Types.

PR Close #39218

2020-10-16 08:13:52 -07:00

.circleci

ci: setup windows from scratch (#39139 )

2020-10-14 14:09:49 -07:00

.devcontainer

build: update the recommended Dockerfile for VSCode remote development (#34697 )

2020-01-09 13:31:14 -08:00

.github

ci: update g3 synced file list (#39084 )

2020-10-01 15:27:14 -07:00

.ng-dev

refactor(dev-infra): Adjust caretaker queries (#39257 )

2020-10-14 09:07:04 -07:00

.vscode

build: Ignore .history for the xyz.local-history VSCode extension (#38121 )

2020-07-17 13:33:39 -07:00

.yarn

build: update to latest version of yarn (#38869 )

2020-09-18 16:47:33 -07:00

aio

docs: Very minor spelling mistake (#39299 )

2020-10-15 17:00:18 -07:00

dev-infra

refactor(dev-infra): remove branches created for g3 comparison (#39137 )

2020-10-15 14:11:31 -07:00

docs

docs: update readme (#32084 )

2020-10-15 14:08:17 -07:00

goldens

feat(router): add new initialNavigation options to replace legacy (#37480 )

2020-10-14 11:20:51 -07:00

integration

docs: remove IE10 references from comments in the code (#39090 )

2020-10-13 15:51:49 -07:00

modules

fix(platform-webworker): remove platform-webworker and platform-webworker-dynamic (#38846 )

2020-09-30 09:13:59 -04:00

packages

feat(core): create a Trusted Types policy for bypass conversions (#39218 )

2020-10-16 08:13:52 -07:00

scripts

build: bump Chromium to next stable version: 84.0.4147 (#39179 )

2020-10-09 07:53:11 -07:00

third_party

fix(packaging): remove polyfills needed to run tests on IE9 and IE 10 (#38931 )

2020-09-25 14:31:10 -04:00

tools

build(zone.js): zone.js should output esm format for fesm2015 bundles (#39203 )

2020-10-15 09:07:38 -07:00

.bazelignore

build: add npm package manifest to npm_integration_test (#35669 )

2020-02-26 12:58:35 -08:00

.bazelrc

build: upgrade angular build, integration/bazel and @angular/bazel package to rule_nodejs 2.2.0 (#39182 )

2020-10-08 11:54:59 -07:00

.bazelversion

build: update bazelversion (#39123 )

2020-10-05 17:08:08 -07:00

.clang-format

feat(tooling): Add a .clang-format for automated JavaScript formatting.

2015-04-02 08:44:34 -07:00

.editorconfig

build: use https link to editorconfig.org in .editorconfig (#27664 )

2018-12-18 09:30:09 -08:00

.gitattributes

test: fix ts api guardian and public guard tests on windows (#30105 )

2019-04-26 16:32:22 -07:00

.gitignore

feat(dev-infra): Add support for local user ng-dev configuration (#38701 )

2020-09-09 16:31:16 -07:00

.gitmessage

fix(platform-webworker): remove platform-webworker and platform-webworker-dynamic (#38846 )

2020-09-30 09:13:59 -04:00

.mailmap

build: add a Git .mailmap with my new name (#19550 )

2017-10-09 14:35:30 -07:00

.nvmrc

build: migrate to node@12.14.1 (#34955 )

2020-01-27 09:31:22 -08:00

.pullapprove.yml

docs: update readme (#32084 )

2020-10-15 14:08:17 -07:00

.yarnrc

build: update to latest version of yarn (#38869 )

2020-09-18 16:47:33 -07:00

browser-providers.conf.js

ci: remove IE 9 and IE 10 from CI (#38931 )

2020-09-25 14:31:10 -04:00

BUILD.bazel

build: upgrade angular build, integration/bazel and @angular/bazel package to rule_nodejs 2.2.0 (#39182 )

2020-10-08 11:54:59 -07:00

CHANGELOG.md

release: cut the v11.0.0-next.6 release

2020-10-14 13:50:18 -07:00

CODE_OF_CONDUCT.md

docs: add Discord as an official communication channel (#39149 )

2020-10-14 10:23:15 -07:00

CONTRIBUTING.md

docs: add Discord as an official communication channel (#39149 )

2020-10-14 10:23:15 -07:00

gulpfile.js

build: update license headers to reference Google LLC (#37205 )

2020-05-26 14:26:58 -04:00

karma-js.conf.js

fix(core): detect DI parameters in JIT mode for downleveled ES2015 classes (#38463 )

2020-08-17 10:55:37 -07:00

LICENSE

build: bump year (#34651 )

2020-01-13 07:21:43 -08:00

package.json

ci: update master branch version to be 11.1.0-next.0 (#39292 )

2020-10-15 14:02:36 -07:00

README.md

docs: update readme (#32084 )

2020-10-15 14:08:17 -07:00

test-events.js

build: update license headers to reference Google LLC (#37205 )

2020-05-26 14:26:58 -04:00

test-main.js

fix(platform-webworker): remove platform-webworker and platform-webworker-dynamic (#38846 )

2020-09-30 09:13:59 -04:00

tslint.json

build: Update file-header lint rule to Google LLC (#37205 )

2020-05-26 14:26:58 -04:00

WORKSPACE

build: upgrade angular build, integration/bazel and @angular/bazel package to rule_nodejs 2.2.0 (#39182 )

2020-10-08 11:54:59 -07:00

yarn.lock

build: replace @types/trusted-types dep with minimal type defs (#39211 )

2020-10-15 09:08:00 -07:00

yarn.lock.readme.md

build: remove travisci leftovers (#27979 )

2019-01-09 10:41:16 -08:00

README.md

Angular - One framework. Mobile & desktop.

Angular is a development platform for building mobile and desktop web applications
using Typescript/JavaScript and other languages.

www.angular.io

Contributing Guidelines · Submit an Issue · Blog

Documentation

Get started with Angular, learn the fundamentals and explore advanced topics on our documentation website.

Advanced

Development Setup

Prerequisites

Install Node.js which includes Node Package Manager

Setting Up a Project

Intall the Angular CLI globally:

npm install -g @angular/cli

Create workspace:

ng new [PROJECT NAME]

Run the application:

cd [PROJECT NAME]
ng serve

Quickstart

Get started in 5 minutes.

Ecosystem

angular ecosystem logos

Changelog

Learn about the latest improvements.

Upgrading

Check out our upgrade guide to find out the best way to upgrade your project.

Contributing

Contributing Guidelines

Read through our contributing guidelines to learn about our submission process, coding rules and more.

Want to Help?

Want to file a bug, contribute some code, or improve documentation? Excellent! Read up on our guidelines for contributing and then check out one of our issues in the hotlist: community-help.

Code of Conduct

Help us keep Angular open and inclusive. Please read and follow our Code of Conduct.

Community

Join the conversation and help the community.

Twitter
Gitter
Find a Local Meetup

Love Angular? Give our repo a star ⭐ ⬆️.

Languages

TypeScript 68.6%

HTML 12.8%

JavaScript 8.4%

Pug 7%

Starlark 1.4%

Other 1.7%