Go to file
Bjarki 6e18d2dacc fix(compiler): promote constants in templates to Trusted Types (#39211)
Angular treats constant values of attributes and properties in templates
as secure. This means that these values are not sanitized, and are
instead passed directly to the corresponding setAttribute or setProperty
function. In cases where the given attribute or property is
security-sensitive, this causes a Trusted Types violation.

To address this, functions for promoting constant strings to each of the
three Trusted Types are introduced to Angular's private codegen API. The
compiler is updated to wrap constant strings with calls to these
functions as appropriate when constructing the `consts` array. This is
only done for security-sensitive attributes and properties, as
classified by Angular's dom_security_schema.

PR Close #39211
2020-10-15 09:08:01 -07:00
.circleci ci: setup windows from scratch (#39139) 2020-10-14 14:09:49 -07:00
.devcontainer build: update the recommended `Dockerfile` for VSCode remote development (#34697) 2020-01-09 13:31:14 -08:00
.github ci: update g3 synced file list (#39084) 2020-10-01 15:27:14 -07:00
.ng-dev refactor(dev-infra): Adjust caretaker queries (#39257) 2020-10-14 09:07:04 -07:00
.vscode build: Ignore .history for the xyz.local-history VSCode extension (#38121) 2020-07-17 13:33:39 -07:00
.yarn build: update to latest version of yarn (#38869) 2020-09-18 16:47:33 -07:00
aio docs: fix broken link (#39256) 2020-10-14 14:10:59 -07:00
dev-infra fix(dev-infra): detect all commit message keywords that can close a PR (#39229) 2020-10-12 12:02:48 -07:00
docs docs: add info about working with fixup commits (#39110) 2020-10-06 08:38:35 -07:00
goldens feat(router): add new initialNavigation options to replace legacy (#37480) 2020-10-14 11:20:51 -07:00
integration docs: remove IE10 references from comments in the code (#39090) 2020-10-13 15:51:49 -07:00
modules fix(platform-webworker): remove platform-webworker and platform-webworker-dynamic (#38846) 2020-09-30 09:13:59 -04:00
packages fix(compiler): promote constants in templates to Trusted Types (#39211) 2020-10-15 09:08:01 -07:00
scripts build: bump Chromium to next stable version: 84.0.4147 (#39179) 2020-10-09 07:53:11 -07:00
third_party fix(packaging): remove polyfills needed to run tests on IE9 and IE 10 (#38931) 2020-09-25 14:31:10 -04:00
tools build(zone.js): zone.js should output esm format for fesm2015 bundles (#39203) 2020-10-15 09:07:38 -07:00
.bazelignore build: add npm package manifest to npm_integration_test (#35669) 2020-02-26 12:58:35 -08:00
.bazelrc build: upgrade angular build, integration/bazel and @angular/bazel package to rule_nodejs 2.2.0 (#39182) 2020-10-08 11:54:59 -07:00
.bazelversion build: update bazelversion (#39123) 2020-10-05 17:08:08 -07:00
.clang-format feat(tooling): Add a .clang-format for automated JavaScript formatting. 2015-04-02 08:44:34 -07:00
.editorconfig build: use https link to editorconfig.org in .editorconfig (#27664) 2018-12-18 09:30:09 -08:00
.gitattributes test: fix ts api guardian and public guard tests on windows (#30105) 2019-04-26 16:32:22 -07:00
.gitignore feat(dev-infra): Add support for local user ng-dev configuration (#38701) 2020-09-09 16:31:16 -07:00
.gitmessage fix(platform-webworker): remove platform-webworker and platform-webworker-dynamic (#38846) 2020-09-30 09:13:59 -04:00
.mailmap build: add a Git .mailmap with my new name (#19550) 2017-10-09 14:35:30 -07:00
.nvmrc build: migrate to node@12.14.1 (#34955) 2020-01-27 09:31:22 -08:00
.pullapprove.yml docs: add info about working with fixup commits (#39110) 2020-10-06 08:38:35 -07:00
.yarnrc build: update to latest version of yarn (#38869) 2020-09-18 16:47:33 -07:00
BUILD.bazel build: upgrade angular build, integration/bazel and @angular/bazel package to rule_nodejs 2.2.0 (#39182) 2020-10-08 11:54:59 -07:00
CHANGELOG.md release: cut the v11.0.0-next.6 release 2020-10-14 13:50:18 -07:00
CODE_OF_CONDUCT.md docs: add Discord as an official communication channel (#39149) 2020-10-14 10:23:15 -07:00
CONTRIBUTING.md docs: add Discord as an official communication channel (#39149) 2020-10-14 10:23:15 -07:00
LICENSE build: bump year (#34651) 2020-01-13 07:21:43 -08:00
README.md docs: add Discord as an official communication channel (#39149) 2020-10-14 10:23:15 -07:00
WORKSPACE build: upgrade angular build, integration/bazel and @angular/bazel package to rule_nodejs 2.2.0 (#39182) 2020-10-08 11:54:59 -07:00
browser-providers.conf.js ci: remove IE 9 and IE 10 from CI (#38931) 2020-09-25 14:31:10 -04:00
gulpfile.js build: update license headers to reference Google LLC (#37205) 2020-05-26 14:26:58 -04:00
karma-js.conf.js fix(core): detect DI parameters in JIT mode for downleveled ES2015 classes (#38463) 2020-08-17 10:55:37 -07:00
package.json build: replace @types/trusted-types dep with minimal type defs (#39211) 2020-10-15 09:08:00 -07:00
test-events.js build: update license headers to reference Google LLC (#37205) 2020-05-26 14:26:58 -04:00
test-main.js fix(platform-webworker): remove platform-webworker and platform-webworker-dynamic (#38846) 2020-09-30 09:13:59 -04:00
tslint.json build: Update file-header lint rule to Google LLC (#37205) 2020-05-26 14:26:58 -04:00
yarn.lock build: replace @types/trusted-types dep with minimal type defs (#39211) 2020-10-15 09:08:00 -07:00
yarn.lock.readme.md build: remove travisci leftovers (#27979) 2019-01-09 10:41:16 -08:00

README.md

CircleCI Discord Join the chat at https://gitter.im/angular/angular npm version

Angular

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages.

Quickstart

Get started in 5 minutes.

Changelog

Learn about the latest improvements.

Want to help?

Want to file a bug, contribute some code, or improve documentation? Excellent! Read up on our guidelines for contributing and then check out one of our issues in the hotlist: community-help.