Martin Probst
15ae710d22
feat(security): allow url(...) style values.
...
Allows sanitized URLs for CSS properties. These can be abused for information
leakage, but only if the CSS rules are already set up to allow for it. That is,
an attacker cannot cause information leakage without controlling the style rules
present, or a very particular setup.
Fixes #8514 .
2016-05-17 11:23:31 +02:00
Martin Probst
dd50124254
feat(security): allow data: URLs for images and videos.
...
Allows known-to-be-safe media types in data URIs.
Part of #8511 .
2016-05-17 10:57:14 +02:00
Tobias Bosch
ff36b0384a
fix(compiler_cli): normalize used directives
...
- e.g. needed for content projection.
Closes #8677
2016-05-16 13:07:13 -07:00
Martin Probst
50c9bed630
feat(security): expose the safe value types.
...
This allows users to properly type their `SafeHtml`, `SafeStyle`, etc values.
Fixes #8568 .
2016-05-15 11:47:06 +02:00
Martin Probst
8b1b427195
feat(security): support transform CSS functions for sanitization.
...
Fixes part of #8514 .
2016-05-14 13:25:45 +02:00
Vikram Subramanian
9a05ca95f6
fix(build): Release compiler_cli packages along with rest of @angular packages and use ANGULAR_VERSION for package version and peer dependencies.
2016-05-13 13:35:10 -07:00
Pawel Kozlowski
05266241af
build(npm): short-circuit npm install if node_modules are healthy
...
Closes #8627
2016-05-13 22:07:41 +02:00
Fabian Raetz
4ddf5536b4
docs(DEVELOPER.md): state that git-clang-format must be in PATH
...
To use ```git clang-format``` your have to make sure that
```git-clang-format``` is in your path.
Closes #7778
2016-05-13 12:25:09 -07:00
Mathias Raacke
f389b5a961
docs(changelog): add missing breaking changes for testing providers
...
Closes #8440
2016-05-13 12:21:33 -07:00
Vikram Subramanian
bac1a6eab3
fix(build): Fix an error in package publishing step where the script errors when a UMD bundle is not found for compiler-cli package.
2016-05-12 16:49:03 -07:00
Vikram Subramanian
ff400726ca
fix(build): Declare the secure GITHUB_TOKEN_ANGULAR for package publishing from Travis
2016-05-12 15:08:28 -07:00
Vikram Subramanian
267d864976
fix(build): Fix broken e2e test Travis task by running the right variation of sed on Travis
2016-05-12 13:58:42 -07:00
Vikram Subramanian
97a1084c99
fix(build): Hook up publish-build-artifacts to Travis
2016-05-12 12:01:53 -07:00
Marc Laval
61b339678d
test(compiler): test schema generation only in Chrome
...
Closes #8581
2016-05-11 17:01:26 -07:00
Marc Laval
d537a26297
chore(build): reenable optional jobs in SL and BS
...
Closes #8558
2016-05-11 17:00:43 -07:00
Vikram Subramanian
d414734aac
fix(build): Change publish-build-artifacts.sh to work with new packaging system
2016-05-11 16:58:18 -07:00
Alex Eagle
817ddfa847
fix(compiler): allow --noImplicitAny
2016-05-11 16:56:12 -07:00
Alex Eagle
c1154b30c7
fix(compiler): allow decorators defined in the same file
2016-05-11 16:56:12 -07:00
Alex Eagle
0d71345b93
fix(codegen): codegen all files in the program, not just roots
...
fixes #8475
2016-05-11 16:56:12 -07:00
Igor Minar
f235454dd6
ci: temporarily disable Edge because of SauceLabs issues
...
https://github.com/angular/angular/issues/8604
On Sauce we've been getting the following error:
11 05 2016 00:58:35.765:ERROR [launcher.sauce]: Heartbeat to microsoftedge 20.10240 (Windows 10) failed
[title()] Error response status: 13, , UnknownError - An unknown server-side error occurred while processing the command. Selenium error: Unknown error (WARNING: The server did not provide any stacktrace information)
Command duration or timeout: 285 milliseconds
Build info: version: '2.52.0', revision: '4c2593c', time: '2016-02-11 19:06:42'
System info: host: 'WIN-SB3ER6JQ6ME', ip: '172.20.60.246', os.name: 'Windows 10', os.arch: 'x86', os.version: '10.0', java.version: '1.8.0_73'
Driver info: org.openqa.selenium.edge.EdgeDriver
Capabilities [{acceptSslCerts=true, browserVersion=25.10586.0.0, platformVersion=10, browserName=MicrosoftEdge, takesScreenshot=true, pageLoadStrategy=normal, takesElementScreenshot=true, platformName=windows, platform=ANY}]
Session ID: XXXXXXXX-XXXX-XXXX-XXXX-XXXX478C1C1A
11 05 2016 00:58:35.766:ERROR [launcher]: microsoftedge 20.10240 (Windows 10) on SauceLabs failed 2 times (failure). Giving up.
2016-05-11 11:06:37 -07:00
Igor Minar
6a80578d05
build: create the dist directory before building
2016-05-11 10:11:59 -07:00
Igor Minar
d33cd43db1
docs(PULL_REQUEST_TEMPLATE.md): reorganize and improve the pull request template
...
Closes #7921
2016-05-10 10:55:35 -07:00
Alex Eagle
9e3df8eefe
chore(tsickle): remove redundant jsdoc types
...
tsickle doesn't like them, and anyway they are bound to get out-of-sync with the inline TS types
2016-05-10 17:38:10 +02:00
Martin Probst
cf73ad7c8f
chore(security): document sanitization breaking change.
...
Sanitizing style and URL values breaks specific patterns, see #8491 for
an example. This documents and acknowledges the breaking change while we
work on improving CSS sanitization to allow more values through.
2016-05-10 17:36:36 +02:00
Martin Probst
3e68b7eb1f
feat(security): warn users when sanitizing in dev mode.
...
This should help developers to figure out what's going on when the sanitizer
strips some input.
Fixes #8522 .
2016-05-09 16:46:31 +02:00
Matias Niemelä
9fbafba993
chore(parsing): change internal usage of `@` to `:` for namespaced values
...
Closes #8346
2016-05-09 16:20:32 +02:00
Martin Probst
7a524e3deb
feat(security): add tests for URL sanitization.
2016-05-09 16:00:24 +02:00
Martin Probst
7b6c4d5acc
feat(security): add tests for style sanitisation.
2016-05-09 16:00:24 +02:00
Martin Probst
99c0d503d7
chore(build): run security tests in NodeJS, too.
2016-05-09 16:00:24 +02:00
Martin Probst
f86edae9f3
feat(security): add an HTML sanitizer.
...
This is based on Angular 1's implementation, parsing an HTML document
into an inert DOM Document implementation, and then serializing only
specifically whitelisted elements.
It currently does not support SVG sanitization, all SVG elements are
rejected.
If available, the sanitizer uses the `<template>` HTML element as an
inert container.
Sanitization works client and server-side.
Reviewers: rjamet, tbosch , molnarg , koto
Differential Revision: https://reviews.angular.io/D108
2016-05-09 16:00:24 +02:00
Martin Probst
df1b1f6957
feat(security): strip XSSI prefix from XHR responses.
2016-05-05 14:25:44 -07:00
Martin Probst
9099160038
chore: fix comment indent.
2016-05-05 12:46:07 -07:00
Tobias Bosch
119abe7bb9
chore: fail build if a command from tsc-watch fails.
...
This bug was introduced with eba6e7946d
to integrate the compiler_cli into the build properly.
Closes #8480
2016-05-04 20:30:10 -07:00
Martin Probst
67ed2e2c0a
feat(security): fill in missing security contexts.
...
Reviewers: koto, rjamet, molnarg
Differential Revision: https://reviews.angular.io/D109
2016-05-04 19:28:50 -07:00
Tobias Bosch
6d36a7a45f
chore: fix unit tests on node.js
...
Closes #8476
2016-05-04 18:00:29 -07:00
Tobias Bosch
e2b1e1577d
fix(core): don’t detach nested view containers when destroying a view
...
When a view is destroyed, we destroy all
views in view containers and should not detach them. However, previously, we also detached them which lead to problems during the iteration loop.
Closes #8458
Closes #8471
Introduced by 0c600cf6e3
2016-05-04 16:27:20 -07:00
vsavkin
b30ddfbfc5
chore(router): clang-format
2016-05-04 15:01:27 -07:00
vsavkin
abfb522f83
refactor(router): reuse existing segmentes when constructing new route trees
2016-05-04 14:51:04 -07:00
vsavkin
b8136cc26e
fix(router): provide a top-level route segment for injection
2016-05-04 14:51:04 -07:00
vsavkin
d00b26d941
refactor(router): update link to reuse url segments when possible
2016-05-04 14:51:04 -07:00
vsavkin
12637a761c
refactor(router): make names consistent
2016-05-04 14:50:00 -07:00
vsavkin
1a0aea67a0
feat(core): add a component resolver that can load components lazily using system.js
2016-05-04 14:50:00 -07:00
vsavkin
0f1465b899
feat(router): update router to support lazy loading
2016-05-04 14:50:00 -07:00
Tobias Bosch
c0cfd3c6ed
chore: remove ts-metadata-collector from shrinkwrap
...
We need to use the locally installed one.
Closes #8467
2016-05-04 12:29:47 -07:00
Tobias Bosch
a81923b793
fix(compiler): emit correct types for literal arrays and maps.
2016-05-04 12:14:44 -07:00
Tobias Bosch
7150ace7c7
fix(compiler): support lifecycle hooks in compiler_cli
2016-05-04 12:14:43 -07:00
Tobias Bosch
bdce154282
chore: add test script for compiler_cli
2016-05-04 12:14:43 -07:00
Tobias Bosch
5a84048f72
chore: adjust build for `tools/metadata` name change
2016-05-04 12:14:38 -07:00
Tobias Bosch
188bda813e
chore: rename `tools/metadata` into `tools/ts-metadata-collector`
...
Needed to that we can use the locally compiled one during
our tests.
2016-05-04 10:53:28 -07:00
Tobias Bosch
29700aa188
feat(metadata): emit all methods
...
This is needed to detect lifecycle hooks.
2016-05-04 09:11:04 -07:00