Commit Graph

297 Commits

Author SHA1 Message Date
Martin Probst 040b101842 feat(security): complete DOM security schema.
This addresses several oversights in assigning security contexts to DOM schema
elements found by our security reviewers (thanks!).

This also adds some more precise unit tests for the interaction between
(Dom)ElementSchemaRegistry and the TemplateParser, and extracts the security
specific parts into dom_security_schema.ts.

Comparison of (potentially) dangerous property names is done case insensitive,
to avoid issues like formAction vs formaction.

Part of issue #8511.
2016-05-27 11:47:33 -07:00
Alex Eagle b5d14c26d2 chore(lint): enable requireInternalWithUnderscore tslint check 2016-05-27 09:31:18 -07:00
Alex Eagle 2019050db2 chore(lint): enable duplicateModuleImport tslint check 2016-05-27 09:17:08 -07:00
Victor Berchet 307d105d2c fix(DomRegistry): fix svg support 2016-05-26 16:46:00 -07:00
Alex Eagle 0b6967fd74 chore(lint): fix missing semicolon to make Circle green (#8877) 2016-05-26 16:43:15 -07:00
laco0416 f93512bf27 feat(ViewEncapsulation): default ViewEncapsulation to configurable
BREAKING CHANGES:

DirectiveNormalizer takes new constructor arguments, `config:CompilerConfig`.

Closes #7883
2016-05-26 13:23:37 -07:00
Suguru Inatomi c3fafa0651 feat(change_detection): make INTERPOLATE_REGEXP customizable (#7417)
BREAKING CHANGES:

`Parser` constructor required new parameter `config: CompilerConfig` as second argument.
2016-05-26 13:08:39 -07:00
Andrii Nechytailov 9036f78b74 fix(compiler): throw an error if variable with the same name is already defined. (#7209)
* fix(compiler): throw an error if variable with the same name is already defined. Closes #6492

* fix(compiler): Clean up formatting for issue #6492

* fix(compiler): throw an error if reference with the same name is already defined.

Closes #6492
2016-05-26 13:04:17 -07:00
Igor Minar 85ce184197 refactor(compiler): remove obsolete code (#8837) 2016-05-26 10:15:47 -07:00
Miško Hevery 39ecd01b86 chore: audit @angular/core API classification (#8808) 2016-05-25 15:00:05 -07:00
Matias Niemelä 5e0f8cf3f0 feat(core): introduce support for animations
Closes #8734
2016-05-25 13:56:50 -07:00
Igor Minar 16dfe3c63f build: consolidate tsc to ease migration to @types/ based typings delivery
I actually tried to use @types/* directly but came across several issues which prevented me
from switching over:
- https://github.com/Microsoft/TypeScript/issues/8715
- https://github.com/Microsoft/TypeScript/issues/8723
2016-05-25 08:22:07 -07:00
Wesley Cho 53628e19ac fix(compiler): add ability to parse : in * directives
- Add ability to parse bindings properly when `:` is present when using a directive with the `*` prefix

Closes #6038
2016-05-24 21:43:10 -07:00
Grégory Bataille 60a2ba87d4 fix(#7099): support for comment finishing with multiple dashes
<!-- xxxx ------->

The issue came from a lack of support for backtracking on string
matching.
The way it is done, if the "end pattern" for consumeRawText starts with
twice the same character, you end up having problem when your string
being parsed has 3 times this char

Example
End string: xxyz
string to parse: aaaaaaxxxyz

calling consumeRawText(false, 'x', attemptParseStr('xyz')) would fail

Closes #7119
2016-05-24 21:01:41 -07:00
Victor Berchet 3e5716ec16 feat(i18n): support implicit tags/attributes 2016-05-24 10:12:19 -07:00
Tero Parviainen ceac045a7f fix(compiler): have CSS parser support nested parentheses inside functions
Closes #7580
2016-05-23 16:58:15 -07:00
Ward Bell 0a872ffd38 feat(core/linker): add SimpleChanges type to lifecycle_hooks to simplify OnChanges signature
Closes #8557
2016-05-23 16:11:52 -07:00
Vamsi Varikuti 0795dd307b refactor(chore): Replace all 'bindings' with 'providers'
BREAKING CHANGE

Deprecated `bindings:` and `viewBindings:` are replaced with
`providers:` and `viewProviders:`

Closes #7687
2016-05-23 13:31:08 -07:00
alexcastillo cb84cbf545 feat(shadow_css): add encapsulation support for CSS @supports at-rule
Closes #7944
2016-05-20 13:02:24 -07:00
Igor Minar 0035575c82 build: turn on tsc's stripInternal when producint public d.ts file
I also made some changes to fix imports and remove some stuff that caused
breakage once stripInternals was turned on.
2016-05-20 10:59:57 -07:00
Victor Berchet 54f8308999 refactor(browser): merge static & dynamic platforms 2016-05-20 10:48:55 -07:00
Joost de Vries a01a54c180 adds 'repository' metadata to npm modules (#8649) 2016-05-17 23:17:15 -07:00
Marc Laval 61b339678d test(compiler): test schema generation only in Chrome
Closes #8581
2016-05-11 17:01:26 -07:00
Alex Eagle 817ddfa847 fix(compiler): allow --noImplicitAny 2016-05-11 16:56:12 -07:00
Alex Eagle 9e3df8eefe chore(tsickle): remove redundant jsdoc types
tsickle doesn't like them, and anyway they are bound to get out-of-sync with the inline TS types
2016-05-10 17:38:10 +02:00
Matias Niemelä 9fbafba993 chore(parsing): change internal usage of `@` to `:` for namespaced values
Closes #8346
2016-05-09 16:20:32 +02:00
Martin Probst 67ed2e2c0a feat(security): fill in missing security contexts.
Reviewers: koto, rjamet, molnarg

Differential Revision: https://reviews.angular.io/D109
2016-05-04 19:28:50 -07:00
vsavkin 1a0aea67a0 feat(core): add a component resolver that can load components lazily using system.js 2016-05-04 14:50:00 -07:00
vsavkin 0f1465b899 feat(router): update router to support lazy loading 2016-05-04 14:50:00 -07:00
Tobias Bosch a81923b793 fix(compiler): emit correct types for literal arrays and maps. 2016-05-04 12:14:44 -07:00
Tobias Bosch 7150ace7c7 fix(compiler): support lifecycle hooks in compiler_cli 2016-05-04 12:14:43 -07:00
Tobias Bosch edec158dd8 fix(compiler_cli): allow to use builtin directives like `NgIf`, …
Related to #8448
Closes #8454
2016-05-03 20:49:17 -07:00
Tobias Bosch 0297398f5e chore: clang-format master 2016-05-03 18:56:39 -07:00
Tobias Bosch eba6e7946d refactor(compiler_cli): move it into modules/@angular and integrate properly into the build
This also does no more depend on a version
on npm for the compiler_cli.

Also runs the tests for tools/metadata
2016-05-03 15:57:49 -07:00
Igor Minar 905f38acb8 build: fix source map paths for npm packages
the bundles have source mpas disabled for now because when we downlevel
the esm bundle to es5 tsc doesn't consider the original source map so
we end up with a source map pointing to the esm bundle instead which is
not useful.
2016-05-03 13:36:33 -06:00
Vikram Subramanian 509f4ec611 fix(testing): Check for pending macrotasks in ComponentFixture.whenStable() and ComponentFixture.isStable()
Closes #8389
2016-05-03 11:50:35 -07:00
Martin Probst 908a102a87 feat: security implementation in Angular 2.
Summary:
This adds basic security hooks to Angular 2.

* `SecurityContext` is a private API between core, compiler, and
  platform-browser. `SecurityContext` communicates what context a value is used
  in across template parser, compiler, and sanitization at runtime.
* `SanitizationService` is the bare bones interface to sanitize values for a
  particular context.
* `SchemaElementRegistry.securityContext(tagName, attributeOrPropertyName)`
  determines the security context for an attribute or property (it turns out
  attributes and properties match for the purposes of sanitization).

Based on these hooks:

* `DomSchemaElementRegistry` decides what sanitization applies in a particular
  context.
* `DomSanitizationService` implements `SanitizationService` and adds *Safe
  Value*s, i.e. the ability to mark a value as safe and not requiring further
  sanitization.
* `url_sanitizer` and `style_sanitizer` sanitize URLs and Styles, respectively
  (surprise!).

`DomSanitizationService` is the default implementation bound for browser
applications, in the three contexts (browser rendering, web worker rendering,
server side rendering).

BREAKING CHANGES:
*** SECURITY WARNING ***
Angular 2 Release Candidates do not implement proper contextual escaping yet.
Make sure to correctly escape all values that go into the DOM.
*** SECURITY WARNING ***

Reviewers: IgorMinar

Differential Revision: https://reviews.angular.io/D103
2016-05-03 09:21:43 -07:00
Tobias Bosch dd6e0cf1b5 fix(compiler): fix where pipes live
Impure pipes need to live on the view
that used them and need a new instance for
each call site.

Impure pipes need to live on the component view, cached across all child views,
and need a new pure proxy for each for
each call site that lives on the view
of the call site.

Fixes #8408

This bug was introduced not long ago by 152a117d5c
2016-05-03 09:00:23 -07:00
Tobias Bosch 3a40cb1a85 fix(compiler): calculate the right moduleUrl 2016-05-02 22:36:32 -06:00
Tobias Bosch 00d3b6083c fix(compiler): support css stylesheets in offline compiler 2016-05-02 15:06:46 -07:00
Tobias Bosch 43527172ed chore: don’t shadow `tsconfig.json` used for editors by build specific tsconfig.json 2016-05-02 15:06:46 -07:00
Alex Eagle 3ae856ab8b build(tsc): Use angular2-template-compiler in place of tsc
This lets us down-level Decorators with tsickle and produce .metadata.json
files for users to reference when offline-compiling their app.
2016-05-01 23:40:59 -07:00
Misko Hevery 3e17c99f4e chore: clang-reformat 2016-05-01 22:59:41 -07:00
Alex Eagle c4be30d2e8 Revert "build(tsc): Use angular2-template-compiler in place of tsc"
This reverts commit 3d25294f706e0fd6224b20372be1e961959c0af8.
2016-05-01 20:51:00 -07:00
Alex Eagle 57240c85a5 build(tsc): Use angular2-template-compiler in place of tsc
This gives us tsickle pre-processing of Decorators, and produces
.metadata.json files for users to consume in their offline compilation.
2016-05-01 20:51:00 -07:00
Igor Minar a66cdb469f repackaging: all the repackaging changes squashed 2016-05-01 20:51:00 -07:00
Igor Minar 505da6c0a8 repackaging: all the file moves 2016-05-01 20:51:00 -07:00