346304762e
feat(security): document <iframe src> to be TRUSTED_URL.
...
Docs on the DomSanitizationService didn't match actual usage before.
Also fixes some minor docs and implementation issues.
2016-06-08 20:49:15 -07:00
86fbd50c3d
refactor(TypeScript): Add noImplicitAny
...
We automatically insert explicit 'any's where needed. These need to be
addressed as in #9100 .
Fixes #4924
2016-06-08 16:20:50 -07:00
e504d4eb05
fix(renderer): remove unecessary setElementStyles method
...
There is no need to expose this additional method inside of the Renderer
API. The functionality can be restored by looping and calling
`setElementStyle` instead.
Note that this change is changing code that was was introduced after
the last release therefore this fix is not a breaking change.
Closes #9000
Closes #9009
2016-06-03 15:20:34 -07:00
a6ad61d83e
refactor: change provide(...) for {provide: ...}
...
- provide() is deprecated,
- {} syntax is required by the offline compiler
2016-06-03 15:03:49 -07:00
27a47e7841
refactor(imports): simplify paths
2016-06-03 14:46:04 -07:00
fa0718ba9a
feat(animations): provide support for offline compilation
2016-06-03 14:36:11 -07:00
dd6cb233b5
build: add missing testing.ts entry points to tsconfigs
2016-06-01 10:43:22 -07:00
f2809d1ed8
fix(PostMessageBus):Add the worker scope to please Closure
2016-06-01 09:24:05 -07:00
f4f6b8721a
fix(core): Keep core exports seperate from core/testing exports.
2016-05-31 20:09:43 -07:00
4d793c4eb8
feat(security): Automatic XSRF handling.
...
Automatically recognize XSRF protection cookies, and set a corresponding XSRF
header. Allows applications to configure the cookie names, or if needed,
completely override the XSRF request configuration by binding their own
XSRFHandler implementation.
Part of #8511 .
2016-05-31 16:12:33 -07:00
c6064a30a1
chore(package.json): make the packages installable
2016-05-27 17:21:34 -07:00
2019050db2
chore(lint): enable duplicateModuleImport tslint check
2016-05-27 09:17:08 -07:00
b7b56785d1
fix(Renderer): update signatures to make RenderDebugInfo optional
...
The code does not force the user to provider `RenderDebugInfo`. The
current implementation lists this as a mandatory parameter. Update
the parameter to be optional.
Fixes #8466
Closes #8859
2016-05-26 10:32:03 -07:00
172a5663ef
feat(platform-browser-dynamic): re-add a deprecated platform-browser-dynamic
2016-05-26 10:22:39 -07:00
f4b972815b
fix(platform-browser): fix rollup config
2016-05-26 10:21:24 -07:00
bab6023eee
fix(router): Added pushState fallback for IE 9 browser.
...
Closes #6506
Closes #7929
2016-05-26 09:49:07 -07:00
5e12a95789
test(security): test case for quoted URL values.
...
Test case that fixes #8701 . This is already supported with the latest sanitizer
changes, but it's good to have an explicit test case.
2016-05-26 09:39:23 -07:00
b9347eb01c
build: remove dependency on tsd and use @types/* instead
2016-05-25 16:42:28 -07:00
4dbd8ed6b8
refactor: remove unnecessary annotations
2016-05-25 16:42:28 -07:00
cb980d3e43
fix(ci): incorrect import
2016-05-25 16:22:55 -07:00
d0a64f9c86
fix: broken build
2016-05-25 16:03:11 -07:00
39ecd01b86
chore: audit @angular/core API classification ( #8808 )
2016-05-25 15:00:05 -07:00
5e0f8cf3f0
feat(core): introduce support for animations
...
Closes #8734
2016-05-25 13:56:50 -07:00
16dfe3c63f
build: consolidate tsc to ease migration to @types/ based typings delivery
...
I actually tried to use @types/* directly but came across several issues which prevented me
from switching over:
- https://github.com/Microsoft/TypeScript/issues/8715
- https://github.com/Microsoft/TypeScript/issues/8723
2016-05-25 08:22:07 -07:00
5f3d02bc7c
fix(Animation): Problem decimals using commas as decimal separation
...
Tests where failing due to `.` character being used as decimal separator in some regional settings (like spanish for example)
Closes #6335
Closes #6338
2016-05-24 21:23:46 -07:00
d4827caa08
refactor(DomRootRenderer): allow registeredComponents access
...
Closes #6584
2016-05-24 21:17:11 -07:00
1ac38bd69a
feat(renderer): add a setElementStyles method
2016-05-24 18:42:05 -07:00
0f0a8ade7c
feat(http): automatically set request Content-Type header based on body type
...
Implement the ability to provide objects as request body. The following use cases
are supported:
* raw objects: a JSON payload is created and the content type set to `application/json`
* text: the text is used as it is and no content type header is automatically added
* URLSearchParams: a form payload is created and the content type set to `application/x-www-form-urlencoded`
* FormData: the object is used as it is and no content type header is automatically added
* Blob: the object is used as it is and the content type set with the value of its `type` property if any
* ArrayBuffer: the object is used as it is and no content type header is automatically added
Closes https://github.com/angular/http/issues/69
Closes #7310
2016-05-24 11:42:37 -07:00
75e6dfb9ab
fix(browser): platform code cleanup
2016-05-23 17:57:28 -07:00
f95a604b59
fix(bootstrap): swap coreBootstrap() and coreLoadAndBootstrap() arguments
2016-05-23 17:57:28 -07:00
fba0e2ff12
docs(browser.ts): update bootstrap injector override argument name
...
Closes #7387
2016-05-23 17:21:07 -07:00
b62415c962
refactor(chore): remove unused mapToObject and objectToMap methods from serializer
...
resolves #7402
Closes #7416
2016-05-23 17:20:25 -07:00
0795dd307b
refactor(chore): Replace all 'bindings' with 'providers'
...
BREAKING CHANGE
Deprecated `bindings:` and `viewBindings:` are replaced with
`providers:` and `viewProviders:`
Closes #7687
2016-05-23 13:31:08 -07:00
33c7f74cb9
style(platform/browser): fix type spacing
...
Closes #7980
2016-05-20 13:05:40 -07:00
0035575c82
build: turn on tsc's stripInternal when producint public d.ts file
...
I also made some changes to fix imports and remove some stuff that caused
breakage once stripInternals was turned on.
2016-05-20 10:59:57 -07:00
e8e61de28d
refactor(WebWorker): move XHR worker side
2016-05-20 10:48:55 -07:00
54f8308999
refactor(browser): merge static & dynamic platforms
2016-05-20 10:48:55 -07:00
6c99746f0b
Update tools.ts
...
Closes #8296
2016-05-20 10:12:54 -07:00
4086b49046
feat(enableDebugTools): return ComponentRef
...
allows for
```
bootstrap(App, [
...HTTP_PROVIDERS,
...ROUTER_PROVIDERS
])
.then(enableDebugTools)
```
without breaking the rule of always returning a value in a promise
2016-05-20 10:12:54 -07:00
6e62217b78
fix(WebWorker): remove the platform-browser dependency on compiler
2016-05-18 16:23:09 -07:00
a01a54c180
adds 'repository' metadata to npm modules ( #8649 )
2016-05-17 23:17:15 -07:00
15ae710d22
feat(security): allow url(...) style values.
...
Allows sanitized URLs for CSS properties. These can be abused for information
leakage, but only if the CSS rules are already set up to allow for it. That is,
an attacker cannot cause information leakage without controlling the style rules
present, or a very particular setup.
Fixes #8514 .
2016-05-17 11:23:31 +02:00
dd50124254
feat(security): allow data: URLs for images and videos.
...
Allows known-to-be-safe media types in data URIs.
Part of #8511 .
2016-05-17 10:57:14 +02:00
50c9bed630
feat(security): expose the safe value types.
...
This allows users to properly type their `SafeHtml`, `SafeStyle`, etc values.
Fixes #8568 .
2016-05-15 11:47:06 +02:00
8b1b427195
feat(security): support transform CSS functions for sanitization.
...
Fixes part of #8514 .
2016-05-14 13:25:45 +02:00
61b339678d
test(compiler): test schema generation only in Chrome
...
Closes #8581
2016-05-11 17:01:26 -07:00
3e68b7eb1f
feat(security): warn users when sanitizing in dev mode.
...
This should help developers to figure out what's going on when the sanitizer
strips some input.
Fixes #8522 .
2016-05-09 16:46:31 +02:00
9fbafba993
chore(parsing): change internal usage of @ to : for namespaced values
...
Closes #8346
2016-05-09 16:20:32 +02:00
7a524e3deb
feat(security): add tests for URL sanitization.
2016-05-09 16:00:24 +02:00
7b6c4d5acc
feat(security): add tests for style sanitisation.
2016-05-09 16:00:24 +02:00
