Compare commits

...

4 Commits

Author SHA1 Message Date
Pete Bacon Darwin 823939c969 docs(changelog): add release notes for 1.8.2 2020-10-21 12:49:04 +01:00
George Kalpakas d9f820a430 fix($sceDelegate): make resourceUrlWhitelist() is identical trustedResourceUrlList()
In commit a206e2675c, `$sceDelegateProvider`'s
`resourceUrlWhitelist()` was deprecated in favor of the new
`trustedResourceUrlList()`. However, although both properties were
assigned the same value, it was possible for an app to break if one of
the properties was overwritten in one part of the app (or a 3rd-party
library) while another part of the app interacts with the other,
non-overwritten property.

This commit fixes it by making `resourceUrlWhitelist()` a getter/setter
that delegates to `trustedResourceUrlList()`, ensuring that the two
properties will remain in sync. This, also, makes it consistent with
other similar deprecated properties, such as `$sceDelegateProvider`'s
`resourceUrlBlacklist()`.

Closes #17090
2020-10-14 15:46:11 +03:00
George Kalpakas 5e85ef3634 docs(*): fix docs on recently deprecated properties/methods
In commits 9679e58ec4e9d9e4b743..3dd42cea688a7b6f7789, some properties
and methods names including the terms whitelist/blacklist were
deprecated in favor of new ones not including the terms.

This commit fixes some typos in docs related to these changes and adds
links to the new properties/methods in the changelog for easier access.

Fixes #17088
2020-10-14 15:46:11 +03:00
frosty 1c64a350f3 docs(version-support-status): add link to extended long term support 2020-10-08 19:17:26 +01:00
6 changed files with 61 additions and 19 deletions
+24 -8
View File
@@ -1,3 +1,14 @@
<a name="1.8.2"></a>
# 1.8.2 meteoric-mining (2020-10-21)
## Bug Fixes
- **$sceDelegate:** ensure that `resourceUrlWhitelist()` is identical `trustedResourceUrlList()`
([e41f01](https://github.com/angular/angular.js/commit/e41f018959934bfbf982ba996cd654b1fce88d43),
[#17090](https://github.com/angular/angular.js/issues/17090))
- **$sanitize:** do not trigger CSP alert/report in Firefox and Chrome
([2fab3d](https://github.com/angular/angular.js/commit/2fab3d4e00f4fe35bfa3cf255160cb97404baf24))
<a name="1.8.1"></a>
# 1.8.1 mutually-supporting (2020-09-30)
@@ -8,19 +19,24 @@
## Refactorings
- **SanitizeUriProvider:** remove usages of whitelist
([76738102](https:github.com/angular/angular.js/commit/767381020d88bda2855ac87ca6f00748907e14ff))
([76738102](https://github.com/angular/angular.js/commit/767381020d88bda2855ac87ca6f00748907e14ff))
- **httpProvider:** remove usages of whitelist and blacklist
([c953af6b](https:github.com/angular/angular.js/commit/c953af6b8cfeefe4acc0ca358550eed5da8cfe00))
([c953af6b](https://github.com/angular/angular.js/commit/c953af6b8cfeefe4acc0ca358550eed5da8cfe00))
- **sceDelegateProvider:** remove usages of whitelist and blacklist
([a206e267](https:github.com/angular/angular.js/commit/a206e2675c351c3cdcde3402978126774c1c5df9))
([a206e267](https://github.com/angular/angular.js/commit/a206e2675c351c3cdcde3402978126774c1c5df9))
## Deprecation Notices
- Deprecated ~~`aHrefSanitizationWhitelist`~~. It is now `aHrefSanitizationTrustedUri`
- Deprecated ~~`imgSrcSanitizationWhitelist`~~. It is now `imgSrcSanitizationTrustedUri`
- Deprecated ~~`xsrfWhitelistedOrigins`~~. It is now `xsrfTrustedOrigins`
- Deprecated ~~`resourceUrlWhitelist`~~. It is now `trustedResourceUrlList`
- Deprecated ~~`resourceUrlBlacklist`~~. It is now `bannedResourceUrlList`
- Deprecated ~~`$compileProvider.aHrefSanitizationWhitelist`~~.
It is now [aHrefSanitizationTrustedUrlList](https://docs.angularjs.org/api/ng/provider/$compileProvider#aHrefSanitizationTrustedUrlList)`.
- Deprecated ~~`$compileProvider.imgSrcSanitizationWhitelist`~~.
It is now [imgSrcSanitizationTrustedUrlList](https://docs.angularjs.org/api/ng/provider/$compileProvider#imgSrcSanitizationTrustedUrlList).
- Deprecated ~~`$httpProvider.xsrfWhitelistedOrigins`~~.
It is now [xsrfTrustedOrigins](https://docs.angularjs.org/api/ng/provider/$httpProvider#xsrfTrustedOrigins).
- Deprecated ~~`$sceDelegateProvider.resourceUrlWhitelist`~~.
It is now [trustedResourceUrlList](https://docs.angularjs.org/api/ng/provider/$sceDelegateProvider#trustedResourceUrlList).
- Deprecated ~~`$sceDelegateProvider.resourceUrlBlacklist`~~.
It is now [bannedResourceUrlList](https://docs.angularjs.org/api/ng/provider/$sceDelegateProvider#bannedResourceUrlList).
For the purposes of backward compatibility, the previous symbols are aliased to their new symbol.
+1 -1
View File
@@ -2663,7 +2663,7 @@ $scope.findTemplate = function(templateName) {
return templateCache[templateName];
};
// Alternatively, use `$sceDelegateProvider..resourceUrlWhitelist()` (called
// Alternatively, use `$sceDelegateProvider.resourceUrlWhitelist()` (called
// `trustedResourceUrlList()` from 1.8.1 onwards), which means you don't
// have to use `$sce.trustAsResourceUrl()` at all:
@@ -51,3 +51,11 @@ AngularJS 1.2.x will get a new version if and only if a new severe security issu
### Blog Post
You can read more about these plans in our [blog post announcement](https://blog.angular.io/stable-angularjs-and-long-term-support-7e077635ee9c).
### Extended Long Term Support
If you need support for AngularJS beyond December 2021, you should consider:
* [XLTS.dev](https://angularjs.xlts.dev)
+6 -6
View File
@@ -1734,15 +1734,15 @@ function $CompileProvider($provide, $$sanitizeUriProvider) {
* @deprecated
* sinceVersion="1.8.1"
*
* This function is deprecated. Use {@link $compileProvider#aHrefSanitizationTrustedUrlList
* This method is deprecated. Use {@link $compileProvider#aHrefSanitizationTrustedUrlList
* aHrefSanitizationTrustedUrlList} instead.
*/
Object.defineProperty(this, 'aHrefSanitizationWhitelist', {
get: function() {
return this.aHrefSanitizationTrustedUrlList;
},
set: function(regexp) {
this.aHrefSanitizationTrustedUrlList = regexp;
set: function(value) {
this.aHrefSanitizationTrustedUrlList = value;
}
});
@@ -1785,15 +1785,15 @@ function $CompileProvider($provide, $$sanitizeUriProvider) {
* @deprecated
* sinceVersion="1.8.1"
*
* This function is deprecated. Use {@link $compileProvider#imgSrcSanitizationTrustedUrlList
* This method is deprecated. Use {@link $compileProvider#imgSrcSanitizationTrustedUrlList
* imgSrcSanitizationTrustedUrlList} instead.
*/
Object.defineProperty(this, 'imgSrcSanitizationWhitelist', {
get: function() {
return this.imgSrcSanitizationTrustedUrlList;
},
set: function(regexp) {
this.imgSrcSanitizationTrustedUrlList = regexp;
set: function(value) {
this.imgSrcSanitizationTrustedUrlList = value;
}
});
+1 -1
View File
@@ -436,7 +436,7 @@ function $HttpProvider() {
* @deprecated
* sinceVersion="1.8.1"
*
* This function is deprecated. Use {@link $httpProvider#xsrfTrustedOrigins xsrfTrustedOrigins}
* This property is deprecated. Use {@link $httpProvider#xsrfTrustedOrigins xsrfTrustedOrigins}
* instead.
*/
Object.defineProperty(this, 'xsrfWhitelistedOrigins', {
+21 -3
View File
@@ -215,7 +215,26 @@ function $SceDelegateProvider() {
}
return trustedResourceUrlList;
};
this.resourceUrlWhitelist = this.trustedResourceUrlList;
/**
* @ngdoc method
* @name $sceDelegateProvider#resourceUrlWhitelist
* @kind function
*
* @deprecated
* sinceVersion="1.8.1"
*
* This method is deprecated. Use {@link $sceDelegateProvider#trustedResourceUrlList
* trustedResourceUrlList} instead.
*/
Object.defineProperty(this, 'resourceUrlWhitelist', {
get: function() {
return this.trustedResourceUrlList;
},
set: function(value) {
this.trustedResourceUrlList = value;
}
});
/**
* @ngdoc method
@@ -242,7 +261,6 @@ function $SceDelegateProvider() {
* The **default value** when no trusted resource URL list has been explicitly set is the empty
* array (i.e. there is no `bannedResourceUrlList`.)
*/
this.bannedResourceUrlList = function(value) {
if (arguments.length) {
bannedResourceUrlList = adjustMatchers(value);
@@ -258,7 +276,7 @@ function $SceDelegateProvider() {
* @deprecated
* sinceVersion="1.8.1"
*
* This function is deprecated. Use {@link $sceDelegateProvider#bannedResourceUrlList
* This method is deprecated. Use {@link $sceDelegateProvider#bannedResourceUrlList
* bannedResourceUrlList} instead.
*/
Object.defineProperty(this, 'resourceUrlBlacklist', {