angular.js/docs/content/error, branch v1.2.2 feat($parse): revert hiding "private" properties 2013-11-14T07:25:09+00:00 Vojta Jina 2013-11-14T07:25:09+00:00 4ab16aaaf762e9038803da1f967ac8cb6650727d Hiding `_*` properties was a feature primarily for developers using Closure compiler and Google JS style. We didn't realize how many people will be affected by this change. We might introduce this feature in the future, probably under a config option, but it needs more research and so I'm reverting the change for now. This reverts commit 3d6a89e8888b14ae5cb5640464e12b7811853c7e. Closes #4926 Closes #4842 Closes #4865 Closes #4859 Closes #4849 Conflicts: src/ng/parse.js 
Hiding `_*` properties was a feature primarily for developers using Closure compiler and Google JS
style. We didn't realize how many people will be affected by this change.

We might introduce this feature in the future, probably under a config option, but it needs more
research and so I'm reverting the change for now.

This reverts commit 3d6a89e8888b14ae5cb5640464e12b7811853c7e.

Closes #4926
Closes #4842
Closes #4865
Closes #4859
Closes #4849

Conflicts:
	src/ng/parse.js
docs(errors/compile/tplrt): display html block as code 2013-11-13T21:06:37+00:00 Eddie Monge Jr 2013-11-07T21:57:00+00:00 a59976be18585033b29a9f323477f1194b53d3d7 HTML elements were getting parsed by as HTML elements Closes #4827 
HTML elements were getting parsed by as HTML elements

Closes #4827
fix($resource): don't use $parse for @dotted.member 2013-11-12T00:17:34+00:00 Chirayu Krishnappa 2013-11-09T04:44:32+00:00 9577702e8d2519c1a60f5ac4058e63bd7b919815 params and paramDefaults support looking up the parameter value from the data object. The syntax for that is `@nested.property.name`. Currently, $resource uses $parse to do this. This is too liberal (you can use values like `@a=b` or `@a | filter` and have it work - which doesn't really make sense). It also puts up a dependency on $parse which is has restrictions to secure expressions used in templates. The value here, though a string, is specified in Javascript code and shouldn't have those restrictions. 
params and paramDefaults support looking up the parameter value from the
data object.  The syntax for that is `@nested.property.name`.
Currently, $resource uses $parse to do this.  This is too liberal
(you can use values like `@a=b` or `@a | filter` and have it work -
which doesn't really make sense).  It also puts up a dependency on
$parse which is has restrictions to secure expressions used in
templates.  The value here, though a string, is specified in Javascript
code and shouldn't have those restrictions.
feat($parse): secure expressions by hiding "private" properties 2013-10-31T00:01:51+00:00 Chirayu Krishnappa 2013-10-18T02:44:36+00:00 3d6a89e8888b14ae5cb5640464e12b7811853c7e BREAKING CHANGE: This commit introduces the notion of "private" properties (properties whose names begin and/or end with an underscore) on the scope chain. These properties will not be available to Angular expressions (i.e. {{ }} interpolation in templates and strings passed to `$parse`) They are freely available to JavaScript code (as before). Motivation ---------- Angular expressions execute in a limited context.  They do not have direct access to the global scope, Window, Document or the Function constructor.  However, they have direct access to names/properties on the scope chain.  It has been a long standing best practice to keep sensitive APIs outside of the scope chain (in a closure or your controller.)  That's easier said that done for two reasons: (1) JavaScript does not have a notion of private properties so if you need someone on the scope chain for JavaScript use, you also expose it to Angular expressions, and (2) the new "controller as" syntax that's now in increased usage exposes the entire controller on the scope chain greatly increaing the exposed surface.  Though Angular expressions are written and controlled by the developer, they (1) typically deal with user input and (2) don't get the kind of test coverage that JavaScript code would.  This commit provides a way, via a naming convention, to allow publishing/restricting properties from controllers/scopes to Angular expressions enabling one to only expose those properties that are actually needed by the expressions. 
BREAKING CHANGE:
This commit introduces the notion of "private" properties (properties
whose names begin and/or end with an underscore) on the scope chain.
These properties will not be available to Angular expressions (i.e. {{
}} interpolation in templates and strings passed to `$parse`)  They are
freely available to JavaScript code (as before).

Motivation
----------
Angular expressions execute in a limited context.  They do not have
direct access to the global scope, Window, Document or the Function
constructor.  However, they have direct access to names/properties on
the scope chain.  It has been a long standing best practice to keep
sensitive APIs outside of the scope chain (in a closure or your
controller.)  That's easier said that done for two reasons: (1)
JavaScript does not have a notion of private properties so if you need
someone on the scope chain for JavaScript use, you also expose it to
Angular expressions, and (2) the new "controller as" syntax that's now
in increased usage exposes the entire controller on the scope chain
greatly increaing the exposed surface.  Though Angular expressions are
written and controlled by the developer, they (1) typically deal with
user input and (2) don't get the kind of test coverage that JavaScript
code would.  This commit provides a way, via a naming convention, to
allow publishing/restricting properties from controllers/scopes to
Angular expressions enabling one to only expose those properties that
are actually needed by the expressions.
docs(error/compile/tplrt): split long lines 2013-10-26T19:14:08+00:00 Pete Bacon Darwin 2013-10-26T19:13:27+00:00 0bbb9e6258bd60a2676a475acc92b13b2c3425dc 






docs(error/compile/tplrt): clarify and grammar
2013-10-26T19:14:08+00:00

gdennie

2013-10-19T13:02:33+00:00

81d5bc860dde93be0f6be3193c23458a2ae9ff5c

Closes #4503





Closes #4503







Clarification stemming from my own issues
2013-10-26T19:09:09+00:00

gdennie

2013-10-18T00:06:48+00:00

9f2c8e935a28fce0e898a2739c389e3f8cbc08a5

It is instructive to give literal examples that reflect common (my) experience of the problem. :)





It is instructive to give literal examples that reflect common (my) experience of the problem. :)







docs(error/multidir): improve the sentence fluency
2013-10-24T21:21:27+00:00

CloudDueling.com

2013-10-16T01:06:00+00:00

db9c6a3528e3307b1e320fd15b1341eb9b39e1b7

Closes #4449





Closes #4449







docs(modulerr): fix typo
2013-10-24T19:51:32+00:00

G.H. Naylor

2013-10-15T00:29:42+00:00

d3930fdfd9e8ef6a53432eafbcbf88f592e5d406

Closes #4418





Closes #4418







docs(guide/directive,guide/compiler,): drastically improve
2013-10-23T21:17:27+00:00

Brian Ford

2013-10-23T21:04:47+00:00

e69c2872939cda30f13a1a8390bbc61662c12d9a