angular.js/test/ng/directive/ngCspSpec.js, branch v1.2.5 fix(csp): fix csp auto-detection and stylesheet injection 2013-10-19T00:33:53+00:00 Igor Minar 2013-10-15T22:00:22+00:00 08f376f2ea3d3bb384f10e3c01f7d48ed21ce351 When we refactored , we broke the csp mode because the previous implementation relied on the fact that it was ok to lazy initialize the .csp property, this is not the case any more. Besides, we need to know about csp mode during bootstrap and avoid injecting the stylesheet when csp is active, so I refactored the code to fix both issues. PR #4411 will follow up on this commit and add more improvements. Closes #917 Closes #2963 Closes #4394 Closes #4444 BREAKING CHANGE: triggering ngCsp directive via `ng:csp` attribute is not supported any more. Please use data-ng-csp instead. 
When we refactored , we broke the csp mode because the previous implementation
relied on the fact that it was ok to lazy initialize the .csp property, this
is not the case any more.

Besides, we need to know about csp mode during bootstrap and avoid injecting the
stylesheet when csp is active, so I refactored the code to fix both issues.

PR #4411 will follow up on this commit and add more improvements.

Closes #917
Closes #2963
Closes #4394
Closes #4444

BREAKING CHANGE: triggering ngCsp directive via `ng:csp` attribute is not
supported any more. Please use data-ng-csp instead.
feat($parse): CSP compatibility 2012-04-28T06:04:24+00:00 Igor Minar 2012-04-27T22:20:54+00:00 2b87c814ab70eaaff6359ce1a118f348c8bd2197 CSP (content security policy) forbids apps to use eval or Function(string) generated functions (among other things). For us to be compatible, we just need to implement the "getterFn" in $parse without violating any of these restrictions. We currently use Function(string) generated functions as a speed optimization. With this change, it will be possible to opt into the CSP compatible mode using the ngCsp directive. When this mode is on Angular will evaluate all expressions up to 30% slower than in non-CSP mode, but no security violations will be raised. In order to use this feature put ngCsp directive on the root element of the application. For example: <!doctype html> <html ng-app ng-csp> ... ... </html> Closes #893 
CSP (content security policy) forbids apps to use eval or
Function(string) generated functions (among other things). For us to be
compatible, we just need to implement the "getterFn" in $parse without
violating any of these restrictions.

We currently use Function(string) generated functions as a speed
optimization. With this change, it will be possible to opt into the CSP
compatible mode using the ngCsp directive. When this mode is on Angular
will evaluate all expressions up to 30% slower than in non-CSP mode, but
no security violations will be raised.

In order to use this feature put ngCsp directive on the root element of
the application. For example:

<!doctype html>
<html ng-app ng-csp>
  ...
  ...
</html>

Closes #893