diff options
| author | Igor Minar | 2012-04-27 15:20:54 -0700 |
|---|---|---|
| committer | Igor Minar | 2012-04-27 23:04:24 -0700 |
| commit | 2b87c814ab70eaaff6359ce1a118f348c8bd2197 (patch) | |
| tree | 768d15a5b7b60f0560931763d7d093a4a571db35 /angularFiles.js | |
| parent | 2b1b2570344cfb55ba93b6f184bd3ee6db324419 (diff) | |
| download | angular.js-2b87c814ab70eaaff6359ce1a118f348c8bd2197.tar.bz2 | |
feat($parse): CSP compatibility
CSP (content security policy) forbids apps to use eval or
Function(string) generated functions (among other things). For us to be
compatible, we just need to implement the "getterFn" in $parse without
violating any of these restrictions.
We currently use Function(string) generated functions as a speed
optimization. With this change, it will be possible to opt into the CSP
compatible mode using the ngCsp directive. When this mode is on Angular
will evaluate all expressions up to 30% slower than in non-CSP mode, but
no security violations will be raised.
In order to use this feature put ngCsp directive on the root element of
the application. For example:
<!doctype html>
<html ng-app ng-csp>
...
...
</html>
Closes #893
Diffstat (limited to 'angularFiles.js')
| -rw-r--r-- | angularFiles.js | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/angularFiles.js b/angularFiles.js index d8be657a..fb332a8a 100644 --- a/angularFiles.js +++ b/angularFiles.js @@ -45,6 +45,7 @@ angularFiles = { 'src/ng/directive/ngClass.js', 'src/ng/directive/ngCloak.js', 'src/ng/directive/ngController.js', + 'src/ng/directive/ngCsp.js', 'src/ng/directive/ngEventDirs.js', 'src/ng/directive/ngInclude.js', 'src/ng/directive/ngInit.js', |