| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-10-30 | feat($parse): secure expressions by hiding "private" properties | Chirayu Krishnappa | |
| BREAKING CHANGE: This commit introduces the notion of "private" properties (properties whose names begin and/or end with an underscore) on the scope chain. These properties will not be available to Angular expressions (i.e. {{ }} interpolation in templates and strings passed to `$parse`) They are freely available to JavaScript code (as before). Motivation ---------- Angular expressions execute in a limited context. They do not have direct access to the global scope, Window, Document or the Function constructor. However, they have direct access to names/properties on the scope chain. It has been a long standing best practice to keep sensitive APIs outside of the scope chain (in a closure or your controller.) That's easier said that done for two reasons: (1) JavaScript does not have a notion of private properties so if you need someone on the scope chain for JavaScript use, you also expose it to Angular expressions, and (2) the new "controller as" syntax that's now in increased usage exposes the entire controller on the scope chain greatly increaing the exposed surface. Though Angular expressions are written and controlled by the developer, they (1) typically deal with user input and (2) don't get the kind of test coverage that JavaScript code would. This commit provides a way, via a naming convention, to allow publishing/restricting properties from controllers/scopes to Angular expressions enabling one to only expose those properties that are actually needed by the expressions. | |||
| 2013-10-26 | docs(error/compile/tplrt): split long lines | Pete Bacon Darwin | |
| 2013-10-26 | docs(error/compile/tplrt): clarify and grammar | gdennie | |
| Closes #4503 | |||
| 2013-10-26 | Clarification stemming from my own issues | gdennie | |
| It is instructive to give literal examples that reflect common (my) experience of the problem. :) | |||
| 2013-10-24 | docs(error/multidir): improve the sentence fluency | CloudDueling.com | |
| Closes #4449 | |||
| 2013-10-24 | docs(modulerr): fix typo | G.H. Naylor | |
| Closes #4418 | |||
| 2013-10-23 | docs(guide/directive,guide/compiler,): drastically improve | Brian Ford | |
| 2013-10-18 | docs: correct broken links | Vojta Jina | |
| This also contains some whitespace corrections by my editor. | |||
| 2013-10-15 | docs($rootScope): better document infinite digest and ttl | Igor Minar | |
| 2013-10-07 | fix(*): protect calls to hasOwnProperty in public API | Peter Bacon Darwin | |
| Objects received from outside AngularJS may have had their `hasOwnProperty` method overridden with something else. In cases where we can do this without incurring a performance penalty we call directly on Object.prototype.hasOwnProperty to ensure that we use the correct method. Also, we have some internal hash objects, where the keys for the map are provided from outside AngularJS. In such cases we either prevent `hasOwnProperty` from being used as a key or provide some other way of preventing our objects from having their `hasOwnProperty` overridden. BREAKING CHANGE: Inputs with name equal to "hasOwnProperty" are not allowed inside form or ngForm directives. Before, inputs whose name was "hasOwnProperty" were quietly ignored and not added to the scope. Now a badname exception is thrown. Using "hasOwnProperty" for an input name would be very unusual and bad practice. Either do not include such an input in a `form` or `ngForm` directive or change the name of the input. Closes #3331 | |||
| 2013-10-01 | feat($sce): simpler patterns for $sceDelegateProviders white/blacklists | Chirayu Krishnappa | |
| Closes #4006 | |||
| 2013-09-30 | fix(ngTransclude): detect ngTranslude usage without a transclusion directive | jankuca | |
| Closes #3759 | |||
| 2013-09-30 | docs(minerr): add note about ngRoute in injector/modulerr | Brian Ford | |
| 2013-09-26 | docs(minerr): fix broken style from long line in nonassign | Brian Ford | |
| 2013-09-17 | fix($parse): disallow access to window and dom in expressions | Chirayu Krishnappa | |
| 2013-08-15 | chore(minerr): move $sce:insecurl file to sce directory | Ken Sheedlo | |
| Closes #3568 | |||
| 2013-08-12 | docs(minErr): add location/ipthprfx | Igor Minar | |
| 2013-08-12 | docs(minErr): add location/isrcharg docs | Igor Minar | |
| 2013-08-12 | docs(minErr): add location/ihshprfx | Igor Minar | |
| 2013-08-12 | chore($location): drop bugus error | Igor Minar | |
| we can never get to this state, so dropping the error | |||
| 2013-08-09 | style(minerr): prefer component name as namespace | Ken Sheedlo | |
| Closes #3527 | |||
| 2013-08-09 | fix(re-bootstrap): Throw an error when bootstrapping a bootstrapped element. | Jeff Cross | |
| Nothing would prevent a user from accidentally calling angular.bootstrap on an element that had already been bootstrapped. If this was done, odd behavior could manifest in an application, causing different scopes to update the same DOM, and causing debugger confusion. This fix adds a check inside of angular.bootstrap to check if the passed-in element already has an injector, and if so, will throw an error. | |||
| 2013-08-09 | docs(jqLite): update the minErr codes for on() and off() | Igor Minar | |
| 2013-08-08 | docs(compile/tplrt): description for compile/tplrt error | Misko Hevery | |
| Closes #3459 | |||
| 2013-08-08 | docs(compile/selmulti): description for compile/selmulti error | Misko Hevery | |
| Closes #3459 | |||
| 2013-08-08 | docs(compile/nodomevents): description for compile/nodomevents error | Misko Hevery | |
| Closes #3459 | |||
| 2013-08-08 | docs(compile/notassign): description for compile/notassign error | Misko Hevery | |
| Closes #3459 | |||
| 2013-08-08 | docs(compile/multidir): description for compile/multidir error | Misko Hevery | |
| Closes #3459 | |||
| 2013-08-08 | docs(minErr): add controller/noscp docs | Igor Minar | |
| 2013-08-08 | docs(minErr): add rootScope/inprog docs | Igor Minar | |
| 2013-08-08 | docs(minErr): improve compiler/iscp | Igor Minar | |
| 2013-08-08 | docs(minErr): improve sce/icontext | Igor Minar | |
| 2013-08-08 | docs(minErr): improve sce/iequirks doc | Igor Minar | |
| 2013-08-08 | docs(minerr): add description for ngResource:badargs | Ken Sheedlo | |
| Closes #3510 | |||
| 2013-08-08 | docs(minErr): add minErr description for jqLite:nosel | Brian Ford | |
| Closes #3426 | |||
| 2013-08-08 | docs(minerr): add description for ngResource:badcfg | Ken Sheedlo | |
| Closes #3509 | |||
| 2013-08-08 | docs(minErr): rename compile/utrat to compile/uterdir | Igor Minar | |
| 2013-08-08 | docs(minerr): add description for $compile:utrat | Ken Sheedlo | |
| Closes #3507 | |||
| 2013-08-08 | docs(minErr): improve sce/isecurl doc | Igor Minar | |
| 2013-08-08 | docs(minErr): rename sce/isecrurl to sce/insecurl | Igor Minar | |
| 2013-08-08 | docs(minErr): improve sce/itype.ngdoc | Igor Minar | |
| 2013-08-08 | docs(minErr): add minErr description for $compile:ctreq | Brian Ford | |
| Closes #3423 | |||
| 2013-08-07 | docs(minerr): fill in error message descriptions | Ken Sheedlo | |
| Errors I've documented so far: - `$injector:cdep` - `$injector:itkn` - `$injector:modulerr` - `$injector:nomod` - `$injector:pget` - `$injector:unpr` - `ng:areq` - `ng:cpi` - `ng:cpws` - `ngModel:noass` Closes #3430 | |||
| 2013-08-07 | docs(minerr): add description for $rootScope:infdig | Ken Sheedlo | |
| 2013-08-07 | docs(minErr): add minErr description for $compile:tpload | Brian Ford | |
| Closes #3427 | |||
| 2013-08-07 | docs(error): updated description for ngPattern/noregexp.ngdoc | naomiblack | |
| 2013-08-07 | docs(error): added description for ngOptions/iexp.ngdoc | naomiblack | |
| Closes #3431 | |||
| 2013-08-07 | docs(error): added description for ngSanitize/badparse.ngdoc | naomiblack | |
| Closes #3438 | |||
| 2013-08-07 | docs(minErr): improve $parse/isecfn | Igor Minar | |
| 2013-08-07 | docs(minerr): Adds a description for parser.lexerr | James deBoer | |
| Closes #3433 | |||
 |
index : angular.js | |
| aboutsummaryrefslogtreecommitdiffstats |