| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2011-01-10 | Rename angular.foreach to angular.forEach to make the api consistent. | Igor Minar | |
| camelcase is used for other angular functions and forEach is also used by EcmaScript standard. - rename the internal as well as the external function name - tweak the implementation of the function so that it doesn't clober it self when we extend the angular object with an object that has a forEach property equal to this forEach function Closes #85 | |||
| 2010-12-06 | fixing closure compiler warnings | Igor Minar | |
| 2010-12-06 | fixing lint warnings in older code | Igor Minar | |
| 2010-12-03 | Fix sanitization issues as suggested by evn | Misko Hevery | |
| 2010-11-29 | Fixed sanitization | Misko Hevery | |
| * explicitly require full URLs (ftp|https?://...) * list the URI attributes * remove a lot of unneeded attributes | |||
| 2010-10-26 | fix closure compile warnings | Misko Hevery | |
| 2010-10-26 | create HTML sanitizer to allow inclusion of untrusted HTML in safe manner. | Misko Hevery | |
| Sanitization works in two phases: 1) We parse the HTML into sax-like events (start, end, chars). HTML parsing is very complex, and so it may very well be that what most browser consider valid HTML may not pares properly here, but we do best effort. We treat this parser as untrusted. 2) We have safe sanitizeWriter which treats its input (start, end, chars) as untrusted content and escapes everything. It only allows elements in the whitelist and only allows attributes which are whitelisted. Any attribute value must not start with 'javascript:'. This check is performed after escaping for entity (&xAB; etc..) and ignoring any whitespace. - Correct linky filter to use safeHtmlWriter - Correct html filter to use safeHtmlWriter Close #33; Close #34 | |||
 |
index : angular.js | |
| aboutsummaryrefslogtreecommitdiffstats |