All Versions
206
Latest Version
Avg Release Cycle
61 days
Latest Release
573 days ago

Changelog History
Page 1

  • v1.8.2 Changes

    October 21, 2020

    ๐Ÿ› Bug Fixes

    • $sceDelegate: ensure that resourceUrlWhitelist() is identical trustedResourceUrlList() (e41f01, #17090)
    • $sanitize: do not trigger CSP alert/report in Firefox and Chrome (2fab3d)

  • v1.8.1 Changes

    September 30, 2020

    ๐Ÿ› Bug Fixes

    • $sanitize: do not trigger CSP alert/report in Firefox and Chrome (2fab3d)

    ๐Ÿ”จ Refactorings

    • SanitizeUriProvider: remove usages of whitelist (76738102)
    • httpProvider: remove usages of whitelist and blacklist (c953af6b)
    • sceDelegateProvider: remove usages of whitelist and blacklist (a206e267)

    ๐Ÿ—„ Deprecation Notices

    For the purposes of backward compatibility, the previous symbols are aliased to their new symbol.

  • v1.8.0 Changes

    June 01, 2020

    ๐Ÿš€ This release contains a breaking change to resolve a security issue which was discovered by Krzysztof Kotowicz(@koto); and independently by Esben Sparre Andreasen (@esbena) while performing a Variant Analysis of CVE-2020-11022 which itself was found and reported by Masato Kinugawa (@masatokinugawa).

    ๐Ÿ› Bug Fixes

    • jqLite:
      • prevent possible XSS due to regex-based HTML replacement (2df43c)

    ๐Ÿ’ฅ Breaking Changes

    jqLite due to:

    • 2df43c: prevent possible XSS due to regex-based HTML replacement

    JqLite no longer turns XHTML-like strings like <div /><span /> to sibling elements <div></div><span></span> ๐Ÿ’ป when not in XHTML mode. Instead it will leave them as-is. The browser, in non-XHTML mode, will convert these to: <div><span></span></div>.

    ๐Ÿ”’ This is a security fix to avoid an XSS vulnerability if a new jqLite element is created from a user-controlled HTML string. โช If you must have this functionality and understand the risk involved then it is posible to restore the original behavior by calling

    angular.UNSAFE_restoreLegacyJqLiteXHTMLReplacement();

    ๐Ÿšš But you should adjust your code for this change and remove your use of this function as soon as possible.

    โฌ†๏ธ Note that this only patches jqLite. If you use jQuery 3.5.0 or newer, please read the jQuery 3.5 upgrade guide for more details about the workarounds.

  • v1.7.9 Changes

    November 19, 2019

    ๐Ÿ› Bug Fixes

  • v1.7.8 Changes

    March 11, 2019

    ๐Ÿ› Bug Fixes

    • required: correctly validate required on non-input element surrounded by ngIf (a4c7bd, #16830, #16836)

  • v1.7.7 Changes

    February 04, 2019

    ๐Ÿ› Bug Fixes

    • ngRequired: set error correctly when inside ngRepeat and false by default (5ad4f5, #16814, #16820)

  • v1.7.6 Changes

    January 17, 2019

    ๐Ÿ› Bug Fixes

    • $compile: fix ng-prop-* with undefined values (772440, #16797, #16798)
    • compile: properly handle false value for boolean attrs with jQuery (27486b, #16778, #16779)
    • ngRepeat:
      • fix reference to last collection value remaining across linkages (cf919a)
      • fix trackBy function being invoked with incorrect scope (d4d103, #16776, #16777)
    • aria/ngClick: check if element is contenteditable before blocking spacebar (289374, #16762)
    • input: prevent browsers from autofilling hidden inputs (7cbb10)
    • Angular: add workaround for Safari / Webdriver problem (eb49f6)
    • ๐Ÿ’ป $browser: normalize inputted URLs (2f72a6, #16606)
    • interpolate: do not create directives for constant media URL attributes (90a41d, #16734)
    • $q: allow third-party promise libraries (eefaa7, #16164, #16471)
    • urlUtils: make IPv6 URL's hostname wrapped in square brackets in IE/Edge (0e1bd7, #16692, #16715)
    • ngAnimateSwap: make it compatible with ngIf on the same element (b27080, #16616, #16729)
    • ngMock: make matchLatestDefinitionEnabled work (3cdffc, #16702)
    • ๐Ÿ’… ngStyle: skip setting empty value when new style has the property (d6098e, #16709)

    ๐ŸŽ Performance Improvements

  • v1.7.5 Changes

    October 04, 2018

    ๐Ÿ› Bug Fixes

  • v1.7.4 Changes

    September 07, 2018

    ๐Ÿ› Bug Fixes

    • ngAria.ngClick: prevent default event on space/enter only for non-interactive elements (61b335, #16664, #16680)
    • ngAnimate: remove the "prepare" classes with multiple structural animations (3105b2, #16681, #16677)
    • $route: correctly extract path params if the path contains a question mark or a hash (2ceeb7)
    • ngHref: allow numbers and other objects in interpolation (30084c, #16652, #16626)
    • select: allow to select first option with value undefined (668a33, #16653, #16656)

  • v1.7.3 Changes

    August 08, 2018

    ๐Ÿ› Bug Fixes

    • $location:
    • ngMock.$httpBackend:
    • Angular: add workaround for Safari / Webdriver problem (0a1db2, #16645)
    • $animate: avoid memory leak with $animate.enabled(element, enabled) (4bd424, #16649)
    • $compile:
    • ngEventDirs:
      • pass error in handler to $exceptionHandler when event was triggered in a digest (688211)
      • don't wrap the event handler in $apply if already in $digest (535ee3, #14673, #14674)
    • angular.element: do not break on cleanData() if _data() returns undefined (7cf4a2, #16641, #16642)
    • ngAria: do not scroll when pressing spacebar on custom buttons (3a517c, #14665, #16604)

    ๐Ÿ†• New Features

    ๐ŸŽ Performance Improvements

    • ngAnimate: avoid repeated calls to addClass/removeClass when animation has no duration (093635, #14165, #14166, #16613)