angular-parse-ext
Advanced tools
Changelog
1.8.1 mutually-supporting (2020-09-30)
$compileProvider.aHrefSanitizationWhitelist
~~.
It is now aHrefSanitizationTrustedUrlList
.$compileProvider.imgSrcSanitizationWhitelist
~~.
It is now imgSrcSanitizationTrustedUrlList
.$httpProvider.xsrfWhitelistedOrigins
~~.
It is now xsrfTrustedOrigins
.$sceDelegateProvider.resourceUrlWhitelist
~~.
It is now trustedResourceUrlList
.$sceDelegateProvider.resourceUrlBlacklist
~~.
It is now bannedResourceUrlList
.For the purposes of backward compatibility, the previous symbols are aliased to their new symbol.
<a name="1.8.0"></a>
Changelog
1.8.0 nested-vaccination (2020-06-01)
This release contains a breaking change to resolve a security issue which was discovered by Krzysztof Kotowicz(@koto); and independently by Esben Sparre Andreasen (@esbena) while performing a Variant Analysis of CVE-2020-11022 which itself was found and reported by Masato Kinugawa (@masatokinugawa).
JqLite no longer turns XHTML-like strings like <div /><span />
to sibling elements <div></div><span></span>
when not in XHTML mode. Instead it will leave them as-is. The browser, in non-XHTML mode, will convert these to:
<div><span></span></div>
.
This is a security fix to avoid an XSS vulnerability if a new jqLite element is created from a user-controlled HTML string. If you must have this functionality and understand the risk involved then it is posible to restore the original behavior by calling
angular.UNSAFE_restoreLegacyJqLiteXHTMLReplacement();
But you should adjust your code for this change and remove your use of this function as soon as possible.
Note that this only patches jqLite. If you use jQuery 3.5.0 or newer, please read the jQuery 3.5 upgrade guide for more details about the workarounds.
<a name="1.7.9"></a>
Changelog
1.7.9 pollution-eradication (2019-11-19)
<a name="1.7.8"></a>
Changelog
1.7.6 gravity-manipulation (2019-01-17)
contenteditable
before blocking spacebar
(289374,
#16762)ngIf
on the same element
(b27080,
#16616,
#16729)<a name="1.7.5"></a>
Changelog
1.7.4 interstellar-exploration (2018-09-07)
undefined
(668a33,
#16653,
#16656)<a name="1.7.3"></a>