Skip to content
This repository has been archived by the owner on Apr 12, 2024. It is now read-only.

Commit

Permalink
docs(changelog, guide/Migration): add info about $sce BC in 1.7
Browse files Browse the repository at this point in the history
Closes #16593
Closes #16622
  • Loading branch information
Narretz authored Jul 4, 2018
1 parent 3ad07ea commit 74726b4
Show file tree
Hide file tree
Showing 2 changed files with 61 additions and 2 deletions.
33 changes: 31 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -448,8 +448,8 @@ This in turn affects how dirty checking treats objects that prototypally
inherit from `Array` (e.g. MobX observable arrays). AngularJS will now
be able to handle these objects better when copying or watching.

### **$sce** due to:
- **[1e9ead](https://github.com/angular/angular.js/commit/1e9eadcd72dbbd5c67dae8328a63e535cfa91ff9)**: handle URL sanitization through the `$sce` service
### **$sce** :
- due to **[1e9ead](https://github.com/angular/angular.js/commit/1e9eadcd72dbbd5c67dae8328a63e535cfa91ff9)**: handle URL sanitization through the `$sce` service

If you use `attrs.$set` for URL attributes (a[href] and img[src]) there will no
longer be any automated sanitization of the value. This is in line with other
Expand All @@ -463,6 +463,35 @@ Note that values that have been passed through the `$interpolate` service within
`URL` or `MEDIA_URL` will have already been sanitized, so you would not need to sanitize
these values again.

- due to **[1e9ead](https://github.com/angular/angular.js/commit/1e9eadcd72dbbd5c67dae8328a63e535cfa91ff9)**: handle URL sanitization through the `$sce` service

binding `trustAs()` and the short versions (`trustAsResourceUrl()` et al.) to
`ngSrc`, `ngSrcset`, and `ngHref` will now raise an infinite digest error:

```js
$scope.imgThumbFn = function(id) {
return $sce.trustAsResourceUrl(someService.someUrl(id));
};
```

```html
<img ng-src="{{imgThumbFn(imgId)}}">
```
This is because the `$interpolate` service is now responsible for sanitizing
the attribute value, and its watcher receives a new object from `trustAs()`
on every digest.
To migrate, compute the trusted value only when the input value changes:

```js
$scope.$watch('imgId', function(id) {
$scope.imgThumb = $sce.trustAsResourceUrl(someService.someUrl(id));
});
```

```html
<img ng-src="{{imgThumb}}">
```

### **orderBy** due to:
- **[1d8046](https://github.com/angular/angular.js/commit/1d804645f7656d592c90216a0355b4948807f6b8)**: consider `null` and `undefined` greater than other values

Expand Down
30 changes: 30 additions & 0 deletions docs/content/guide/migration.ngdoc
Original file line number Diff line number Diff line change
Expand Up @@ -505,6 +505,36 @@ Note that values that have been passed through the `$interpolate` service within
`URL` or `MEDIA_URL` will have already been sanitized, so you would not need to sanitize
these values again.

<hr/>

Due to **[1e9ead](https://github.com/angular/angular.js/commit/1e9eadcd72dbbd5c67dae8328a63e535cfa91ff9)**,
binding {@link ng.$sce#trustAs trustAs()} and the short versions
({@link ng.$sce#trustAsResourceUrl trustAsResourceUrl()} et al.) to
{@link ng.ngSrc}, {@link ng.ngSrcset}, and {@link ng.ngHref} will now raise an infinite digest error:

```js
$scope.imgThumbFn = function(id) {
return $sce.trustAsResourceUrl(someService.someUrl(id));
};
```

```html
<img ng-src="{{imgThumbFn(imgId)}}">
```
This is because {@link ng.$interpolate} is now responsible for sanitizing
the attribute value, and its watcher receives a new object from `trustAs()`
on every digest.
To migrate, compute the trusted value only when the input value changes:

```js
$scope.$watch('imgId', function(id) {
$scope.imgThumb = $sce.trustAsResourceUrl(someService.someUrl(id));
});
```

```html
<img ng-src="{{imgThumb}}">
```


<a name="migrate1.6to1.7-ng-filters"></a>
Expand Down

0 comments on commit 74726b4

Please sign in to comment.