fix(ng-bind-html): deep watch the actual $sce value, not its toString. #14527
Conversation
|
@rjamet FYI |
| $compile.$$addBindingClass(tElement); | ||
|
|
||
| return function ngBindHtmlLink(scope, element, attr) { | ||
| $compile.$$addBindingInfo(element, attr.ngBindHtml); | ||
|
|
||
| scope.$watch(ngBindHtmlWatch, function ngBindHtmlWatchAction() { | ||
| scope.$watch(ngBindHtmlGetter, function ngBindHtmlWatchAction(newVal) { | ||
| // we re-evaluate the expr because we want a TrustedValueHolderType |
There was a problem hiding this comment.
update the comment please
|
lgtm. @gkalpak, @petebacondarwin can you please help to merge this in? |
mprobst
force-pushed
the
deep-equal-ng.html
branch
2 times, most recently
from
3c7d36b to
8063521
Compare
|
FWIW, I don't think performance will be the same (in all cases). Running I wonder whether it would be worth it to use Anyway, I'll merge this once Travis is green and we can make further changes in subsequent PRs. |
|
The failures are legitimate. Basically, due to how Here is a failing testcase: inject(function($compile, $rootScope, $sce) {
$rootScope.getHtml = function() { return $sce.trustAsHtml($rootScope.snippet); };
element = $compile('<div ng-bind-html="getHtml()"></div>')($rootScope);
$rootScope.$apply('snippet = 1');
expect(element.text()).toBe('1');
$rootScope.$apply('snippet = 2');
expect(element.text()).toBe('2');
// It is still '1', because
// `angular.equals($sce.trustAsHtml('1'), $sce.trustAsHtml('2')) === true`
}); |
|
We can fix this by exposing the trusted value as a public property on |
|
Exposing the internal trusted value is what $sce.valueOf does, and it returns non-sce types as-is. It's part of the public interface of the $sce, so I think it's the right tool here. (code: https://github.com/angular/angular.js/blob/master/src/ng/sce.js#L330) |
Custom $sce implementations might not have a `toString()`, or it might be compiled away in non-debug mode. Deep watching the object is the correct fix with Angular's regular watch semantics. The performance of this should be equivalent - `toString()` on objects usually touches all fields, so a deep object watch will be in the same ballpark, except that it avoids the (potentially big) string allocation.
|
@gkalpak you're right re performance, assuming most of the time the string return is reference identical and we don't need to compare a (potentially long) string, we should be fine. But it should be a wash indeed, and the updated PR should have the same characteristics as before. @rjamet thanks for the tip with |
mprobst
force-pushed
the
deep-equal-ng.html
branch
from
8063521 to
f247b0d
Compare
|
LGTM |
…instead of `toString()`) Custom `$sce` implementations might not provide a `toString()` method on the wrapped object, or it might be compiled away in non-debug mode. Watching the unwrapped value (retrieved using `$sce.valueOf()`) fixes the problem. The performance of this should be equivalent - `toString()` on objects usually touches all fields, plus we will also avoid the (potentially big) string allocation. Fixes #14526 Closes #14527
…instead of `toString()`) Custom `$sce` implementations might not provide a `toString()` method on the wrapped object, or it might be compiled away in non-debug mode. Watching the unwrapped value (retrieved using `$sce.valueOf()`) fixes the problem. The performance of this should be equivalent - `toString()` on objects usually touches all fields, plus we will also avoid the (potentially big) string allocation. Fixes #14526 Closes #14527
|
I tweaked the commit message a bit (because it was describing the previous approach with deep-watching) and merged. |
|
Thanks @gkalpak! |
Custom $sce implementations might not have a
toString(), or it might becompiled away in non-debug mode. Deep watching the object is the correct fix
with Angular's regular watch semantics.
The performance of this should be equivalent -
toString()on objects usuallytouches all fields, so a deep object watch will be in the same ballpark, except
that it avoids the (potentially big) string allocation.
Fixes #14526.