Skip to content

Commit 5663368

Browse files
Carlo s A. GuillenCameron Knight
Carlo s A. Guillen
authored and
Cameron Knight
committed
docs(CHANGELOG.md): add changes for 1.3.0-beta.14 and 1.2.19
1 parent 6103310 commit 5663368

File tree

1 file changed

+232
-0
lines changed

1 file changed

+232
-0
lines changed

CHANGELOG.md

+232
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,235 @@
1+
<a name="1.3.0-beta.14"></a>
2+
# 1.3.0-beta.14 harmonious-cacophonies (2014-06-30)
3+
4+
5+
This release contains security fixes for $parse that prevent arbitrary code execution via Angular
6+
expressions under some very specific conditions. The only applications affected by these
7+
vulnerabilities are those that match all of the following conditions:
8+
9+
- application mixes server-side and client-side templating
10+
- the server-side templating contains XSS vulnerabilities
11+
- the vulnerabilities in the server-side templating are being guarded by server-side XSS filters or
12+
on the client-side via [CSP](http://en.wikipedia.org/wiki/Content_Security_Policy)
13+
- the server-side XSS vulnerabilities can be used to augment the client-side template processed by
14+
Angular
15+
16+
Applications not meeting all of the conditions are not vulnerable.
17+
18+
This fix is in both 1.3.0-beta.14 and 1.2.19 release.
19+
20+
The Angular team would like to thank [Jann Horn](http://thejh.net) for reporting these
21+
vulnerabilities via [security@angularjs.org].
22+
23+
24+
25+
## Bug Fixes
26+
27+
- **$compile:** bind ng-attr-* even if unbound attribute follows ng-attr-*
28+
([8b0258d8](https://github.com/angular/angular.js/commit/8b0258d878cac20cd25c0958fd6e136a08b97df6),
29+
[#7739](https://github.com/angular/angular.js/issues/7739))
30+
- **$http:**
31+
- should not read statusText on IE<10 when request is aborted
32+
([31ae3e71](https://github.com/angular/angular.js/commit/31ae3e71647eadbbe1df40f9dedb55e1e0715f98))
33+
- add the PATCH shortcut back
34+
([b28b5caa](https://github.com/angular/angular.js/commit/b28b5caab1529b3970f10f0a4de43c0c975e3886),
35+
[#5894](https://github.com/angular/angular.js/issues/5894))
36+
- **$injector:** check if a fn is an array explicitly
37+
([b1a6baac](https://github.com/angular/angular.js/commit/b1a6baac2de84a1ecdc000085e8bbd016eb5c100),
38+
[#7904](https://github.com/angular/angular.js/issues/7904), [#2653](https://github.com/angular/angular.js/issues/2653))
39+
- **$interval:** when canceling, use clearInterval from $window instead of global scope.
40+
([a4904c0f](https://github.com/angular/angular.js/commit/a4904c0f83838222b98a875c56779a7f1a4a650a))
41+
- **$parse:**
42+
- prevent invocation of Function's bind, call and apply
43+
([77ada4c8](https://github.com/angular/angular.js/commit/77ada4c82d6b8fc6d977c26f3cdb48c2f5fbe5a5))
44+
- forbid __proto__ properties in angular expressions
45+
([6081f207](https://github.com/angular/angular.js/commit/6081f20769e64a800ee8075c168412b21f026d99))
46+
- forbid __{define,lookup}{Getter,Setter}__ properties
47+
([48fa3aad](https://github.com/angular/angular.js/commit/48fa3aadd546036c7e69f71046f659ab1de244c6))
48+
- forbid referencing Object in angular expressions
49+
([528be29d](https://github.com/angular/angular.js/commit/528be29d1662122a34e204dd607e1c0bd9c16bbc))
50+
- handle constants as one-time binding expressions
51+
([d9763f1b](https://github.com/angular/angular.js/commit/d9763f1bd355190b9d4e5723e4632cbc232f0543),
52+
[#7970](https://github.com/angular/angular.js/issues/7970))
53+
- **$timeout/$interval:** if invokeApply is false, do not use evalAsync
54+
([19b6b343](https://github.com/angular/angular.js/commit/19b6b3433ae9f8523cbc72ae97dbcf0c06960148),
55+
[#7999](https://github.com/angular/angular.js/issues/7999), [#7103](https://github.com/angular/angular.js/issues/7103))
56+
- **Angular:** nodeName should always be lowercase
57+
([dafb8a3c](https://github.com/angular/angular.js/commit/dafb8a3cd12e7c3247838f536c25eb796331658d),
58+
[#3987](https://github.com/angular/angular.js/issues/3987))
59+
- **Angular.copy:** preserve prototype chain when copying objects
60+
([b59b04f9](https://github.com/angular/angular.js/commit/b59b04f98a0b59eead53f6a53391ce1bbcbe9b57),
61+
[#5063](https://github.com/angular/angular.js/issues/5063), [#3767](https://github.com/angular/angular.js/issues/3767), [#4996](https://github.com/angular/angular.js/issues/4996))
62+
- **core:** drop the toBoolean function
63+
([bdfc9c02](https://github.com/angular/angular.js/commit/bdfc9c02d021e08babfbc966a007c71b4946d69d),
64+
[#3969](https://github.com/angular/angular.js/issues/3969), [#4277](https://github.com/angular/angular.js/issues/4277), [#7960](https://github.com/angular/angular.js/issues/7960))
65+
- **injector:** allow multiple loading of function modules
66+
([2f0a4488](https://github.com/angular/angular.js/commit/2f0a4488731fdb0e8217325dbb52a576defd09bd),
67+
[#7255](https://github.com/angular/angular.js/issues/7255))
68+
- **input:**
69+
- improve html5 validation support
70+
([1f6a5a1a](https://github.com/angular/angular.js/commit/1f6a5a1a9255a2db19a1ea4c04cdbcdbb2850b6c),
71+
[#7936](https://github.com/angular/angular.js/issues/7936), [#7937](https://github.com/angular/angular.js/issues/7937))
72+
- escape forward slash in email regexp
73+
([b775e2bc](https://github.com/angular/angular.js/commit/b775e2bca1093e9df62a269b5bda968555ea0ded),
74+
[#7938](https://github.com/angular/angular.js/issues/7938))
75+
- **jqLite:**
76+
- never add to the cache for non-element/document nodes
77+
([91754a76](https://github.com/angular/angular.js/commit/91754a76e0ef9a7456a5b9819d1c5807c0a575bb),
78+
[#7966](https://github.com/angular/angular.js/issues/7966))
79+
- don't attach event handlers to comments or text nodes
80+
([462dbb20](https://github.com/angular/angular.js/commit/462dbb2016a218d84760b6da171f1b15c9e416c3),
81+
[#7913](https://github.com/angular/angular.js/issues/7913), [#7942](https://github.com/angular/angular.js/issues/7942))
82+
- convert NodeList to an Array to make PhantomJS 1.x happy
83+
([ceaea861](https://github.com/angular/angular.js/commit/ceaea861ebec957c99bbca6fd88ed33fbc15afbf),
84+
[#7851](https://github.com/angular/angular.js/issues/7851))
85+
- **numberFilter:** correctly round fractions despite floating-point arithmetics issues in JS
86+
([189cd064](https://github.com/angular/angular.js/commit/189cd064feeb710fe54ee2ca83449b3eaf82b403),
87+
[#7870](https://github.com/angular/angular.js/issues/7870), [#7878](https://github.com/angular/angular.js/issues/7878))
88+
- **testabilityPatch:** fix invocations of angular.mock.dump
89+
([e8e07502](https://github.com/angular/angular.js/commit/e8e07502776e48bf48b83a836f7422d164cbb1d7))
90+
91+
92+
## Features
93+
94+
- **NgModel:**
95+
- port the email input type to use the validators pipeline
96+
([67379242](https://github.com/angular/angular.js/commit/6737924210570e8369ab72415e3098c6df4d3f6b))
97+
- port the URL input type to use the validators pipeline
98+
([3ee65730](https://github.com/angular/angular.js/commit/3ee65730639fc61d76e1055a6ca74e35eb48b838))
99+
- **jqLite:** support isDefaultPrevented for triggerHandler dummies
100+
([7e71acd1](https://github.com/angular/angular.js/commit/7e71acd1781ed44a7306d94338388c90f4420a24),
101+
[#8008](https://github.com/angular/angular.js/issues/8008))
102+
103+
104+
## Performance Improvements
105+
106+
- **forEach:** use native for loop instead of forEach for Arrays
107+
([36625de0](https://github.com/angular/angular.js/commit/36625de0d3ebc1fc091af474d942c6ce16b0a1c0))
108+
109+
110+
## Breaking Changes
111+
112+
- **$parse:**
113+
- due to [77ada4c8](https://github.com/angular/angular.js/commit/77ada4c82d6b8fc6d977c26f3cdb48c2f5fbe5a5),
114+
115+
You can no longer invoke .bind, .call or .apply on a function in angular expressions.
116+
This is to disallow changing the behaviour of existing functions
117+
in an unforseen fashion.
118+
- due to [6081f207](https://github.com/angular/angular.js/commit/6081f20769e64a800ee8075c168412b21f026d99),
119+
120+
The (deprecated) __proto__ propery does not work inside angular expressions
121+
anymore.
122+
- due to [48fa3aad](https://github.com/angular/angular.js/commit/48fa3aadd546036c7e69f71046f659ab1de244c6),
123+
124+
This prevents the use of __{define,lookup}{Getter,Setter}__ inside angular
125+
expressions. If you really need them for some reason, please wrap/bind them to make them
126+
less dangerous, then make them available through the scope object.
127+
- due to [528be29d](https://github.com/angular/angular.js/commit/528be29d1662122a34e204dd607e1c0bd9c16bbc),
128+
129+
This prevents the use of `Object` inside angular expressions.
130+
If you need Object.keys, make it accessible in the scope.
131+
- **Angular.copy:** due to [b59b04f9](https://github.com/angular/angular.js/commit/b59b04f98a0b59eead53f6a53391ce1bbcbe9b57),
132+
133+
134+
This changes `angular.copy` so that it applies the prototype of the original
135+
object to the copied object. Previously, `angular.copy` would copy properties
136+
of the original object's prototype chain directly onto the copied object.
137+
138+
This means that if you iterate over only the copied object's `hasOwnProperty`
139+
properties, it will no longer contain the properties from the prototype.
140+
This is actually much more reasonable behaviour and it is unlikely that
141+
applications are actually relying on this.
142+
143+
If this behaviour is relied upon, in an app, then one should simply iterate
144+
over all the properties on the object (and its inherited properties) and
145+
not filter them with `hasOwnProperty`.
146+
147+
**Be aware that this change also uses a feature that is not compatible with
148+
IE8.** If you need this to work on IE8 then you would need to provide a polyfill
149+
for `Object.create` and `Object.getPrototypeOf`.
150+
- **core:** due to [bdfc9c02](https://github.com/angular/angular.js/commit/bdfc9c02d021e08babfbc966a007c71b4946d69d),
151+
values 'f', '0', 'false', 'no', 'n', '[]' are no longer
152+
treated as falsy. Only JavaScript falsy values are now treated as falsy by the
153+
expression parser; there are six of them: false, null, undefined, NaN, 0 and "".
154+
155+
Closes #3969
156+
Closes #4277
157+
Closes #7960
158+
159+
<a name="1.2.19"></a>
160+
# 1.2.19 precognitive-flashbacks (2014-06-30)
161+
162+
163+
164+
## Bug Fixes
165+
166+
- **$compile:** bind ng-attr-* even if unbound attribute follows ng-attr-*
167+
([ed59370d](https://github.com/angular/angular.js/commit/ed59370d805a88c9ac012a8e417faf2a9f902776))
168+
- **$http:** should not read statusText on IE<10 when request is aborted
169+
([0c80df21](https://github.com/angular/angular.js/commit/0c80df21b66f4b147b6b55c27ad794be5802b411))
170+
- **$injector:** check if a fn is an array explicitly
171+
([67c11b9a](https://github.com/angular/angular.js/commit/67c11b9a3914a24aaf72f36bbe038ba5efa7ddf3),
172+
[#7904](https://github.com/angular/angular.js/issues/7904), [#2653](https://github.com/angular/angular.js/issues/2653))
173+
- **$interval:** when canceling, use clearInterval from $window instead of global scope.
174+
([f780ccfa](https://github.com/angular/angular.js/commit/f780ccfa1c9a8d4c6191b0756ff77dc5749cf8c5))
175+
- **$parse:**
176+
- make the window check in ensureSafeObject IE8 friendly
177+
([ba62e975](https://github.com/angular/angular.js/commit/ba62e975f1a0cebf08dedbb1501f72b166af66db))
178+
- prevent invocation of Function's bind, call and apply
179+
([07fa87a8](https://github.com/angular/angular.js/commit/07fa87a8a82b8be155d8c898bb79e5d9277adfb4))
180+
- forbid __proto__ properties in angular expressions
181+
([cb713e60](https://github.com/angular/angular.js/commit/cb713e6045413a25b54ad3267476fa29efd70646))
182+
- forbid __{define,lookup}{Getter,Setter}__ properties
183+
([89ca8597](https://github.com/angular/angular.js/commit/89ca8597341aa5585bcf728fa677022b7ec9c071))
184+
- forbid referencing Object in angular expressions
185+
([bc6fb7cc](https://github.com/angular/angular.js/commit/bc6fb7cc94afddcb11b94f74d13812a6be1cdb64))
186+
- **injector:** allow multiple loading of function modules
187+
([d71f16e7](https://github.com/angular/angular.js/commit/d71f16e7459f1d3705ccf47a13227d4727be9670),
188+
[#7255](https://github.com/angular/angular.js/issues/7255))
189+
- **input:**
190+
- improve html5 validation support
191+
([ab2e83c8](https://github.com/angular/angular.js/commit/ab2e83c8c8fa60ca15b1a9539a6587dc363b20f1),
192+
[#7937](https://github.com/angular/angular.js/issues/7937), [#7957](https://github.com/angular/angular.js/issues/7957))
193+
- escape forward slash in email regexp
194+
([2a45cea0](https://github.com/angular/angular.js/commit/2a45cea0baaf615b799b54897bfe40d32381e7a2),
195+
[#7938](https://github.com/angular/angular.js/issues/7938))
196+
- **jqLite:** change expando property to a more unique name
197+
([74e1cc68](https://github.com/angular/angular.js/commit/74e1cc683be315f6db05e22e185b3d27460d132a))
198+
- **numberFilter:** correctly round fractions despite floating-point arithmetics issues in JS
199+
([e5f454c8](https://github.com/angular/angular.js/commit/e5f454c8afc15336dc1faa52704a483cedfacd4a),
200+
[#7870](https://github.com/angular/angular.js/issues/7870), [#7878](https://github.com/angular/angular.js/issues/7878))
201+
- **testabilityPatch:** fix invocations of angular.mock.dump
202+
([5e944a1c](https://github.com/angular/angular.js/commit/5e944a1cf1356bd069d3616f24323a0cb3ace87c))
203+
204+
205+
## Performance Improvements
206+
207+
- **jqLite:** don't use reflection to access expandoId
208+
([a4faa5cd](https://github.com/angular/angular.js/commit/a4faa5cde722556bd41d75daf346c63a9b6962e9))
209+
210+
211+
## Breaking Changes
212+
213+
- **$parse:**
214+
- due to [07fa87a8](https://github.com/angular/angular.js/commit/07fa87a8a82b8be155d8c898bb79e5d9277adfb4),
215+
216+
You can no longer invoke .bind, .call or .apply on a function in angular expressions.
217+
This is to disallow changing the behaviour of existing functions
218+
in an unforseen fashion.
219+
- due to [cb713e60](https://github.com/angular/angular.js/commit/cb713e6045413a25b54ad3267476fa29efd70646),
220+
221+
The (deprecated) __proto__ propery does not work inside angular expressions
222+
anymore.
223+
- due to [89ca8597](https://github.com/angular/angular.js/commit/89ca8597341aa5585bcf728fa677022b7ec9c071),
224+
225+
This prevents the use of __{define,lookup}{Getter,Setter}__ inside angular
226+
expressions. If you really need them for some reason, please wrap/bind them to make them
227+
less dangerous, then make them available through the scope object.
228+
- due to [bc6fb7cc](https://github.com/angular/angular.js/commit/bc6fb7cc94afddcb11b94f74d13812a6be1cdb64),
229+
230+
This prevents the use of `Object` inside angular expressions.
231+
If you need Object.keys, make it accessible in the scope.
232+
1233
<a name="1.3.0-beta.13"></a>
2234
# 1.3.0-beta.13 idiosyncratic-numerification (2014-06-16)
3235

0 commit comments

Comments
 (0)