"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "CHANGELOG.md" between
angular.js-1.7.9.tar.gz and angular.js-1.8.0.tar.gz

About: AngularJS is a web application framework that assists with creating single-page applications that only require HTML, CSS, and JavaScript on the client side.

CHANGELOG.md  (angular.js-1.7.9):CHANGELOG.md  (angular.js-1.8.0)
<a name="1.8.0"></a>
# 1.8.0 nested-vaccination (2020-06-01)
## Bug Fixes
- **jqLite:**
- prevent possible XSS due to regex-based HTML replacement
([2df43c](https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3
b282a1287a8634acd))
## Breaking Changes
### **jqLite** due to:
- **[2df43c](https://github.com/angular/angular.js/commit/2df43c07779137d1bddf
7f3b282a1287a8634acd)**: prevent possible XSS due to regex-based HTML replacemen
t
JqLite no longer turns XHTML-like strings like `<div /><span />` to sibling elem
ents `<div></div><span></span>`
when not in XHTML mode. Instead it will leave them as-is. The browser, in non-XH
TML mode, will convert these to:
`<div><span></span></div>`.
This is a security fix to avoid an XSS vulnerability if a new jqLite element is
created from a user-controlled HTML string.
If you must have this functionality and understand the risk involved then it is
posible to restore the original behavior by calling
```js
angular.UNSAFE_restoreLegacyJqLiteXHTMLReplacement();
```
But you should adjust your code for this change and remove your use of this func
tion as soon as possible.
Note that this only patches jqLite. If you use jQuery 3.5.0 or newer, please rea
d the [jQuery 3.5 upgrade guide](https://jquery.com/upgrade-guide/3.5/) for more
details about the workarounds.
<a name="1.7.9"></a> <a name="1.7.9"></a>
# 1.7.9 pollution-eradication (2019-11-19) # 1.7.9 pollution-eradication (2019-11-19)
## Bug Fixes ## Bug Fixes
- **angular.merge:** do not merge __proto__ property - **angular.merge:** do not merge __proto__ property
([726f49](https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cf d5e2e592841db743a)) ([726f49](https://github.com/angular/angular.js/commit/726f49dcf6c23106ddaf5cf d5e2e592841db743a))
<br>(Thanks to the [Snyk Security Research Team](https://snyk.io/blog/snyk-res earch-team-discovers-severe-prototype-pollution-security-vulnerabilities-affecti ng-all-versions-of-lodash/) for identifyng this issue.)
- **ngStyle:** correctly remove old style when new style value is invalid - **ngStyle:** correctly remove old style when new style value is invalid
([5edd25](https://github.com/angular/angular.js/commit/5edd25364f617083363dc2b d61f9230b38267578), ([5edd25](https://github.com/angular/angular.js/commit/5edd25364f617083363dc2b d61f9230b38267578),
[#16860](https://github.com/angular/angular.js/issues/16860), [#16860](https://github.com/angular/angular.js/issues/16860),
[#16868](https://github.com/angular/angular.js/issues/16868)) [#16868](https://github.com/angular/angular.js/issues/16868))
<a name="1.7.8"></a> <a name="1.7.8"></a>
# 1.7.8 enthusiastic-oblation (2019-03-11) # 1.7.8 enthusiastic-oblation (2019-03-11)
## Bug Fixes ## Bug Fixes
- **required:** correctly validate required on non-input element surrounded by n gIf - **required:** correctly validate required on non-input element surrounded by n gIf
 End of changes. 2 change blocks. 
0 lines changed or deleted 40 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)