From 8d3bd501c41a74f2b98115359b287074f3befb2f Mon Sep 17 00:00:00 2001 From: Martin Staffa Date: Sun, 1 Jul 2018 18:13:33 +0200 Subject: [PATCH] docs(changelog, guide/Migration): add info about $sce BC in 1.7 Closes #16593 --- CHANGELOG.md | 33 ++++++++++++++++++++++++++++-- docs/content/guide/migration.ngdoc | 30 +++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b3fbcff12acd..faffba5e14a1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -448,8 +448,8 @@ This in turn affects how dirty checking treats objects that prototypally inherit from `Array` (e.g. MobX observable arrays). AngularJS will now be able to handle these objects better when copying or watching. -### **$sce** due to: - - **[1e9ead](https://github.com/angular/angular.js/commit/1e9eadcd72dbbd5c67dae8328a63e535cfa91ff9)**: handle URL sanitization through the `$sce` service +### **$sce** : + - due to **[1e9ead](https://github.com/angular/angular.js/commit/1e9eadcd72dbbd5c67dae8328a63e535cfa91ff9)**: handle URL sanitization through the `$sce` service If you use `attrs.$set` for URL attributes (a[href] and img[src]) there will no longer be any automated sanitization of the value. This is in line with other @@ -463,6 +463,35 @@ Note that values that have been passed through the `$interpolate` service within `URL` or `MEDIA_URL` will have already been sanitized, so you would not need to sanitize these values again. + - due to **[1e9ead](https://github.com/angular/angular.js/commit/1e9eadcd72dbbd5c67dae8328a63e535cfa91ff9)**: handle URL sanitization through the `$sce` service + +binding `trustAs()` and the short versions `trustAsResourceUrl()` et. al. to +`ngSrc`, `ngSrcset`, and `ngHref` will now raise an infinite digest error: + +```js + $scope.imgThumbFn = function(id) { + return $sce.trustAsResourceUrl(someService.someUrl(id)); + }; +``` + +```html + +``` +This is because the `$interpolate` service is now responsible for sanitizing +the attribute value, and its watcher receives a new object from `trustAs()` +on every digest. +To migrate, compute the trusted value only when the input value changes: + +```js + $scope.$watch('imgId', function(id) { + $scope.imgThumb = $sce.trustAsResourceUrl(someService.someUrl(id)); + }); +``` + +```html + +``` + ### **orderBy** due to: - **[1d8046](https://github.com/angular/angular.js/commit/1d804645f7656d592c90216a0355b4948807f6b8)**: consider `null` and `undefined` greater than other values diff --git a/docs/content/guide/migration.ngdoc b/docs/content/guide/migration.ngdoc index 376295665999..c48fb49f7c32 100644 --- a/docs/content/guide/migration.ngdoc +++ b/docs/content/guide/migration.ngdoc @@ -505,6 +505,36 @@ Note that values that have been passed through the `$interpolate` service within `URL` or `MEDIA_URL` will have already been sanitized, so you would not need to sanitize these values again. +
+ +Due to **[1e9ead](https://github.com/angular/angular.js/commit/1e9eadcd72dbbd5c67dae8328a63e535cfa91ff9)**, +binding {@link ng.$sce#trustAs trustAs()} and the short versions +{@link ng.$sce#trustAsResourceUrl trustAsResourceUrl()} et. al. to +{@link ng.ngSrc}, {@link ng.ngSrcset}, and {@link ng.ngHref} will now raise an infinite digest error: + +```js + $scope.imgThumbFn = function(id) { + return $sce.trustAsResourceUrl(someService.someUrl(id)); + }; +``` + +```html + +``` +This is because {@link ng.$interpolate} is now responsible for sanitizing +the attribute value, and its watcher receives a new object from `trustAs()` +on every digest. +To migrate, compute the trusted value only when the input value changes: + +```js + $scope.$watch('imgId', function(id) { + $scope.imgThumb = $sce.trustAsResourceUrl(someService.someUrl(id)); + }); +``` + +```html + +```