Skip to content
Permalink
master
Switch branches/tags
Go to file
- Remove stray backtick.
- Add missing preposition (`identical` --> `identical to`).
- Remove 1.8.1 change from the 1.8.2 section.

Closes #17093
42 contributors

Users who have contributed to this file

@IgorMinar @petebacondarwin @mhevery @gkalpak @Narretz @matsko @btford @caitp @jeffbcross @vojtajina @tbosch @pkozlowski-opensource
17967 lines (14236 sloc) 938 KB

1.8.2 meteoric-mining (2020-10-21)

Bug Fixes

  • $sceDelegate: ensure that resourceUrlWhitelist() is identical to trustedResourceUrlList() (e41f01, #17090)

1.8.1 mutually-supporting (2020-09-30)

Bug Fixes

  • $sanitize: do not trigger CSP alert/report in Firefox and Chrome (2fab3d)

Refactorings

  • SanitizeUriProvider: remove usages of whitelist (76738102)
  • httpProvider: remove usages of whitelist and blacklist (c953af6b)
  • sceDelegateProvider: remove usages of whitelist and blacklist (a206e267)

Deprecation Notices

For the purposes of backward compatibility, the previous symbols are aliased to their new symbol.

1.8.0 nested-vaccination (2020-06-01)

This release contains a breaking change to resolve a security issue which was discovered by Krzysztof Kotowicz(@koto); and independently by Esben Sparre Andreasen (@esbena) while performing a Variant Analysis of CVE-2020-11022 which itself was found and reported by Masato Kinugawa (@masatokinugawa).

Bug Fixes

  • jqLite:
    • prevent possible XSS due to regex-based HTML replacement (2df43c)

Breaking Changes

jqLite due to:

  • 2df43c: prevent possible XSS due to regex-based HTML replacement

JqLite no longer turns XHTML-like strings like <div /><span /> to sibling elements <div></div><span></span> when not in XHTML mode. Instead it will leave them as-is. The browser, in non-XHTML mode, will convert these to: <div><span></span></div>.

This is a security fix to avoid an XSS vulnerability if a new jqLite element is created from a user-controlled HTML string. If you must have this functionality and understand the risk involved then it is posible to restore the original behavior by calling

angular.UNSAFE_restoreLegacyJqLiteXHTMLReplacement();

But you should adjust your code for this change and remove your use of this function as soon as possible.

Note that this only patches jqLite. If you use jQuery 3.5.0 or newer, please read the jQuery 3.5 upgrade guide for more details about the workarounds.

1.7.9 pollution-eradication (2019-11-19)

Bug Fixes

1.7.8 enthusiastic-oblation (2019-03-11)

Bug Fixes

  • required: correctly validate required on non-input element surrounded by ngIf (a4c7bd, #16830, #16836)

1.7.7 kingly-exiting (2019-02-04)

Bug Fixes

  • ngRequired: set error correctly when inside ngRepeat and false by default (5ad4f5, #16814, #16820)

1.7.6 gravity-manipulation (2019-01-17)

Bug Fixes

  • $compile: fix ng-prop-* with undefined values (772440, #16797, #16798)
  • compile: properly handle false value for boolean attrs with jQuery (27486b, #16778, #16779)
  • ngRepeat:
    • fix reference to last collection value remaining across linkages (cf919a)
    • fix trackBy function being invoked with incorrect scope (d4d103, #16776, #16777)
  • aria/ngClick: check if element is contenteditable before blocking spacebar (289374, #16762)
  • input: prevent browsers from autofilling hidden inputs (7cbb10)
  • Angular: add workaround for Safari / Webdriver problem (eb49f6)
  • $browser: normalize inputted URLs (2f72a6, #16606)
  • interpolate: do not create directives for constant media URL attributes (90a41d, #16734)
  • $q: allow third-party promise libraries (eefaa7, #16164, #16471)
  • urlUtils: make IPv6 URL's hostname wrapped in square brackets in IE/Edge (0e1bd7, #16692, #16715)
  • ngAnimateSwap: make it compatible with ngIf on the same element (b27080, #16616, #16729)
  • ngMock: make matchLatestDefinitionEnabled work (3cdffc, #16702)
  • ngStyle: skip setting empty value when new style has the property (d6098e, #16709)

Performance Improvements

1.7.5 anti-prettification (2018-10-04)

Bug Fixes

1.7.4 interstellar-exploration (2018-09-07)

Bug Fixes

  • ngAria.ngClick: prevent default event on space/enter only for non-interactive elements (61b335, #16664, #16680)
  • ngAnimate: remove the "prepare" classes with multiple structural animations (3105b2, #16681, #16677)
  • $route: correctly extract path params if the path contains a question mark or a hash (2ceeb7)
  • ngHref: allow numbers and other objects in interpolation (30084c, #16652, #16626)
  • select: allow to select first option with value undefined (668a33, #16653, #16656)

1.7.3 eventful-proposal (2018-08-03)

Bug Fixes

  • $location:
  • ngMock.$httpBackend:
  • Angular: add workaround for Safari / Webdriver problem (0a1db2, #16645)
  • $animate: avoid memory leak with $animate.enabled(element, enabled) (4bd424, #16649)
  • $compile:
  • ngEventDirs:
    • pass error in handler to $exceptionHandler when event was triggered in a digest (688211)
    • don't wrap the event handler in $apply if already in $digest (535ee3, #14673, #14674)
  • angular.element: do not break on cleanData() if _data() returns undefined (7cf4a2, #16641, #16642)
  • ngAria: do not scroll when pressing spacebar on custom buttons (3a517c, #14665, #16604)

New Features

Performance Improvements

  • ngAnimate: avoid repeated calls to addClass/removeClass when animation has no duration (093635, #14165, #14166, #16613)

1.7.2 extreme-compatiplication (2018-06-12)

In the previous release, we removed a private, undocumented API that was no longer used by AngularJS. It turned out that several popular UI libraries (such as AngularJS Material, UI Bootstrap, ngDialog and probably others) relied on that API.

In order to avoid unnecessary pain for developers, this release reverts the removal of the private API and restores compatibility of the aforementioned libraries with the latest AngularJS.

Reverts

1.7.1 momentum-defiance (2018-06-08)

Bug Fixes

New Features

1.7.0 nonexistent-physiology (2018-05-11)

Here are the full changes for the release of 1.7.0 that are not already released in the 1.6.x branch, which includes commits from 1.7.0-rc.0 and commits from 1.7.0 directly.

1.7.0 is the last scheduled release of AngularJS that includes breaking changes. 1.7.x patch releases will continue to receive bug fixes and non-breaking features until AngularJS enters Long Term Support mode (LTS) on July 1st 2018.

Bug Fixes

  • input:
  • input[number]: validate min/max against viewValue (aa3f95, #12761, #16325)
  • input[date]: correctly parse 2-digit years (627180, #16537, #16539)
  • jqLite: make removeData() not remove event handlers (b7d396, #15869, #16512)
  • $compile:
    • remove the preAssignBindingsEnabled flag (38f8c9, #15782)
    • add base[href] to the list of RESOURCE_URL context attributes (1cf728, #15597)
  • $interval: throw when trying to cancel non-$interval promise (a8bef9, #16424, #16476)
  • $timeout: throw when trying to cancel non-$timeout promise (336525, #16424, #16476)
  • $cookies: remove the deprecated $cookieStore factory (73c646, #16465)
  • $resource: fix interceptors and success/error callbacks (ea0585, #6731, #9334, #6865, #16446)
  • $templateRequest:
    • give tpload error the correct namespace (c617d6)
    • always return the template that is stored in the cache (fb0099, #16225)
  • $animate: let cancel() reject the runner promise (16b82c, #14204, #16373)
  • ngTouch:
  • ngScenario: completely remove the angular scenario runner (0cd392, #9405)
  • form: set $submitted to true on child forms when parent is submitted (223de5, #10071)
  • $rootScope:
    • provide correct value of one-time bindings in watchGroup (c2b8fa)
    • don't allow explicit digest calls to affect $evalAsync (02c046, #15127, #15494)
  • ngAria: do not set aria attributes on input[type="hidden"] (6d5ef3, #15113, #16367)
  • ngModel, input: improve handling of built-in named parsers (74b04c, #14292, #10076, #16347)
  • $httpParamSerializerJQLike:
  • $parse:
    • do not pass scope/locals to interceptors of one-time bindings (87a586)
    • always pass the intercepted value to watchers (2ee503, #16021)
    • respect the interceptor.$stateful flag (de7403)
  • Angular: remove angular.lowercase and angular.uppercase (1daa4f, #15445)
  • $controller: remove instantiating controllers defined on window (e269c1, #15349, #15762)

New Features

  • angular.isArray: support Array subclasses in angular.isArray() (e3ece2, #15533, #15541)
  • $sce: handle URL sanitization through the $sce service (1e9ead)
  • orderBy: consider null and undefined greater than other values (1d8046, #15294, #16376)
  • $resource: add support for request and requestError interceptors (#15674) (240a3d, #5146)
  • ngModelOptions: add debounce catch-all + allow debouncing 'default' only (55ba44, #15411, #16335)
  • $compile: lower the xlink:href security context for SVG's a and image elements (6ccbfa, #15736)

Performance Improvements

  • $rootScope: allow $watchCollection use of expression input watching (97b00c)
  • ngStyle: use $watchCollection (15bbd3, #15947)
  • $compile: do not use deepWatch in literal one-way bindings (fd4f01, #15301)

Breaking Changes

jqLite due to:

  • b7d396: make removeData() not remove event handlers

Before this commit removeData() invoked on an element removed its event handlers as well. If you want to trigger a full cleanup of an element, change:

elem.removeData();

to:

angular.element.cleanData(elem);

In most cases, though, cleaning up after an element is supposed to be done only when it's removed from the DOM as well; in such cases the following:

elem.remove();

will remove event handlers as well.

$cookies due to:

  • 73c646: remove the deprecated $cookieStore factory

The $cookieStore has been removed. Migrate to the $cookies service. Note that for object values you need to use the putObject & getObject methods as get/put will not correctly save/retrieve them.

Before:

$cookieStore.put('name', {key: 'value'});
$cookieStore.get('name'); // {key: 'value'}
$cookieStore.remove('name');

After:

$cookies.putObject('name', {key: 'value'});
$cookies.getObject('name'); // {key: 'value'}
$cookies.remove('name');

$resource due to:

  • ea0585: fix interceptors and success/error callbacks

If you are not using success or error callbacks with $resource, your app should not be affected by this change.

If you are using success or error callbacks (with or without response interceptors), one (subtle) difference is that throwing an error inside the callbacks will not propagate to the returned $promise. Therefore, you should try to use the promises whenever possible. E.g.:

// Avoid
User.query(function onSuccess(users) { throw new Error(); }).
  $promise.
  catch(function onError() { /* Will not be called. */ });

// Prefer
User.query().
  $promise.
  then(function onSuccess(users) { throw new Error(); }).
  catch(function onError() { /* Will be called. */ });

Finally, if you are using success or error callbacks with response interceptors, the callbacks will now always run after the interceptors (and wait for them to resolve in case they return a promise). Previously, the error callback was called before the responseError interceptor and the success callback was synchronously called after the response interceptor. E.g.:

var User = $resource('/api/users/:id', {id: '@id'}, {
  get: {
    method: 'get',
    interceptor: {
      response: function(response) {
        console.log('responseInterceptor-1');
        return $timeout(1000).then(function() {
          console.log('responseInterceptor-2');
          return response.resource;
        });
      },
      responseError: function(response) {
        console.log('responseErrorInterceptor-1');
        return $timeout(1000).then(function() {
          console.log('responseErrorInterceptor-2');
          return $q.reject('Ooops!');
        });
      }
    }
  }
});
var onSuccess = function(value) { console.log('successCallback', value); };
var onError = function(error) { console.log('errorCallback', error); };

// Assuming the following call is successful...
User.get({id: 1}, onSuccess, onError);
  // Old behavior:
  //   responseInterceptor-1
  //   successCallback, {/* Promise object */}
  //   responseInterceptor-2
  // New behavior:
  //   responseInterceptor-1
  //   responseInterceptor-2
  //   successCallback, {/* User object */}

// Assuming the following call returns an error...
User.get({id: 2}, onSuccess, onError);
  // Old behavior:
  //   errorCallback, {/* Response object */}
  //   responseErrorInterceptor-1
  //   responseErrorInterceptor-2
  // New behavior:
  //   responseErrorInterceptor-1
  //   responseErrorInterceptor-2
  //   errorCallback, Ooops!
  • 240a3d: add support for request and requestError interceptors (#15674)

Previously, calling a $resource method would synchronously call $http. Now, it will be called asynchronously (regardless if a request/requestError interceptor has been defined.

This is not expected to affect applications at runtime, since the overall operation is asynchronous already, but may affect assertions in tests. For example, if you want to assert that $http has been called with specific arguments as a result of a $resource call, you now need to run a $digest first, to ensure the (possibly empty) request interceptor promise has been resolved.

Before:

it('...', function() {
  $httpBackend.expectGET('/api/things').respond(...);
  var Things = $resource('/api/things');
  Things.query();

  expect($http).toHaveBeenCalledWith(...);
});

After:

it('...', function() {
  $httpBackend.expectGET('/api/things').respond(...);
  var Things = $resource('/api/things');
  Things.query();
  $rootScope.$digest();

  expect($http).toHaveBeenCalledWith(...);
});

$templateRequest:

  • due to c617d6: give tpload error the correct namespace

Previously the tpload error was namespaced to $compile. If you have code that matches errors of the form [$compile:tpload] it will no longer run. You should change the code to match [$templateRequest:tpload].

  • due to (fb0099: always return the template that is stored in the cache

The service now returns the result of $templateCache.put() when making a server request to the template. Previously it would return the content of the response directly. This now means if you are decorating $templateCache.put() to manipulate the template, you will now get this manipulated result also on the first $templateRequest rather than only on subsequent calls (when the template is retrived from the cache). In practice this should not affect any apps, as it is unlikely that they rely on the template being different in the first and subsequent calls.

$animate due to:

  • 16b82c: let cancel() reject the runner promise

$animate.cancel(runner) now rejects the underlying promise and calls the catch() handler on the runner returned by $animate functions (enter, leave, move, addClass, removeClass, setClass, animate). Previously it would resolve the promise as if the animation had ended successfully.

Example:

var runner = $animate.addClass('red');
runner.then(function() { console.log('success')});
runner.catch(function() { console.log('cancelled')});

runner.cancel();

Pre-1.7.0, this logs 'success', 1.7.0 and later it logs 'cancelled'. To migrate, add a catch() handler to your animation runners.

angular.isArray due to:

  • e3ece2: support Array subclasses in angular.isArray()

Previously, angular.isArray() was an alias for Array.isArray(). Therefore, objects that prototypally inherit from Array where not considered arrays. Now such objects are considered arrays too.

This change affects several other methods that use angular.isArray() under the hood, such as angular.copy(), angular.equals(), angular.forEach(), and angular.merge().

This in turn affects how dirty checking treats objects that prototypally inherit from Array (e.g. MobX observable arrays). AngularJS will now be able to handle these objects better when copying or watching.

$sce :

  • due to 1e9ead: handle URL sanitization through the $sce service

If you use attrs.$set for URL attributes (a[href] and img[src]) there will no longer be any automated sanitization of the value. This is in line with other programmatic operations, such as writing to the innerHTML of an element.

If you are programmatically writing URL values to attributes from untrusted input then you must sanitize it yourself. You could write your own sanitizer or copy the private $$sanitizeUri service.

Note that values that have been passed through the $interpolate service within the URL or MEDIA_URL will have already been sanitized, so you would not need to sanitize these values again.

  • due to 1e9ead: handle URL sanitization through the $sce service

binding trustAs() and the short versions (trustAsResourceUrl() et al.) to ngSrc, ngSrcset, and ngHref will now raise an infinite digest error:

  $scope.imgThumbFn = function(id) {
    return $sce.trustAsResourceUrl(someService.someUrl(id));
  };
  <img ng-src="{{imgThumbFn(imgId)}}">

This is because the $interpolate service is now responsible for sanitizing the attribute value, and its watcher receives a new object from trustAs() on every digest. To migrate, compute the trusted value only when the input value changes:

  $scope.$watch('imgId', function(id) {
    $scope.imgThumb = $sce.trustAsResourceUrl(someService.someUrl(id));
  });
  <img ng-src="{{imgThumb}}">

orderBy due to:

  • 1d8046: consider null and undefined greater than other values

When using orderBy to sort arrays containing null values, the null values will be considered "greater than" all other values, except for undefined. Previously, they were sorted as strings. This will result in different (but more intuitive) sorting order.

Before:

orderByFilter(['a', undefined, 'o', null, 'z']);
//--> 'a', null, 'o', 'z', undefined

After:

orderByFilter(['a', undefined, 'o', null, 'z']);
//--> 'a', 'o', 'z', null, undefined

ngScenario due to:

  • 0cd392: completely remove the angular scenario runner

The angular scenario runner end-to-end test framework has been removed from the project and will no longer be available on npm or bower starting with 1.7.0. It was deprecated and removed from the documentation in 2014. Applications that still use it should migrate to Protractor. Technically, it should also be possible to continue using an older version of the scenario runner, as the underlying APIs have not changed. However, we do not guarantee future compatibility.

form due to:

  • 223de5: set $submitted to true on child forms when parent is submitted

Forms will now set $submitted on child forms when they are submitted. For example:

<form name="parentform" ng-submit="$ctrl.submit()">
  <ng-form name="childform">
    <input type="text" name="input" ng-model="my.model" />
  </ng-form>
  <input type="submit" />
</form>

Submitting this form will set $submitted on "parentform" and "childform". Previously, it was only set on "parentform".

This change was introduced because mixing form and ngForm does not create logically separate forms, but rather something like input groups. Therefore, child forms should inherit the submission state from their parent form.

ngAria due to:

  • 6d5ef3: do not set aria attributes on input[type="hidden"]

ngAria no longer sets aria-* attributes on input[type="hidden"] with ngModel. This can affect apps that test for the presence of aria attributes on hidden inputs. To migrate, remove these assertions. In actual apps, this should not have a user-facing effect, as the previous behavior was incorrect, and the new behavior is correct for accessibility.

ngModel, input due to:

  • 74b04c: improve handling of built-in named parsers

Custom parsers that fail to parse on input types "email", "url", "number", "date", "month", "time", "datetime-local", "week", do no longer set ngModelController.$error[inputType], and the ng-invalid-[inputType] class. Also, custom parsers on input type "range" do no longer set ngModelController.$error.number and the ng-invalid-number class.

Instead, any custom parsers on these inputs set ngModelController.$error.parse and ng-invalid-parse. This change was made to make distinguishing errors from built-in parsers and custom parsers easier.

ngModelOptions due to:

  • 55ba44: add debounce catch-all + allow debouncing 'default' only

the 'default' key in 'debounce' now only debounces the default event, i.e. the event that is added as an update trigger by the different input directives automatically.

Previously, it also applied to other update triggers defined in 'updateOn' that did not have a corresponding key in the 'debounce'.

This behavior is now supported via a special wildcard / catch-all key: '*'.

See the following example:

Pre-1.7: 'mouseup' is also debounced by 500 milliseconds because 'default' is applied:

ng-model-options="{
  updateOn: 'default blur mouseup',
  debounce: { 'default': 500, 'blur': 0 }
}

1.7: The pre-1.7 behavior can be re-created by setting '*' as a catch-all debounce value:

ng-model-options="{
  updateOn: 'default blur mouseup',
  debounce: { '*': 500, 'blur': 0 }
}

In contrast, when only 'default' is used, 'blur' and 'mouseup' are not debounced:

ng-model-options="{
  updateOn: 'default blur mouseup',
  debounce: { 'default': 500 }
}

input[number] due to:

  • aa3f95: validate min/max against viewValue

input[type=number] with ngModel now validates the input for the max/min restriction against the ngModelController.$viewValue instead of against the ngModelController.$modelValue.

This affects apps that use $parsers or $formatters to transform the input / model value.

If you rely on the $modelValue validation, you can overwrite the min/max validator from a custom directive, as seen in the following example directive definition object:

{
  restrict: 'A',
  require: 'ngModel',
  link: function(scope, element, attrs, ctrl) {
    var maxValidator = ctrl.$validators.max;

    ctrl.$validators.max = function(modelValue, viewValue) {
      return maxValidator(modelValue, modelValue);
    };
  }
}

input due to:

  • 656c8f: listen on "change" instead of "click" for radio/checkbox ngModels

input[radio] and input[checkbox] now listen to the "change" event instead of the "click" event. Most apps should not be affected, as "change" is automatically fired by browsers after "click" happens.

Two scenarios might need migration:

  • Custom click events:

Before this change, custom click event listeners on radio / checkbox would be called after the input element and ngModel had been updated, unless they were specifically registered before the built-in click handlers. After this change, they are called before the input is updated, and can call event.preventDefault() to prevent the input from updating.

If an app uses a click event listener that expects ngModel to be updated when it is called, it now needs to register a change event listener instead.

  • Triggering click events:

Conventional trigger functions:

The change event might not be fired when the input element is not attached to the document. This can happen in tests that compile input elements and trigger click events on them. Depending on the browser (Chrome and Safari) and the trigger method, the change event will not be fired when the input isn't attached to the document.

Before:

    it('should update the model', inject(function($compile, $rootScope) {
      var inputElm = $compile('<input type="checkbox" ng-model="checkbox" />')($rootScope);

      inputElm[0].click(); // Or different trigger mechanisms, such as jQuery.trigger()
      expect($rootScope.checkbox).toBe(true);
    });

With this patch, $rootScope.checkbox might not be true, because the click event hasn't triggered the change event. To make the test, work append the inputElm to the app's $rootElement, and the $rootElement to the $document.

After:

    it('should update the model', inject(function($compile, $rootScope, $rootElement, $document) {
      var inputElm = $compile('<input type="checkbox" ng-model="checkbox" />')($rootScope);

      $rootElement.append(inputElm);
      $document.append($rootElement);

      inputElm[0].click(); // Or different trigger mechanisms, such as jQuery.trigger()
      expect($rootScope.checkbox).toBe(true);
    });

triggerHandler():

If you are using this jQuery / jqLite function on the input elements, you don't have to attach the elements to the document, but instead change the triggered event to "change". This is because triggerHandler(event) only triggers the exact event when it has been added by jQuery / jqLite.

ngStyle due to:

  • 15bbd3: use $watchCollection

Previously the use of deep watch by ng-style would trigger styles to be re-applied when nested state changed. Now only changes to direct properties of the watched object will trigger changes.

$compile due to:

  • 38f8c9: remove the preAssignBindingsEnabled flag

Previously, the $compileProvider.preAssignBindingsEnabled flag was supported. The flag controlled whether bindings were available inside the controller constructor or only in the $onInit hook. The bindings are now no longer available in the constructor.

To migrate your code:

  1. If you haven't invoked $compileProvider.preAssignBindingsEnabled() you don't have to do anything to migrate.

  2. If you specified $compileProvider.preAssignBindingsEnabled(false), you can remove that statement - since AngularJS 1.6.0 this is the default so your app should still work even in AngularJS 1.6 after such removal. Afterwards, migrating to AngularJS 1.7.0 shouldn't require any further action.

  3. If you specified $compileProvider.preAssignBindingsEnabled(true) you need to first migrate your code so that the flag can be flipped to false. The instructions on how to do that are available in the "Migrating from 1.5 to 1.6" guide: https://docs.angularjs.org/guide/migration#migrating-from-1-5-to-1-6 Afterwards, remove the $compileProvider.preAssignBindingsEnabled(true) statement.

  • 6ccbfa: lower the xlink:href security context for SVG's a and image elements

In the unlikely case that an app relied on RESOURCE_URL whitelisting for the purpose of binding to the xlink:href property of SVG's <a> or <image> elements and if the values do not pass the regular URL sanitization, they will break.

To fix this you need to ensure that the values used for binding to the affected xlink:href contexts are considered safe URLs, e.g. by whitelisting them in $compileProvider's aHrefSanitizationWhitelist (for <a> elements) or imgSrcSanitizationWhitelist (for <image> elements).

  • fd4f01: do not use deepWatch in literal one-way bindings

Previously when a literal value was passed into a directive/component via one-way binding it would be watched with a deep watcher.

For example, for <my-component input="[a]">, a new instance of the array would be passed into the directive/component (and trigger $onChanges) not only if a changed but also if any sub property of a changed such as a.b or a.b.c.d.e etc.

This also means a new but equal value for a would NOT trigger such a change.

Now literal values use an input-based watch similar to other directive/component one-way bindings. In this context inputs are the non-constant parts of the literal. In the example above the input would be a. Changes are only triggered when the inputs to the literal change.

  • 1cf728: add base[href] to the list of RESOURCE_URL context attributes

Previously, <base href="{{ $ctrl.baseUrl }}" /> would not require baseUrl to be trusted as a RESOURCE_URL. Now, baseUrl will be sent to $sce's RESOURCE_URL checks. By default, it will break unless baseUrl is of the same origin as the application document.

Refer to the $sce API docs for more info on how to trust a value in a RESOURCE_URL context.

Also, concatenation in trusted contexts is not allowed, which means that the following won't work: <base href="/something/{{ $ctrl.partialPath }}" />.

Either construct complex values in a controller (recommended):

this.baseUrl = '/something/' + this.partialPath;
<base href="{{ $ctrl.baseUrl }}" />

Or use string concatenation in the interpolation expression (not recommended except for the simplest of cases):

<base href="{{ '/something/' + $ctrl.partialPath }}" />

ngTouch due to:

  • 11d9ad: remove ngClick override, $touchProvider, and $touch

The ngClick directive from the ngTouch module has been removed, and with it the corresponding $touchProvider and $touch service.

If you have included ngTouch v1.5.0 or higher in your application, and have not changed the value of $touchProvider.ngClickOverrideEnabled(), or injected and used the $touch service, then there are no migration steps for your code. Otherwise you must remove references to the provider and service.

The ngClick override directive had been deprecated and by default disabled since v1.5.0, because of buggy behavior in edge cases, and a general trend to avoid special touch based overrides of click events. In modern browsers, it should not be necessary to use a touch override library:

  • Chrome, Firefox, Edge, and Safari remove the 300ms delay when <meta name="viewport" content="width=device-width"> is set.
  • Internet Explorer 10+, Edge, Safari, and Chrome remove the delay on elements that have the touch-action css property is set to manipulation.

You can find out more in these articles: https://developers.google.com/web/updates/2013/12/300ms-tap-delay-gone-away https://developer.apple.com/library/content/releasenotes/General/WhatsNewInSafari/Articles/Safari_9_1.html#//apple_ref/doc/uid/TP40014305-CH10-SW8 https://blogs.msdn.microsoft.com/ie/2015/02/24/pointer-events-w3c-recommendation-interoperable-touch-and-removing-the-dreaded-300ms-tap-delay/

Angular due to:

  • 1daa4f: remove angular.lowercase and angular.uppercase

The helper functions angular.lowercase and angular.uppercase have been removed.

These functions have been deprecated since 1.5.0. They are internally used, but should not be exposed as they contain special locale handling (for Turkish) to maintain internal consistency regardless of user-set locale.

Developers should generally use the built-ins toLowerCase and toUpperCase or toLocaleLowerCase and toLocaleUpperCase for special cases.

Further, we generally discourage using the angular.x helpers in application code.

$controller due to:

  • e269c1: remove instantiating controllers defined on window

The option to instantiate controllers from constructors on the global window object has been removed. Likewise, the deprecated $controllerProvider.allowGlobals() method that could enable this behavior, has been removed.

This behavior had been deprecated since AngularJS v1.3.0, because polluting the global scope is bad. To migrate, remove the call to $controllerProvider.allowGlobals() in the config, and register your controller via the Module API or the $controllerProvider, e.g.

angular.module('myModule', []).controller('myController', function() {...});

angular.module('myModule', []).config(function($controllerProvider) {
  $controllerProvider.register('myController', function() {...});
});

$rootScope due to:

  • c2b8fa: provide correct value of one-time bindings in watchGroup

Previously when using $watchGroup the entries in newValues and oldValues represented the most recent change of each entry.

Now the entries in oldValues will always equal the newValues of the previous call of the listener. This means comparing the entries in newValues and oldValues can be used to determine which individual expressions changed.

For example $scope.$watchGroup(['a', 'b'], fn) would previously:

Action newValue oldValue
(init) [undefined, undefined] [undefined, undefined]
a=1 [1, undefined] [undefined, undefined]
a=2 [2, undefined] [1, undefined]
b=3 [2, 3] [1, undefined]

Now the oldValue will always equal the previous newValue:

Action newValue oldValue
(init) [undefined, undefined] [undefined, undefined]
a=1 [1, undefined] [undefined, undefined]
a=2 [2, undefined] [1, undefined]
b=3 [2, 3] [2, undefined]

Note the last call now shows a === 2 in the oldValues array.

This also makes the oldValue of one-time watchers more clear. Previously the oldValue of a one-time watcher would remain undefined forever. For example $scope.$watchGroup(['a', '::b'], fn) would previously:

Action newValue oldValue
(init) [undefined, undefined] [undefined, undefined]
a=1 [1, undefined] [undefined, undefined]
b=2 [1, 2] [undefined, undefined]
a=b=3 [3, 2] [1, undefined]

Where now the oldValue will always equal the previous newValue:

Action newValue oldValue
(init) [undefined, undefined] [undefined, undefined]
a=1 [1, undefined] [undefined, undefined]
b=2 [1, 2] [1, undefined]
a=b=3 [3, 2] [1, 2]

$interval due to:

  • a8bef9: throw when trying to cancel non-$interval promise

$interval.cancel() will throw an error if called with a promise that was not generated by $interval(). Previously, it would silently do nothing.

Before:

var promise = $interval(doSomething, 1000, 5).then(doSomethingElse);
$interval.cancel(promise);  // No error; interval NOT canceled.

After:

var promise = $interval(doSomething, 1000, 5).then(doSomethingElse);
$interval.cancel(promise);  // Throws error.

Correct usage:

var promise = $interval(doSomething, 1000, 5);
var newPromise = promise.then(doSomethingElse);
$interval.cancel(promise);  // Interval canceled.

$timeout due to:

  • 336525: throw when trying to cancel non-$timeout promise

$timeout.cancel() will throw an error if called with a promise that was not generated by $timeout(). Previously, it would silently do nothing.

Before:

var promise = $timeout(doSomething, 1000).then(doSomethingElse);
$timeout.cancel(promise);  // No error; timeout NOT canceled.

After:

var promise = $timeout(doSomething, 1000).then(doSomethingElse);
$timeout.cancel(promise);  // Throws error.

Correct usage:

var promise = $timeout(doSomething, 1000);
var newPromise = promise.then(doSomethingElse);
$timeout.cancel(promise);  // Timeout canceled.

1.7.0-rc.0 maximum-overdrive (2018-04-19)

Bug Fixes

  • input:
  • input[number]: validate min/max against viewValue (aa3f95, #12761, #16325)
  • jqLite: make removeData() not remove event handlers (b7d396, #15869, #16512)
  • $compile:
    • remove the preAssignBindingsEnabled flag (38f8c9, #15782)
    • add base[href] to the list of RESOURCE_URL context attributes (1cf728, #15597)
  • $interval: throw when trying to cancel non-$interval promise (a8bef9, #16424, #16476)
  • $timeout: throw when trying to cancel non-$timeout promise (336525, #16424, #16476)
  • $cookies: remove the deprecated $cookieStore factory (73c646, #16465)
  • $resource: fix interceptors and success/error callbacks (ea0585, #6731, #9334, #6865, #16446)
  • $templateRequest:
    • give tpload error the correct namespace (c617d6)
    • always return the template that is stored in the cache (fb0099, #16225)
  • $animate: let cancel() reject the runner promise (16b82c, #14204, #16373)
  • ngTouch:
  • ngScenario: completely remove the angular scenario runner (0cd392, #9405)
  • form: set $submitted to true on child forms when parent is submitted (223de5, #10071)
  • $rootScope:
    • provide correct value of one-time bindings in watchGroup (c2b8fa)
  • ngAria: do not set aria attributes on input[type="hidden"] (6d5ef3, #15113, #16367)
  • ngModel, input: improve handling of built-in named parsers (74b04c, #14292, #10076, #16347)
  • $httpParamSerializerJQLike:
  • $parse:
    • do not pass scope/locals to interceptors of one-time bindings (87a586)
    • always pass the intercepted value to watchers (2ee503, #16021)
    • respect the interceptor.$stateful flag (de7403)
  • Angular: remove angular.lowercase and angular.uppercase (1daa4f, #15445)
  • $controller: remove instantiating controllers defined on window (e269c1, #15349, #15762)

New Features

  • angular.isArray: support Array subclasses in angular.isArray() (e3ece2, #15533, #15541)
  • $sce: handle URL sanitization through the $sce service (1e9ead)
  • orderBy: consider null and undefined greater than other values (1d8046, #15294, #16376)
  • $resource: add support for request and requestError interceptors (#15674) (240a3d, #5146)
  • ngModelOptions: add debounce catch-all + allow debouncing 'default' only (55ba44, #15411, #16335)
  • $compile: lower the xlink:href security context for SVG's a and image elements (6ccbfa, #15736)

Performance Improvements

  • $rootScope: allow $watchCollection use of expression input watching (97b00c)
  • ngStyle: use $watchCollection (15bbd3, #15947)
  • $compile: do not use deepWatch in literal one-way bindings (fd4f01, #15301)

Breaking Changes

jqLite due to:

  • b7d396: make removeData() not remove event handlers

Before this commit removeData() invoked on an element removed its event handlers as well. If you want to trigger a full cleanup of an element, change:

elem.removeData();

to:

angular.element.cleanData(elem);

In most cases, though, cleaning up after an element is supposed to be done only when it's removed from the DOM as well; in such cases the following:

elem.remove();

will remove event handlers as well.

$cookies due to:

  • 73c646: remove the deprecated $cookieStore factory

The $cookieStore has been removed. Migrate to the $cookies service. Note that for object values you need to use the putObject & getObject methods as get/put will not correctly save/retrieve them.

Before:

$cookieStore.put('name', {key: 'value'});
$cookieStore.get('name'); // {key: 'value'}
$cookieStore.remove('name');

After:

$cookies.putObject('name', {key: 'value'});
$cookies.getObject('name'); // {key: 'value'}
$cookies.remove('name');

$resource due to:

  • ea0585: fix interceptors and success/error callbacks

If you are not using success or error callbacks with $resource, your app should not be affected by this change.

If you are using success or error callbacks (with or without response interceptors), one (subtle) difference is that throwing an error inside the callbacks will not propagate to the returned $promise. Therefore, you should try to use the promises whenever possible. E.g.:

// Avoid
User.query(function onSuccess(users) { throw new Error(); }).
  $promise.
  catch(function onError() { /* Will not be called. */ });

// Prefer
User.query().
  $promise.
  then(function onSuccess(users) { throw new Error(); }).
  catch(function onError() { /* Will be called. */ });

Finally, if you are using success or error callbacks with response interceptors, the callbacks will now always run after the interceptors (and wait for them to resolve in case they return a promise). Previously, the error callback was called before the responseError interceptor and the success callback was synchronously called after the response interceptor. E.g.:

var User = $resource('/api/users/:id', {id: '@id'}, {
  get: {
    method: 'get',
    interceptor: {
      response: function(response) {
        console.log('responseInterceptor-1');
        return $timeout(1000).then(function() {
          console.log('responseInterceptor-2');
          return response.resource;
        });
      },
      responseError: function(response) {
        console.log('responseErrorInterceptor-1');
        return $timeout(1000).then(function() {
          console.log('responseErrorInterceptor-2');
          return $q.reject('Ooops!');
        });
      }
    }
  }
});
var onSuccess = function(value) { console.log('successCallback', value); };
var onError = function(error) { console.log('errorCallback', error); };

// Assuming the following call is successful...
User.get({id: 1}, onSuccess, onError);
  // Old behavior:
  //   responseInterceptor-1
  //   successCallback, {/* Promise object */}
  //   responseInterceptor-2
  // New behavior:
  //   responseInterceptor-1
  //   responseInterceptor-2
  //   successCallback, {/* User object */}

// Assuming the following call returns an error...
User.get({id: 2}, onSuccess, onError);
  // Old behavior:
  //   errorCallback, {/* Response object */}
  //   responseErrorInterceptor-1
  //   responseErrorInterceptor-2
  // New behavior:
  //   responseErrorInterceptor-1
  //   responseErrorInterceptor-2
  //   errorCallback, Ooops!
  • 240a3d: add support for request and requestError interceptors (#15674)

Previously, calling a $resource method would synchronously call $http. Now, it will be called asynchronously (regardless if a request/requestError interceptor has been defined.

This is not expected to affect applications at runtime, since the overall operation is asynchronous already, but may affect assertions in tests. For example, if you want to assert that $http has been called with specific arguments as a result of a $resource call, you now need to run a $digest first, to ensure the (possibly empty) request interceptor promise has been resolved.

Before:

it('...', function() {
  $httpBackend.expectGET('/api/things').respond(...);
  var Things = $resource('/api/things');
  Things.query();

  expect($http).toHaveBeenCalledWith(...);
});

After:

it('...', function() {
  $httpBackend.expectGET('/api/things').respond(...);
  var Things = $resource('/api/things');
  Things.query();
  $rootScope.$digest();

  expect($http).toHaveBeenCalledWith(...);
});

$templateRequest:

  • due to c617d6: give tpload error the correct namespace

Previously the tpload error was namespaced to $compile. If you have code that matches errors of the form [$compile:tpload] it will no longer run. You should change the code to match [$templateRequest:tpload].

  • due to (fb0099: always return the template that is stored in the cache

The service now returns the result of $templateCache.put() when making a server request to the template. Previously it would return the content of the response directly. This now means if you are decorating $templateCache.put() to manipulate the template, you will now get this manipulated result also on the first $templateRequest rather than only on subsequent calls (when the template is retrived from the cache). In practice this should not affect any apps, as it is unlikely that they rely on the template being different in the first and subsequent calls.

$animate due to:

  • 16b82c: let cancel() reject the runner promise

$animate.cancel(runner) now rejects the underlying promise and calls the catch() handler on the runner returned by $animate functions (enter, leave, move, addClass, removeClass, setClass, animate). Previously it would resolve the promise as if the animation had ended successfully.

Example:

var runner = $animate.addClass('red');
runner.then(function() { console.log('success')});
runner.catch(function() { console.log('cancelled')});

runner.cancel();

Pre-1.7.0, this logs 'success', 1.7.0 and later it logs 'cancelled'. To migrate, add a catch() handler to your animation runners.

angular.isArray due to:

  • e3ece2: support Array subclasses in angular.isArray()

Previously, angular.isArray() was an alias for Array.isArray(). Therefore, objects that prototypally inherit from Array where not considered arrays. Now such objects are considered arrays too.

This change affects several other methods that use angular.isArray() under the hood, such as angular.copy(), angular.equals(), angular.forEach(), and angular.merge().

This in turn affects how dirty checking treats objects that prototypally inherit from Array (e.g. MobX observable arrays). AngularJS will now be able to handle these objects better when copying or watching.

$sce due to:

  • 1e9ead: handle URL sanitization through the $sce service

If you use attrs.$set for URL attributes (a[href] and img[src]) there will no longer be any automated sanitization of the value. This is in line with other programmatic operations, such as writing to the innerHTML of an element.

If you are programmatically writing URL values to attributes from untrusted input then you must sanitize it yourself. You could write your own sanitizer or copy the private $$sanitizeUri service.

Note that values that have been passed through the $interpolate service within the URL or MEDIA_URL will have already been sanitized, so you would not need to sanitize these values again.

orderBy due to:

  • 1d8046: consider null and undefined greater than other values

When using orderBy to sort arrays containing null values, the null values will be considered "greater than" all other values, except for undefined. Previously, they were sorted as strings. This will result in different (but more intuitive) sorting order.

Before:

orderByFilter(['a', undefined, 'o', null, 'z']);
//--> 'a', null, 'o', 'z', undefined

After:

orderByFilter(['a', undefined, 'o', null, 'z']);
//--> 'a', 'o', 'z', null, undefined

ngScenario due to:

  • 0cd392: completely remove the angular scenario runner

The angular scenario runner end-to-end test framework has been removed from the project and will no longer be available on npm or bower starting with 1.7.0. It was deprecated and removed from the documentation in 2014. Applications that still use it should migrate to Protractor. Technically, it should also be possible to continue using an older version of the scenario runner, as the underlying APIs have not changed. However, we do not guarantee future compatibility.

form due to:

  • 223de5: set $submitted to true on child forms when parent is submitted

Forms will now set $submitted on child forms when they are submitted. For example:

<form name="parentform" ng-submit="$ctrl.submit()">
  <ng-form name="childform">
    <input type="text" name="input" ng-model="my.model" />
  </ng-form>
  <input type="submit" />
</form>

Submitting this form will set $submitted on "parentform" and "childform". Previously, it was only set on "parentform".

This change was introduced because mixing form and ngForm does not create logically separate forms, but rather something like input groups. Therefore, child forms should inherit the submission state from their parent form.

ngAria due to:

  • 6d5ef3: do not set aria attributes on input[type="hidden"]

ngAria no longer sets aria-* attributes on input[type="hidden"] with ngModel. This can affect apps that test for the presence of aria attributes on hidden inputs. To migrate, remove these assertions. In actual apps, this should not have a user-facing effect, as the previous behavior was incorrect, and the new behavior is correct for accessibility.

ngModel, input due to:

  • 74b04c: improve handling of built-in named parsers

Custom parsers that fail to parse on input types "email", "url", "number", "date", "month", "time", "datetime-local", "week", do no longer set ngModelController.$error[inputType], and the ng-invalid-[inputType] class. Also, custom parsers on input type "range" do no longer set ngModelController.$error.number and the ng-invalid-number class.

Instead, any custom parsers on these inputs set ngModelController.$error.parse and ng-invalid-parse. This change was made to make distinguishing errors from built-in parsers and custom parsers easier.

ngModelOptions due to:

  • 55ba44: add debounce catch-all + allow debouncing 'default' only

the 'default' key in 'debounce' now only debounces the default event, i.e. the event that is added as an update trigger by the different input directives automatically.

Previously, it also applied to other update triggers defined in 'updateOn' that did not have a corresponding key in the 'debounce'.

This behavior is now supported via a special wildcard / catch-all key: '*'.

See the following example:

Pre-1.7: 'mouseup' is also debounced by 500 milliseconds because 'default' is applied:

ng-model-options="{
  updateOn: 'default blur mouseup',
  debounce: { 'default': 500, 'blur': 0 }
}

1.7: The pre-1.7 behavior can be re-created by setting '*' as a catch-all debounce value:

ng-model-options="{
  updateOn: 'default blur mouseup',
  debounce: { '*': 500, 'blur': 0 }
}

In contrast, when only 'default' is used, 'blur' and 'mouseup' are not debounced:

ng-model-options="{
  updateOn: 'default blur mouseup',
  debounce: { 'default': 500 }
}

input[number] due to:

  • aa3f95: validate min/max against viewValue

input[type=number] with ngModel now validates the input for the max/min restriction against the ngModelController.$viewValue instead of against the ngModelController.$modelValue.

This affects apps that use $parsers or $formatters to transform the input / model value.

If you rely on the $modelValue validation, you can overwrite the min/max validator from a custom directive, as seen in the following example directive definition object:

{
  restrict: 'A',
  require: 'ngModel',
  link: function(scope, element, attrs, ctrl) {
    var maxValidator = ctrl.$validators.max;

    ctrl.$validators.max = function(modelValue, viewValue) {
      return maxValidator(modelValue, modelValue);
    };
  }
}

input due to:

  • 656c8f: listen on "change" instead of "click" for radio/checkbox ngModels

input[radio] and input[checkbox] now listen to the "change" event instead of the "click" event. Most apps should not be affected, as "change" is automatically fired by browsers after "click" happens.

Two scenarios might need migration:

  • Custom click events:

Before this change, custom click event listeners on radio / checkbox would be called after the input element and ngModel had been updated, unless they were specifically registered before the built-in click handlers. After this change, they are called before the input is updated, and can call event.preventDefault() to prevent the input from updating.

If an app uses a click event listener that expects ngModel to be updated when it is called, it now needs to register a change event listener instead.

  • Triggering click events:

Conventional trigger functions:

The change event might not be fired when the input element is not attached to the document. This can happen in tests that compile input elements and trigger click events on them. Depending on the browser (Chrome and Safari) and the trigger method, the change event will not be fired when the input isn't attached to the document.

Before:

    it('should update the model', inject(function($compile, $rootScope) {
      var inputElm = $compile('<input type="checkbox" ng-model="checkbox" />')($rootScope);

      inputElm[0].click(); // Or different trigger mechanisms, such as jQuery.trigger()
      expect($rootScope.checkbox).toBe(true);
    });

With this patch, $rootScope.checkbox might not be true, because the click event hasn't triggered the change event. To make the test, work append the inputElm to the app's $rootElement, and the $rootElement to the $document.

After:

    it('should update the model', inject(function($compile, $rootScope, $rootElement, $document) {
      var inputElm = $compile('<input type="checkbox" ng-model="checkbox" />')($rootScope);

      $rootElement.append(inputElm);
      $document.append($rootElement);

      inputElm[0].click(); // Or different trigger mechanisms, such as jQuery.trigger()
      expect($rootScope.checkbox).toBe(true);
    });

triggerHandler():

If you are using this jQuery / jqLite function on the input elements, you don't have to attach the elements to the document, but instead change the triggered event to "change". This is because triggerHandler(event) only triggers the exact event when it has been added by jQuery / jqLite.

ngStyle due to:

  • 15bbd3: use $watchCollection

Previously the use of deep watch by ng-style would trigger styles to be re-applied when nested state changed. Now only changes to direct properties of the watched object will trigger changes.

$compile due to:

  • 38f8c9: remove the preAssignBindingsEnabled flag

Previously, the $compileProvider.preAssignBindingsEnabled flag was supported. The flag controlled whether bindings were available inside the controller constructor or only in the $onInit hook. The bindings are now no longer available in the constructor.

To migrate your code:

  1. If you haven't invoked $compileProvider.preAssignBindingsEnabled() you don't have to do anything to migrate.

  2. If you specified $compileProvider.preAssignBindingsEnabled(false), you can remove that statement - since AngularJS 1.6.0 this is the default so your app should still work even in AngularJS 1.6 after such removal. Afterwards, migrating to AngularJS 1.7.0 shouldn't require any further action.

  3. If you specified $compileProvider.preAssignBindingsEnabled(true) you need to first migrate your code so that the flag can be flipped to false. The instructions on how to do that are available in the "Migrating from 1.5 to 1.6" guide: https://docs.angularjs.org/guide/migration#migrating-from-1-5-to-1-6 Afterwards, remove the $compileProvider.preAssignBindingsEnabled(true) statement.

  • 6ccbfa: lower the xlink:href security context for SVG's a and image elements

In the unlikely case that an app relied on RESOURCE_URL whitelisting for the purpose of binding to the xlink:href property of SVG's <a> or <image> elements and if the values do not pass the regular URL sanitization, they will break.

To fix this you need to ensure that the values used for binding to the affected xlink:href contexts are considered safe URLs, e.g. by whitelisting them in $compileProvider's aHrefSanitizationWhitelist (for <a> elements) or imgSrcSanitizationWhitelist (for <image> elements).

  • fd4f01: do not use deepWatch in literal one-way bindings

Previously when a literal value was passed into a directive/component via one-way binding it would be watched with a deep watcher.

For example, for <my-component input="[a]">, a new instance of the array would be passed into the directive/component (and trigger $onChanges) not only if a changed but also if any sub property of a changed such as a.b or a.b.c.d.e etc.

This also means a new but equal value for a would NOT trigger such a change.

Now literal values use an input-based watch similar to other directive/component one-way bindings. In this context inputs are the non-constant parts of the literal. In the example above the input would be a. Changes are only triggered when the inputs to the literal change.

  • 1cf728: add base[href] to the list of RESOURCE_URL context attributes

Previously, <base href="{{ $ctrl.baseUrl }}" /> would not require baseUrl to be trusted as a RESOURCE_URL. Now, baseUrl will be sent to $sce's RESOURCE_URL checks. By default, it will break unless baseUrl is of the same origin as the application document.

Refer to the $sce API docs for more info on how to trust a value in a RESOURCE_URL context.

Also, concatenation in trusted contexts is not allowed, which means that the following won't work: <base href="/something/{{ $ctrl.partialPath }}" />.

Either construct complex values in a controller (recommended):

this.baseUrl = '/something/' + this.partialPath;
<base href="{{ $ctrl.baseUrl }}" />

Or use string concatenation in the interpolation expression (not recommended except for the simplest of cases):

<base href="{{ '/something/' + $ctrl.partialPath }}" />

ngTouch due to:

  • 11d9ad: remove ngClick override, $touchProvider, and $touch

The ngClick directive from the ngTouch module has been removed, and with it the corresponding $touchProvider and $touch service.

If you have included ngTouch v1.5.0 or higher in your application, and have not changed the value of $touchProvider.ngClickOverrideEnabled(), or injected and used the $touch service, then there are no migration steps for your code. Otherwise you must remove references to the provider and service.

The ngClick override directive had been deprecated and by default disabled since v1.5.0, because of buggy behavior in edge cases, and a general trend to avoid special touch based overrides of click events. In modern browsers, it should not be necessary to use a touch override library:

  • Chrome, Firefox, Edge, and Safari remove the 300ms delay when <meta name="viewport" content="width=device-width"> is set.
  • Internet Explorer 10+, Edge, Safari, and Chrome remove the delay on elements that have the touch-action css property is set to manipulation.

You can find out more in these articles: https://developers.google.com/web/updates/2013/12/300ms-tap-delay-gone-away https://developer.apple.com/library/content/releasenotes/General/WhatsNewInSafari/Articles/Safari_9_1.html#//apple_ref/doc/uid/TP40014305-CH10-SW8 https://blogs.msdn.microsoft.com/ie/2015/02/24/pointer-events-w3c-recommendation-interoperable-touch-and-removing-the-dreaded-300ms-tap-delay/

Angular due to:

  • 1daa4f: remove angular.lowercase and angular.uppercase

The helper functions angular.lowercase and angular.uppercase have been removed.

These functions have been deprecated since 1.5.0. They are internally used, but should not be exposed as they contain special locale handling (for Turkish) to maintain internal consistency regardless of user-set locale.

Developers should generally use the built-ins toLowerCase and toUpperCase or toLocaleLowerCase and toLocaleUpperCase for special cases.

Further, we generally discourage using the angular.x helpers in application code.

$controller due to:

  • e269c1: remove instantiating controllers defined on window

The option to instantiate controllers from constructors on the global window object has been removed. Likewise, the deprecated $controllerProvider.allowGlobals() method that could enable this behavior, has been removed.

This behavior had been deprecated since AngularJS v1.3.0, because polluting the global scope is bad. To migrate, remove the call to $controllerProvider.allowGlobals() in the config, and register your controller via the Module API or the $controllerProvider, e.g.

angular.module('myModule', []).controller('myController', function() {...});

angular.module('myModule', []).config(function($controllerProvider) {
  $controllerProvider.register('myController', function() {...});
});

$rootScope due to:

  • c2b8fa: provide correct value of one-time bindings in watchGroup

Previously when using $watchGroup the entries in newValues and oldValues represented the most recent change of each entry.

Now the entries in oldValues will always equal the newValues of the previous call of the listener. This means comparing the entries in newValues and oldValues can be used to determine which individual expressions changed.

For example $scope.$watchGroup(['a', 'b'], fn) would previously:

Action newValue oldValue
(init) [undefined, undefined] [undefined, undefined]
a=1 [1, undefined] [undefined, undefined]
a=2 [2, undefined] [1, undefined]
b=3 [2, 3] [1, undefined]

Now the oldValue will always equal the previous newValue:

Action newValue oldValue
(init) [undefined, undefined] [undefined, undefined]
a=1 [1, undefined] [undefined, undefined]
a=2 [2, undefined] [1, undefined]
b=3 [2, 3] [2, undefined]

Note the last call now shows a === 2 in the oldValues array.

This also makes the oldValue of one-time watchers more clear. Previously the oldValue of a one-time watcher would remain undefined forever. For example $scope.$watchGroup(['a', '::b'], fn) would previously:

Action newValue oldValue
(init) [undefined, undefined] [undefined, undefined]
a=1 [1, undefined] [undefined, undefined]
b=2 [1, 2] [undefined, undefined]
a=b=3 [3, 2] [1, undefined]

Where now the oldValue will always equal the previous newValue:

Action newValue oldValue
(init) [undefined, undefined] [undefined, undefined]
a=1 [1, undefined] [undefined, undefined]
b=2 [1, 2] [1, undefined]
a=b=3 [3, 2] [1, 2]

$interval due to:

  • a8bef9: throw when trying to cancel non-$interval promise

$interval.cancel() will throw an error if called with a promise that was not generated by $interval(). Previously, it would silently do nothing.

Before:

var promise = $interval(doSomething, 1000, 5).then(doSomethingElse);
$interval.cancel(promise);  // No error; interval NOT canceled.

After:

var promise = $interval(doSomething, 1000, 5).then(doSomethingElse);
$interval.cancel(promise);  // Throws error.

Correct usage:

var promise = $interval(doSomething, 1000, 5);
var newPromise = promise.then(doSomethingElse);
$interval.cancel(promise);  // Interval canceled.

$timeout due to:

  • 336525: throw when trying to cancel non-$timeout promise

$timeout.cancel() will throw an error if called with a promise that was not generated by $timeout(). Previously, it would silently do nothing.

Before:

var promise = $timeout(doSomething, 1000).then(doSomethingElse);
$timeout.cancel(promise);  // No error; timeout NOT canceled.

After:

var promise = $timeout(doSomething, 1000).then(doSomethingElse);
$timeout.cancel(promise);  // Throws error.

Correct usage:

var promise = $timeout(doSomething, 1000);
var newPromise = promise.then(doSomethingElse);
$timeout.cancel(promise);  // Timeout canceled.

1.6.10 crystalline-persuasion (2018-04-17)

Bug Fixes

  • $compile:
  • input:
  • jqLite: use XHTML-compliant HTML as input for jqLite (a0c55a, #6917, #16518)
  • minErr: update url to https (52e466)
  • $http: set correct xhrStatus in response when using 'timeout' (1faf7e)
  • browserTrigger: support CompositionEvent (c33fd1)

New Features

  • $http: support sending XSRF token to whitelisted origins (bc7757, #7862)
  • minErr: strip error url from error parameters (980b69)
  • $sanitize: support enhancing elements/attributes white-lists (ee8e05, #5900, #16326)
  • $rootScope: allow suspending and resuming watchers on scope (efb822c58, #16308)

1.6.9 fiery-basilisk (2018-02-02)

Bug Fixes

New Features

1.6.8 beneficial-tincture (2017-12-18)

Bug Fixes

  • $location:
    • always decode special chars in $location.url(value) (2bdf71)
    • decode non-component special chars in Hashbang URLS (57b626)
  • ngModelController: allow $overrideModelOptions to set updateOn (55516d, #16351, #16364)

New Features

1.6.7 imperial-backstroke (2017-11-24)

Bug Fixes

  • $compile: sanitize special chars in directive name (c4003f, #16314, #16278)
  • $location: do not decode forward slashes in the path in HTML5 mode (e06ebf, #16312)
  • sanitizeUri: sanitize URIs that contain IDEOGRAPHIC SPACE chars (ddeb1d, #16288)
  • $rootScope: fix potential memory leak when removing scope listeners (358a69, #16135, #16161)
  • http: do not allow encoded callback params in jsonp requests (569e90)
  • ngMock: pass unexpected request failures in $httpBackend to the error handler (1555a4, #16150, #15855)
  • ngAnimate: don't close transitions when child transitions close (1391e9, #16210)
  • ngMock.browserTrigger: add 'bubbles' to Transition/Animation Event (7a5f06)

New Features

  • $sanitize, $compileProvider, linky: add support for the "sftp" protocol in links (a675ea, #16102)
  • ngModel.NgModelController: expose $processModelValue to run model -> view pipeline (145194, #3407, #10764, #16237)
  • $injector: ability to load new modules after bootstrapping (6e78fe)

Performance Improvements

  • jqLite:
    • avoid setting class attribute when not changed (9c95f6)
    • avoid repeated add/removeAttribute in jqLiteRemoveClass (cab9eb, #16078, #16131)

1.6.6 interdimensional-cable (2017-08-18)

Bug Fixes

  • $httpParamSerializer: ignore functions (b51ded, #16133)
  • $resource: do not throw when calling old $cancelRequest() (009ebe, #16037)
  • $parse:
    • do not shallow-watch computed property keys (750465)
    • support constants in computed keys (9d6c3f)
  • $http: do not throw error if Content-Type is not application/json but response is JSON-like (2e1163, #16027, #16075)

New Features

  • $compile: add strictComponentBindingsEnabled() method (3ec181, #16129)
  • $resource: add resource to response for error interceptors (9256db, #16109)
  • $http: allow differentiation between XHR completion, error, abort, timeout (5e2bc5, #15924, #15847)

1.6.5 toffee-salinization (2017-07-03)

Bug Fixes

  • core:
  • ngOptions:
    • re-render after empty option has been removed (510d0f)
    • allow empty option to be removed and re-added (71b4da)
    • select unknown option if unmatched model does not match empty option (17d34b)
  • orderBy: guarantee stable sort (e50ed4, #14881, #15914)
  • $parse:
    • do not shallow-watch inputs to one-time intercepted expressions (6e3b5a)
    • standardize one-time literal vs non-literal and interceptors (f003d9)
    • do not shallow-watch inputs when wrapped in an interceptor fn (aac562, #15905)
    • always re-evaluate filters within literals when an input is an object (ec9768, #15964, #15990)
  • $sanitize: use appropriate inert document strategy for Firefox and Safari (8f31f1)
  • $timeout/$interval: do not trigger a digest on cancel (a222d0, #16057, #16064)
    This change might affect the use of $timeout.flush() in unit tests. See the commit message for more info.
  • ngMock/$interval: add support for zero-delay intervals in tests (a1e3f8, #15952, #15953)
  • angular-loader: do not depend on "closure" globals that may not be available (a3226d, #15880, #15881)

New Features

  • select: expose info about selection state in controller (0b962d, #13172, #10127)
  • $animate: add support for customFilter (ab114a, #14891)
  • $compile: overload .component() to accept object map of components (210112, #14579, #16062)
  • $log: log all parameters in IE 9, not just the first two. (3671a4)
  • ngMock: describe unflushed http requests (d9128e, #10596, #15928)

Performance Improvements

  • ngOptions: prevent initial options repainting (ff52b1, #15801, #15812, #16071)
  • $animate:
    • avoid unnecessary computations if animations are globally disabled (ce5ffb, #14914)
    • do not retrieve className unless classNameFilter is used (275978)

1.6.4 phenomenal-footnote (2017-03-31)

Bug Fixes

  • $parse:
    • standardize one-time literal vs non-literal and interceptors (60394a, #15858)
    • fix infinite digest errors when watching objects with .valueOf in literals (f5ddb1, #15867)
  • ngModel: prevent internal scope reference from being copied (e1f8a6, #15833)
  • jqLite: make jqLite invoke jqLite.cleanData as a method (9cde98, #15846)
  • $http: throw more informative error on invalid JSON response (df8887, #15695, #15724)
  • dateFilter: correctly handle newlines in format string (982271, #15794, #15792)

New Features

1.6.3 scriptalicious-bootstrapping (2017-03-08)

Bug Fixes

  • AngularJS:
    • do not auto-bootstrap if the src exists but is empty (3536e8)
    • do not auto bootstrap if the currentScript has been clobbered (95f964)
    • do not auto-bootstrap if the script source is bad and inside SVG (c8f78a)
  • $log: don't parse error stacks manually outside of IE/Edge (64e5af, #15590, #15767)
  • $sanitize: prevent clobbered elements from freezing the browser (3bb1dd, #15699)
  • $animate:
    • reset classNameFilter to null when a disallowed RegExp is used (a584fb, #14913)
    • improve detection on ng-animate in classNameFilter RegExp (1f1331, #14806)
  • filterFilter: don't throw if key.charAt is not a function (f27d19, #15644, #15660)
  • select:
    • add attribute "selected" for select[multiple] (851367)
    • keep original selection when using shift to add options in IE/Edge (97b74a, #15675, #15676)
  • $jsonpCallbacks: allow $window to be mocked in unit tests (5ca0de, #15685, #15686)

New Features

  • info: add angularVersion info to each module (1e582e)
  • $injector: add new modules property (742123)
  • Module: add info() method (09ba69, #15225)
  • errorHandlingConfig: make the depth for object stringification in errors configurable (4a5eaf, #15402, #15433)

1.6.2 llamacorn-lovehug (2017-02-07)

Bug Fixes

New Features

  • ngModel: add $overrideModelOptions support (2546c2, #15415)
  • $parse: allow watching array/object literals with non-primitive values (25f008, #15301)

1.5.11 princely-quest (2017-01-13)

Bug Fixes

  • $compile: allow the usage of "$" in isolate scope property alias (e75fbc, #15586, #15594)
  • angularInit: allow auto-bootstrapping from inline script (41aa91, #15567, #15571)
  • $resource: delete $cancelRequest() in toJSON() (4f3858, #15244)
  • $$cookieReader: correctly handle forbidden access to document.cookie (6933cf, #15523, #15532)

1.6.1 promise-rectification (2016-12-23)

Bug Fixes

  • $q: Add traceback to unhandled promise rejections (174cb4, #14631)
  • $$cookieReader: correctly handle forbidden access to document.cookie (33f769, #15523)
  • ngOptions: do not unset the selected property unless necessary (bc4844, #15477)
  • ngModelOptions: work correctly when on the template of replace directives (5f8ed6, #15492)
  • ngClassOdd/Even: add/remove the correct classes when expression/$index change simultaneously (d52864)
  • jqLite: silently ignore after() if element has no parent (3d68b9, #15331, #15475)
  • $rootScope: when adding/removing watchers during $digest (163aca, #15422)

Performance Improvements

  • ngClass: avoid unnecessary .data() accesses, deep-watching and copies (1d3b65, #14404)

1.5.10 asynchronous-synchronization (2016-12-15)

Bug Fixes

  • $compile:
    • don't throw tplrt error when there is whitespace around a top-level comment (12752f, #15108)
    • clean up @-binding observers when re-assigning bindings (f3cb6e, #15268)
    • set attribute value even if ngAttr* contains no interpolation (229799, #15133)
    • bindToController should work without controllerAs (944989, #15088)
    • do not overwrite values set in $onInit() for <-bound literals (07e1ba, #15118)
    • avoid calling $onChanges() twice for NaN initial values (0cf5be)
  • $location: prevent infinite digest with IDN urls in Edge (4bf892, #15217)
  • $rootScope: correctly handle adding/removing watchers during $digest (a9708d, #15422)
  • $sce: fix adjustMatcher to replace multiple * and ** (78eecb)
  • jqLite: silently ignore after() if element has no parent (77ed85, #15331)
  • input[radio]: use non-strict comparison for checkedness (593a50)
  • select, ngOptions:
    • let ngValue take precedence over option text with multiple interpolations (5b7ec8, #15413)
    • don't add comment nodes as empty options (1d29c9, #15454)
  • ngClassOdd/Even: add/remove the correct classes when expression/$index change simultaneously (e3d020)
  • $sanitize: reduce stack height in IE <= 11 (862dc2, #14928)
  • ngMock/$controller: respect $compileProvider.preAssignBindingsEnabled() (75c83f)

New Features

  • bootstrap: do not bootstrap from unknown schemes with a different origin (bdeb33, #15428)
  • $anchorScroll: convert numeric hash targets to string (a52640, #14680)
  • $compile:
    • add preAssignBindingsEnabled option (f86576)
    • throw error when directive name or factory function is invalid (5c9399, #15056)
  • $controller: throw when requested controller is not registered (9ae793, #14980)
  • $location: add support for selectively rewriting links based on attribute (a4a222)
  • $resource: pass status/statusText to success callbacks (a8da25, #8341, #8841)
  • ngSwitch: allow multiple case matches via optional attribute ngSwitchWhenSeparator (0e1651, #3410, #3516)

Performance Improvements

  • all: don't trigger digests after enter/leave of structural directives (c57779, #15322)
  • $compile: validate directive.restrict property on directive init (31d464)
  • ngOptions: avoid calls to element.value (e269ad)
  • jqLite: move bind/unbind definitions out of the loop (7717b9)

1.6.0 rainbow-tsunami (2016-12-08)

Here are the full changes for the release of 1.6.0 that are not already released in the 1.5.x branch, consolidating all the changes shown in the previous 1.6.0 release candidates.

New Features

  • ngModelOptions: allow options to be inherited from ancestor ngModelOptions (296cfc, #10922)
  • $compile:
    • add preAssignBindingsEnabled option (dfb8cf)
    • set preAssignBindingsEnabled to false by default (bcd0d4, #15352)
    • throw error when directive name or factory function is invalid (53a3bf #15056)
  • jqLite:
    • implement jqLite(f) as an alias to jqLite(document).ready(f) (369fb7)
    • don't throw for elements with missing getAttribute (4e6c14)
    • don't get/set properties when getting/setting boolean attributes (7ceb5f, #14126)
    • don't remove a boolean attribute for .attr(attrName, '') (3faf45)
    • remove the attribute for .attr(attribute, null) (4e3624)
    • return [] for .val() on <select multiple> with no selection (d882fd)
    • camelCase keys in jqLite#data (fc0c11, #15126)
    • align jqLite camelCasing logic with JQuery (73050c, #7744)
  • $http:
    • remove deprecated callback methods: success()/error() (b54a39)
    • JSONP callback must be specified by jsonpCallbackParam config (fb6634, #15161, #11352)
    • JSONP requests now require a trusted resource URL (6476af, #11352)
  • $anchorScroll: convert numeric hash targets to string (9062ba #14680)
  • select: support values of any type added with ngValue (f02b70, #9842)
  • input:
    • add support for binding to input[type=range] (913016, #5892, #14870)
    • add support for step to input[type=number] (e1da4be, #10597)
    • allow ngTrim to work for input[type=radio] (47724b)
  • ngSwitch: allow multiple case matches via optional attribute ngSwitchWhenSeparator (0b221 #3410 #3516)
  • $interpolate: use custom toString() function if present (a5fd2e, #7317, #11406)
  • ngRoute:
    • allow ngView to be included in an asynchronously loaded template (c13c66, #1213)
    • implement resolveRedirectTo (e98656, #5150)
  • $q: report promises with non rejection callback (c9dffd, #13653, #7992)
  • $resource: pass status/statusText to success callbacks (e3a378 #8341 #8841)
  • $location:
    • default hashPrefix to '!' (aa077e #13812)
    • add support for selectively rewriting links based on attribute (3d686a)
  • $controller: throw when requested controller is not registered (eacfe4 #14980)

Security Related

  • Please read the Sandbox Removal Blog Post.
  • bootstrap:
    • explicitly whitelist URL schemes for bootstrap. (7f1b8b)
    • do not bootstrap from unknown schemes with a different origin (465d17 #15428)
  • $compile:
    • secure link[href] as a RESOURCE_URLs in $sce (04cad4, #14687)
    • lower the $sce context for src on video, audio, and track. (ad9a99)

Bug Fixes

  • $sce: fix adjustMatcher to replace multiple * and ** (991a2b)
  • ngModelOptions: handle debounce of updateOn triggers that are not in debounce list (789790)
  • ngMock/$controller: respect $compileProvider.preAssignBindingsEnabled() (7d9a79)
  • $location:
    • prevent infinite digest with IDN URLs in Edge (705afc #15217)
    • throw if the path starts with double (back)slashes (4aa953)
  • core: do not auto-bootstrap when loaded from an extension. (0ff10e)
  • input[radio]: use strict comparison when evaluating checked-ness (5ac7da, #15288)
  • input: fix step validation for input[type=number]/input[type=range] (081d06, #15257)
  • $parse:
    • treat falsy values as defined in assignment expressions (4f44e0)
    • call once stable bind-once expressions with filter (3b5751)
    • Handle sign of -undefined consistently (c1eaf3)
  • ngModel: treat synchronous validators as boolean always (7bc71a, #14734)
  • $q: treat thrown errors as regular rejections (e13eea, #3174, #15213)
  • ngTransclude: use fallback content if only whitespace is provided (32aa7e, #15077)
  • $compile:
    • don't throw tplrt error when there is a whitespace around a top-level comment (76d3da, #15108)
    • clean up @-binding observers when re-assigning bindings (586e2a #15268)
    • set attribute value even if ngAttr* contains no interpolation (3fe3da #15133)
    • bindToController should work without controllerAs (16dcce #15088)
    • do not overwrite values set in $onInit() for <-bound literals (a1bdff #15118)
    • avoid calling $onChanges() twice for NaN initial values (7d7efb)
    • disallow linking the same element more than once (1e1fbc)
    • correctly merge consecutive text nodes on IE11 (13c252, #14924)
    • don't add leading white-space in attributes for a specific merge case (305ba1)
    • don't trim white-space in attributes (97bbf8, #5513, #5597)
    • move check for interpolation of on-event attributes to compile time (b89c21, #13267)
  • select, ngOptions, ngValue:
    • don't add comment nodes as empty options (245b27, #15454)
    • do not throw when removing the element (e.g. via ngIf) (7a667c)
    • add/remove selected attribute for selected/unselected options (c75698)
    • don't register options when select has no ngModel (e8c2e1)
    • handle model updates when options are manipulated (47c15f)
    • remove workaround for a Chrome bug (87eff2)
    • make the handling of unknown / empty options consistent (2785ad)
    • set the element's value property in addition to the value attribute (e6afca, #14031)
  • $resource:
    • allow params in hostname (except for IPv6 addresses) (752b1e, #14542)
    • fulfill promise with the correct value on error (5f6949, #14837)
    • pass all extra, owned properties as params (acb545, #14866)
    • add semicolon to whitelist of delimiters to unencode in URL params (2456ab)
  • $http:
    • avoid Possibly Unhandled Rejection error when the request fails (47583d, #13869)
    • properly increment/decrement $browser.outstandingRequestCount (4f6f2b, #13782, #14921)
  • ngMock: trigger digest in $httpBackend.verifyNoOutstandingRequest() (267ee9, #13506)
  • ngAria:
    • bind to keydown instead of keypress in ngClick (ad41ba, #14063)
    • don't add roles to native control elements (9978de, #14076)
    • do not overwrite the default $isEmpty() method for checkboxes (975a61, #14621)
  • ngBind: use same string representation as $interpolate (fa80a6)
  • ngMock/$httpBackend: fail if a url is provided but is undefined (7551b8, #8442, #10934)
  • $route: don't process route change controllers and templates for redirectTo routes (7f4b35, #3332)
  • loader: module.decorator order of operations is now irrelevant (6a2ebd, #12382)
  • $sanitize: reduce stack height in IE <= 11 (45129c #14928)
  • ngAnimate: make svg elements work with classNameFilter (81bf7e)

Performance Improvements

  • all: don't trigger digests after enter/leave of structural directives (f4fb6e, #15322)
  • form, ngModel: change controllers to use prototype methods (9e24e7)
  • select: don't prepend unknown option if already prepended (ba36bd)
  • ngOptions: avoid calls to element.value (3b7f29)
  • $animate: listen for document visibility changes (d71dc2)
  • injector: cache the results of the native class detection check (5ceb5d)
  • $compile:
    • use strict comparison for controller === '@' (bbd3db)
    • validate directive.restrict property on directive init (11f273)
  • $parse:

Breaking Changes

  • feat($compile): set preAssignBindingsEnabled to false by default (bcd0d4):

Previously, $compileProvider.preAssignBindingsEnabled was set to true by default. This means bindings were pre-assigned on component/directive controller instances (which made them available inside the constructors). In AngularJS 1.5+ the place to put the initialization logic relying on bindings being present is the controller's $onInit method.

To migrate follow the example below:

Before:

angular.module('myApp', [])
  .component('myComponent', {
    bindings: {value: '<'},
    controller: function() {
      this.doubleValue = this.value * 2;
    }
  });

After:

angular.module('myApp', [])
  .component('myComponent', {
    bindings: {value: '<'},
    controller: function() {
      this.$onInit = function() {
        this.doubleValue = this.value * 2;
      };
    }
  });

If you don't have time to migrate the code at the moment, you can flip the setting back to true:

angular.module('myApp', [])
  .config(function($compileProvider) {
    $compileProvider.preAssignBindingsEnabled(true);
  })
  .component('myComponent', {
    bindings: {value: '<'},
    controller: function() {
      this.doubleValue = this.value * 2;
    }
  });

Don't do this if you're writing a library, though, as you shouldn't change global configuration then.

  • fix(input[radio]): use strict comparison when evaluating checked-ness (5ac7da):

When using input[radio], the checked status is now determined by doing a strict comparison between the value of the input and the ngModel.$viewValue. Previously, this was a non-strict comparison (==).

This means in the following examples the radio is no longer checked:

  <!-- this.selected = 0 -->
  <input type="radio" ng-model="$ctrl.selected" value="0" >

  <!-- this.selected = 0; this.value = false; -->
  <input type="radio" ng-model="$ctrl.selected" ng-value="$ctrl.value" >

The migration strategy is to convert values that matched with non-strict conversion so that they will match with strict conversion.

  • feat(ngModelOptions): allow options to be inherited from ancestor ngModelOptions (296cfc):

The programmatic API for ngModelOptions has changed. You must now read options via the ngModelController.$options.getOption(name) method, rather than accessing the option directly as a property of the ngModelContoller.$options object. This does not affect the usage in templates and only affects custom directives that might have been reading options for their own purposes.

One benefit of these changes, though, is that the ngModelControler.$options property is now guaranteed to be defined so there is no need to check before accessing.

So, previously:

var myOption = ngModelController.$options && ngModelController.$options['my-option'];

and now:

var myOption = ngModelController.$options.getOption('my-option');

jqLite due to:

  • fc0c11: camelCase keys in jqLite#data

Previously, keys passed to the data method were left untouched. Now they are internally camelCased similarly to how jQuery handles it, i.e. only single (!) hyphens followed by a lowercase letter get converted to an uppercase letter. This means keys a-b and aB represent the same data piece; writing to one of them will also be reflected if you ask for the other one.

If you use Angular with jQuery, it already behaved in this way so no changes are required on your part.

To migrate the code follow the examples below:

BEFORE:

/* 1 */
elem.data('my-key', 2);
elem.data('myKey', 3);

/* 2 */
elem.data('foo-bar', 42);
elem.data()['foo-bar']; // 42
elem.data()['fooBar']; // undefined

/* 3 */
elem.data()['foo-bar'] = 1;
elem.data()['fooBar'] = 2;
elem.data('foo-bar'); // 1

AFTER:

/* 1 */
// Rename one of the keys as they would now map to the same data slot.
elem.data('my-key', 2);
elem.data('my-key2', 3);

/* 2 */
elem.data('foo-bar', 42);
elem.data()['foo-bar']; // undefined
elem.data()['fooBar']; // 42

/* 3 */
elem.data()['foo-bar'] = 1;
elem.data()['fooBar'] = 2;
elem.data('foo-bar'); // 2
  • 73050c: align jqLite camelCasing logic with JQuery

Before, when Angular was used without jQuery, the key passed to the css method was more heavily camelCased; now only a single (!) hyphen followed by a lowercase letter is getting transformed. This also affects APIs that rely on the css method, like ngStyle.

If you use Angular with jQuery, it already behaved in this way so no changes are needed on your part.

To migrate the code follow the example below:

Before:

HTML:

// All five versions used to be equivalent.
<div ng-style={background_color: 'blue'}></div>
<div ng-style={'background:color': 'blue'}></div>
<div ng-style={'background-color': 'blue'}></div>
<div ng-style={'background--color': 'blue'}></div>
<div ng-style={backgroundColor: 'blue'}></div>

JS:

// All five versions used to be equivalent.
elem.css('background_color', 'blue');
elem.css('background:color', 'blue');
elem.css('background-color', 'blue');
elem.css('background--color', 'blue');
elem.css('backgroundColor', 'blue');

// All five versions used to be equivalent.
var bgColor = elem.css('background_color');
var bgColor = elem.css('background:color');
var bgColor = elem.css('background-color');
var bgColor = elem.css('background--color');
var bgColor = elem.css('backgroundColor');

After:

HTML:

// Previous five versions are no longer equivalent but these two still are.
<div ng-style={'background-color': 'blue'}></div>
<div ng-style={backgroundColor: 'blue'}></div>

JS:

// Previous five versions are no longer equivalent but these two still are.
elem.css('background-color', 'blue');
elem.css('backgroundColor', 'blue');

// Previous five versions are no longer equivalent but these two still are.
var bgColor = elem.css('background-color');
var bgColor = elem.css('backgroundColor');
  • 7ceb5f: don't get/set properties when getting/setting boolean attributes

Previously, all boolean attributes were reflected into the corresponding property when calling a setter and from the corresponding property when calling a getter, even on elements that don't treat those attributes in a special way. Now Angular doesn't do it by itself, but relies on browsers to know when to reflect the property. Note that this browser-level conversion differs between browsers; if you need to dynamically change the state of an element, you should modify the property, not the attribute. See https://jquery.com/upgrade-guide/1.9/#attr-versus-prop- for a more detailed description about a related change in jQuery 1.9.

This change aligns jqLite with jQuery 3. To migrate the code follow the example below:

Before:

CSS:

input[checked="checked"] { ... }

JS:

elem1.attr('checked', 'checked');
elem2.attr('checked', false);

After:

CSS:

input:checked { ... }

JS:

elem1.prop('checked', true);
elem2.prop('checked', false);
  • 3faf45: don't remove a boolean attribute for .attr(attrName, '')

Before, using the attr method with an empty string as a value would remove the boolean attribute. Now it sets it to its lowercase name as was happening for every non-empty string so far. The only two values that remove the boolean attribute are now null & false, just like in jQuery.

To migrate the code follow the example below:

Before:

elem.attr(booleanAttrName, '');

After:

elem.attr(booleanAttrName, false);

or:

elem.attr(booleanAttrName, null);
  • 4e3624: remove the attribute for .attr(attribute, null)

Invoking elem.attr(attributeName, null) would set the attributeName attribute value to a string "null", now it removes the attribute instead.

To migrate the code follow the example below:

Before:

elem.attr(attributeName, null);

After:

elem.attr(attributeName, "null");
  • d882fd: return [] for .val() on <select multiple> with no selection

For the jqLite element representing a select element in the multiple variant with no options chosen the .val() getter used to return null and now returns an empty array.

To migrate the code follow the example below:

Before:

HTML:

    <select multiple>
        <option>value 1</option>
        <option>value 2</option>
    </select>

JavaScript:

    var value = $element.val();
    if (value) {
        /* do something */
    }

After:

HTML:

    <select multiple>
        <option>value 1</option>
        <option>value 2</option>
    </select>

JavaScript:

    var value = $element.val();
    if (value.length > 0) {
        /* do something */
    }

ngModel due to:

  • 7bc71a: treat synchronous validators as boolean always

Previously, only a literal false return would resolve as the synchronous validator failing. Now, all falsy JavaScript values are treated as failing the validator, as one would naturally expect.

Specifically, the values 0 (the number zero), null, NaN and '' (the empty string) used to be considered valid (passing) and they are now considered invalid (failing). The value undefined was treated similarly to a pending asynchronous validator, causing the validation to be pending. undefined is also now considered invalid.

To migrate, make sure your synchronous validators are returning either a literal true or a literal false value. For most code, we expect this to already be the case. Only a very small subset of projects will be affected.

Namely, anyone using undefined or any falsy value as a return will now see their validation failing, whereas previously falsy values other than undefined would have been seen as passing and undefined would have been seen as pending.

  • 9e24e7: change controllers to use prototype methods

The use of prototype methods instead of new methods per instance removes the ability to pass NgModelController and FormController methods without context.

For example

$scope.$watch('something', myNgModelCtrl.$render)

will no longer work because the $render method is passed without any context. This must now be replaced with

$scope.$watch('something', function() {
  myNgModelCtrl.$render();
})

or possibly by using Function.prototype.bind or angular.bind.

aria/ngModel due to:

  • 975a61: do not overwrite the default $isEmpty() method for checkboxes

Custom checkbox-shaped controls (e.g. checkboxes, menuitemcheckboxes), no longer have a custom $isEmpty() method on their NgModelController that checks for value === false. Unless overwritten, the default $isEmpty() method will be used, which treats undefined, null, NaN and '' as "empty".

Note: The $isEmpty() method is used to determine if the checkbox is checked ("not empty" means "checked") and thus it can indirectly affect other things, such as the control's validity with respect to the required validator (e.g. "empty" + "required" --> "invalid").

Before:

var template = '<my-checkbox role="checkbox" ng-model="value"></my-checkbox>';
var customCheckbox = $compile(template)(scope);
var ctrl = customCheckbox.controller('ngModel');

scope.$apply('value = false');
console.log(ctrl.$isEmpty());   //--> true

scope.$apply('value = true');
console.log(ctrl.$isEmpty());   //--> false

scope.$apply('value = undefined'/* or null or NaN or '' */);
console.log(ctrl.$isEmpty());   //--> false

After:

var template = '<my-checkbox role="checkbox" ng-model="value"></my-checkbox>';
var customCheckbox = $compile(template)(scope);
var ctrl = customCheckbox.controller('ngModel');

scope.$apply('value = false');
console.log(ctrl.$isEmpty());   //--> false

scope.$apply('value = true');
console.log(ctrl.$isEmpty());   //--> false

scope.$apply('value = undefined'/* or null or NaN or '' */);
console.log(ctrl.$isEmpty());   //--> true

-- If you want to have a custom $isEmpty() method, you need to overwrite the default. For example:

.directive('myCheckbox', function myCheckboxDirective() {
  return {
    require: 'ngModel',
    link: function myCheckboxPostLink(scope, elem, attrs, ngModelCtrl) {
      ngModelCtrl.$isEmpty = function myCheckboxIsEmpty(value) {
        return !value;   // Any falsy value means "empty"

        // Or to restore the previous behavior:
        // return value === false;
      };
    }
  };
})

$http due to:

  • b54a39: remove deprecated callback methods: success()/error()

$http's deprecated custom callback methods - success() and error() - have been removed. You can use the standard then()/catch() promise methods instead, but note that the method signatures and return values are different.

success(fn) can be replaced with then(fn), and error(fn) can be replaced with either then(null, fn) or catch(fn).

Before:

$http(...).
  success(function onSuccess(data, status, headers, config) {
    // Handle success
    ...
  }).
  error(function onError(data, status, headers, config) {
    // Handle error
    ...
  });

After:

$http(...).
  then(function onSuccess(response) {
    // Handle success
    var data = response.data;
    var status = response.status;
    var statusText = response.statusText;
    var headers = response.headers;
    var config = response.config;
    ...
  }, function onError(response) {
    // Handle error
    var data = response.data;
    var status = response.status;
    var statusText = response.statusText;
    var headers = response.headers;
    var config = response.config;
    ...
  });

// or

$http(...).
  then(function onSuccess(response) {
    // Handle success
    var data = response.data;
    var status = response.status;
    var statusText = response.statusText;
    var headers = response.headers;
    var config = response.config;
    ...
  }).
  catch(function onError(response) {
    // Handle error
    var data = response.data;
    var status = response.status;
    var statusText = response.statusText;
    var headers = response.headers;
    var config = response.config;
    ...
  });

Note: There is a subtle difference between the variations showed above. When using $http(...).success(onSuccess).error(onError) or $http(...).then(onSuccess, onError), the onError() callback will only handle errors/rejections produced by the $http() call. If the onSuccess() callback produces an error/rejection, it won't be handled by onError() and might go unnoticed. In contrast, when using $http(...).then(onSuccess).catch(onError), onError() will handle errors/rejections produced by both $http() and onSuccess().

  • fb6634: JSONP callback must be specified by jsonpCallbackParam config

You can no longer use the JSON_CALLBACK placeholder in your JSONP requests. Instead you must provide the name of the query parameter that will pass the callback via the jsonpCallbackParam property of the config object, or app-wide via the $http.defaults.jsonpCallbackParam property, which is "callback" by default.

Before this change:

$http.json('trusted/url?callback=JSON_CALLBACK');
$http.json('other/trusted/url', {params: {cb:'JSON_CALLBACK'}});

After this change:

$http.json('trusted/url');
$http.json('other/trusted/url', {jsonpCallbackParam:'cb'});
  • 6476af: JSONP requests now require a trusted resource URL

All JSONP requests now require the URL to be trusted as resource URLs. There are two approaches to trust a URL:

Whitelisting with the $sceDelegateProvider.resourceUrlWhitelist() method.

You configure this list in a module configuration block:

appModule.config(['$sceDelegateProvider', function($sceDelegateProvider) {
  $sceDelegateProvider.resourceUrlWhitelist([
    // Allow same origin resource loads.
    'self',
    // Allow JSONP calls that match this pattern
    'https://some.dataserver.com/**.jsonp?**'
  ]);
}]);

Explicitly trusting the URL via the $sce.trustAsResourceUrl(url) method.

You can pass a trusted object instead of a string as a URL to the $http service:

var promise = $http.jsonp($sce.trustAsResourceUrl(url));
  • 4f6f2b: properly increment/decrement $browser.outstandingRequestCount

HTTP requests now update the outstanding request count synchronously. Previously the request count would not have been updated until the request to the server is actually in flight. Now the request count is updated before the async interceptor is called.

The new behaviour is correct but it may change the expected behaviour in a small number of e2e test cases where an async request interceptor is being used.

$q due to:

  • e13eea: treat thrown errors as regular rejections

Previously, throwing an error from a promise's onFulfilled or onRejection handlers, would result in passing the error to the $exceptionHandler() (in addition to rejecting the promise with the error as reason).

Now, a thrown error is treated exactly the same as a regular rejection. This applies to all services/controllers/filters etc that rely on $q (including built-in services, such as $http and $route). For example, $http's transformRequest/Response functions or a route's redirectTo function as well as functions specified in a route's resolve object, will no longer result in a call to $exceptionHandler() if they throw an error. Other than that, everything will continue to behave in the same way; i.e. the promises will be rejected, route transition will be cancelled, $routeChangeError events will be broadcasted etc.

  • c9dffd: report promises with non rejection callback

Unhandled rejected promises will be logged to $exceptionHandler.

Tests that depend on specific order or number of messages in $exceptionHandler will need to handle rejected promises report.

ngTransclude due to:

  • 32aa7e: use fallback content if only whitespace is provided

Previously whitespace only transclusion would be treated as the transclusion being "not empty", which meant that fallback content was not used in that case.

Now if you only provide whitespace as the transclusion content, it will be assumed to be empty and the fallback content will be used instead.

If you really do want whitespace then you can force it to be used by adding a comment to the whitespace.

Previously this would not fallback to default content:

<some-component>
</some-component>

Now the whitespace between the opening and closing tags is treated as empty. To force the previous behaviour simply add a comment:

<some-component><!-- -->
</some-component>

$compile due to:

  • 13c252: correctly merge consecutive text nodes on IE11

Note: Everything described below affects IE11 only.

Previously, consecutive text nodes would not get merged if they had no parent. They will now, which might have unexpected side effects in the following cases:

  1. Passing an array or jqLite/jQuery collection of parent-less text nodes to $compile directly:

    // Assuming:
    var textNodes = [
      document.createTextNode('{{'),
      document.createTextNode('"foo:"'),
      document.createTextNode('}}')
    ];
    var compiledNodes = $compile(textNodes)($rootScope);
    
    // Before:
    console.log(compiledNodes.length);   // 3
    console.log(compiledNodes.text());   // {{'foo'}}
    
    // After:
    console.log(compiledNodes.length);   // 1
    console.log(compiledNodes.text());   // foo
    
    // To get the old behavior, compile each node separately:
    var textNodes = [
      document.createTextNode('{{'),
      document.createTextNode('"foo"'),
      document.createTextNode('}}')
    ];
    var compiledNodes = angular.element(textNodes.map(function (node) {
      return $compile(node)($rootScope)[0];
    }));
  2. Using multi-slot transclusion with non-consecutive, default-content text nodes (that form interpolated expressions when merged):

    // Assuming the following component:
    .component('someThing', {
      template: '<ng-transclude><!-- Default content goes here --></ng-transclude>'
      transclude: {
        ignored: 'veryImportantContent'
      }
    })
    <!-- And assuming the following view: -->
    <some-thing>
      {{
      <very-important-content>Nooot</very-important-content>
      'foo'}}
    </some-thing>
    
    <!-- Before: -->
    <some-thing>
      <ng-transclude>
        {{       <-- Two separate
        'foo'}}  <-- text nodes
      </ng-transclude>
    </some-thing>
    
    <!-- After: -->
    <some-thing>
      <ng-transclude>
        foo  <-- The text nodes were merged into `{{'foo'}}`, which was then interpolated
      </ng-transclude>
    </some-thing>
    
    <!-- To (visually) get the old behavior, wrap top-level text nodes on -->
    <!-- multi-slot transclusion directives into `<span>` elements; e.g.: -->
    <some-thing>
      <span>{{</span>
      <very-important-content>Nooot</very-important-content>
      <span>'foo'}}</span>
    </some-thing>
    
    <!-- Result: -->
    <some-thing>
      <ng-transclude>
        <span>{{</span>       <-- Two separate
        <span>'foo'}}</span>  <-- nodes
      </ng-transclude>
    </some-thing>
  • b89c21: move check for interpolation of on-"event" attributes to compile time

Using interpolation in any on* event attributes (e.g. <button onclick="{{myVar}}">) will now throw the "nodomevents" error at compile time. Previously the nodomevents was thrown at link time. The new behavior makes it consistent with the "selmulti" error. The breaking change should be rare, as it relates to incorrect API use that should not make it to production apps in the first place.

  • 04cad4: secure link[href] as a RESOURCE_URL in $sce

link[href] attributes are now protected via $sce, which prevents interpolated values that fail the RESOURCE_URL context tests from being used in interpolation.

For example if the application is running at https://docs.angularjs.org then the following will fail:

<link href="{{ 'http://mydomain.org/unsafe.css' }}" rel="stylesheet">

By default, RESOURCE_URL safe URLs are only allowed from the same domain and protocol as the application document.

To use URLs from other domains and/or protocols, you may either whitelist them or wrap it into a trusted value by calling $sce.trustAsResourceUrl(url).

  • 97bbf8: don't trim white-space in attributes

White-space in attributes is no longer trimmed automatically. This includes leading and trailing white-space, and attributes that are purely white-space.

To migrate, attributes that require trimming must now be trimmed manually.

A common cases where stray white-space can cause problems is when attribute values are compared, for example in an $observer:

Before:

$attrs.$observe('myAttr', function(newVal) {
  if (newVal === 'false') ...
});

To migrate, the attribute value should be trimmed manually:

$attrs.$observe('myAttr', function(newVal) {
  if (newVal.trim() === 'false') ...
});

Note that $parse trims expressions automatically, so attributes with expressions (e.g. directive bindings) are unlikely to be affected by stray white-space.

ngRoute due to:

  • c13c66: allow ngView to be included in an asynchronously loaded template

In cases where ngView was loaded asynchronously, $route (and its dependencies; e.g. $location) might also have been instantiated asynchronously. After this change, $route (and its dependencies) will - by default - be instantiated early on.

Although this is not expected to have unwanted side-effects in normal application behavior, it may affect your unit tests: When testing a module that (directly or indirectly) depends on ngRoute, a request will be made for the default route's template. If not properly "trained", $httpBackend will complain about this unexpected request.

You can restore the previous behavior (and avoid unexpected requests in tests), by using $routeProvider.eagerInstantiationEnabled(false).

  • 7f4b35: don't process route change controllers and templates for redirectTo routes

The $route service no longer instantiates controllers nor calls resolves or template functions for routes that have a redirectTo unless the redirectTo is a function that returns undefined.

  • e98656: implement resolveRedirectTo

Previously, if redirectTo was a function that threw an Error, execution was aborted without firing a $routeChangeError event. Now, if a redirectTo function throws an Error, a $routeChangeError event will be fired.

ngMock due to:

  • 267ee9: trigger digest in $httpBackend.verifyNoOutstandingRequest()

Calling $httpBackend.verifyNoOutstandingRequest() will trigger a digest. This will ensure that requests fired asynchronously will also be detected (without the need to manually trigger a digest). This is not expected to affect the majority of test-suites. Most of the time, a digest is (directly or indirectly) triggered anyway, before calling verifyNoOutstandingRequest(). In the unlikely case that a test needs to verify the timing of a request with respect to the digest cycle, you should rely on other means, such as mocking and/or spying.

  • 7551b8: fail if a url is provided but is undefined

It is no longer valid to explicitly pass undefined as the url argument to any of the $httpBackend.when...() and $httpBackend.expect...() methods.

While this ar