Releases: textAngular/textAngular
Releases · textAngular/textAngular
v1.4.4
See changelog for more details.
Note: this is a hotfix and replaces the prior v1.4.4. Since this version, was published on npm --- that version on npm was unpublished and cannot be updated until we bump the version number for the next npm release -- sorry.
v1.4.3
Breaking Changes
If you were using a different sanitize provider instead of textAngular-sanitize we will now detect this and throw an error. To eliminate this error set taOptions.forceTextAngularSanitize: false
See changelog for more details.
v1.4.1
Breaking Changes
This changes the structure of the files - all production files are now in the dist folder, this makes where PR's should be done a little more clear.
If you were referencing the src/.js files they will need to be updated to dist/js.
See changelog for more details.
v1.4.0
Breaking Changes
The minimum required versions of AngularJS is 1.3 and Rangy is 1.3.
For Full notes see Changelog.
v1.3.7
See Changelog for details.
Security Patch - Update Strongly Recommended
This patch closes an XSS attack vector that could allow the someone to execute un-sanitized javascript on the page via the editor.
Vulnerability Detail:
There is a XSS vulnerability in the textAngular-sanitize.js code that allows onerror and onload events to be triggered for ![]()
elements. Any events that would be executed during construction of the element are beinig executed these include onerror and onload.
Vulnerable Code:
<img src="http://bla" onerror=alert(1)>
<img src="https://www.google.com/images/srpr/logo11w.png" onload=alert(1)>
