search

angular-ui / ui-grid

UI Grid: an Angular Data Grid
http://ui-grid.info
MIT License
5.39k stars 2.47k forks source link

fix: update angular to 1.8.0 #7090

Closed caok2709 closed 4 years ago

caok2709 commented 4 years ago
  1. update angular to 1.8.0
commit-lint[bot] commented 4 years ago

generate by www.commit-lint.com

Commit-Lint commands
You can trigger Commit-Lint actions by commenting on this PR: - `@Commit-Lint merge patch` will merge dependabot PR on "patch" versions (X.X.Y - Y change) - `@Commit-Lint merge minor` will merge dependabot PR on "minor" versions (X.Y.Y - Y change) - `@Commit-Lint merge major` will merge dependabot PR on "major" versions (Y.Y.Y - Y change) - `@Commit-Lint merge disable` will desactivate merge dependabot PR - `@Commit-Lint review` will approve dependabot PR - `@Commit-Lint stop review` will stop approve dependabot PR
caok2709 commented 4 years ago

https://docs.angularjs.org/guide/migration#migrating-from-1-7-to-1-8

Copy from Angular Team:

Migrating from 1.7 to 1.8 Generally updating to 1.8.0 from 1.7.x should be a straightforward process and is highly recommended. AngularJS 1.8 is a breaking change release from 1.7 to mitigate a security issue.

JqLite no longer turns XHTML-like strings like

to sibling elements when not in XHTML mode:
. Instead it will leave the elements alone. In non-XHTML mode the browser will convert these to nested elements:
.

This is a security fix to avoid an XSS vulnerability if a new jqLite element is created from a user-controlled HTML string. If you must have this functionality and understand the risk involved then it is posible to restore the original behavior by calling

angular.UNSAFE_restoreLegacyJqLiteXHTMLReplacement(); But you should adjust your code for this change and remove your use of this function as soon as possible.

Note that this only patches jqLite. If you use jQuery 3.5.0 or newer, please read the jQuery 3.5 upgrade guide for more details about the workarounds.