Skip to content
This repository has been archived by the owner on Apr 12, 2024. It is now read-only.

feat($parse): Custom private field tagging #4859

Closed
wants to merge 1 commit into from
Closed

feat($parse): Custom private field tagging #4859

wants to merge 1 commit into from

Conversation

lrlopez
Copy link
Contributor

@lrlopez lrlopez commented Nov 9, 2013

Commit 3d6a89e introduced the concept of private field that can not be evaluated on an Angular expression for security reasons.

This PR allows changing the pattern that matches a field as private. It also allows disabling the private field access restriction.

Some examples:

myModule.config(function($parseProvider) {
  // disable private fields restriction
  $parseProvider.restrictFieldsMatching(null);
});
myModule.config(function($parseProvider) {
  // Now private fields will be those beginning with 'priv'
  $parseProvider.restrictFieldsMatching(/^priv/);
});

Custom private fields allow backwards compatibility with AngularJS <1.2 projects that use underscores in scope fields (i.e. data retrieved from a MongoDB instance) while still enjoying the new private field security policy.

Closes #4509

@lrlopez lrlopez mentioned this pull request Nov 9, 2013
Closed
@lrlopez
Copy link
Contributor Author

lrlopez commented Nov 10, 2013

By the way, I've already signed the CLA (is Mary Poppins on holidays?)...

I've tried two different approaches to this PR. The first one stored the match pattern into the $parseProvider.options object, but it didn't pass some non-related tests. After some digging, I found when you instantiate a parser without using $parseProvider the pattern option won't be defined. This forced me to check inside ensureSafeMemberName() if the pattern is defined so I'd use the default one otherwise. Since the function call execution time is critical, I don't think that is a good approach.

The actual PR uses the second approach: the pattern is declared on a local variable which defaults to /^_|_$/ and can be changed using $parseProvider. This works on every case. Also, code changes are way simpler and the matching test is fast.

@lrlopez lrlopez mentioned this pull request Nov 10, 2013
Merged
@ghost ghost assigned chirayuk Nov 11, 2013
@laurelnaiad
Copy link

For some reason I can't see any commits in the PR... am I underprivileged or is there a missing commit?

@lrlopez
feat($parse): Custom private field tagging
80c9140 
Commit 3d6a89e introduced the concept of private fields that
can not be evaluated on an Angular expression.

This PR allows changing the matching pattern that tags a field
as private. It also allows disabling the private field access
restriction.

Some examples:
```js
myModule.config(function($parseProvider) {
  // disable private fields restriction
  $parseProvider.restrictFieldsMatching(null);
});
```

```js
myModule.config(function($parseProvider) {
  // Now private fields will be those whose identifier
  // begins with 'priv'
  $parseProvider.restrictFieldsMatching(/^priv/);
});
```

Custom private field identifiers allow backwards compatibility
with AngularJS <1.2 projects that use underscores in scope fields
(i.e. data retrieved from a MongoDB instance) while still
enjoying the new private field security policy.
@lrlopez
Copy link
Contributor Author

lrlopez commented Nov 12, 2013

Uh! Something strange happened... it was there yesterday! I've just forced the push again, let's see if it's solved now

@laurelnaiad
Copy link

Cool. Hopefully this can go into a quick 1.2.1.

@paglias paglias mentioned this pull request Nov 12, 2013
Closed
@gustavohenke gustavohenke mentioned this pull request Nov 13, 2013
Closed
@vojtajina vojtajina closed this in 4ab16aa Nov 14, 2013
jamesdaily pushed a commit to jamesdaily/angular.js that referenced this pull request Jan 27, 2014
@vojtajina @jamesdaily
feat($parse): revert hiding "private" properties
22d7915 
Hiding `_*` properties was a feature primarily for developers using Closure compiler and Google JS
style. We didn't realize how many people will be affected by this change.

We might introduce this feature in the future, probably under a config option, but it needs more
research and so I'm reverting the change for now.

This reverts commit 3d6a89e.

Closes angular#4926
Closes angular#4842
Closes angular#4865
Closes angular#4859
Closes angular#4849

Conflicts:
	src/ng/parse.js
jamesdaily pushed a commit to jamesdaily/angular.js that referenced this pull request Jan 27, 2014
@vojtajina @jamesdaily
feat($parse): revert hiding "private" properties
8d4f667 
Hiding `_*` properties was a feature primarily for developers using Closure compiler and Google JS
style. We didn't realize how many people will be affected by this change.

We might introduce this feature in the future, probably under a config option, but it needs more
research and so I'm reverting the change for now.

This reverts commit 3d6a89e.

Closes angular#4926
Closes angular#4842
Closes angular#4865
Closes angular#4859
Closes angular#4849

Conflicts:
	src/ng/parse.js
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@chirayuk chirayuk

Labels
cla: yes frequency: moderate severity: regression
Projects
None yet
Milestone
1.2.1 - underscore-empathy
Development

Successfully merging this pull request may close these issues.
3 participants
@lrlopez @laurelnaiad @chirayuk