v19.2.22
Breaking Changes📦 angularView on GitHub →
⚠ 1 breaking✨ 1 features🐛 2 fixes🔧 4 symbols
Summary
This release introduces security enhancements by disallowing event attribute bindings in host bindings and validating security-sensitive attributes in i18n bindings. It also adds an `allowedHosts` option for server-side rendering functions.
⚠️ Breaking Changes
- Event attribute bindings are now unconditionally disallowed in host bindings. If you were relying on this behavior, you must remove the event attribute bindings from host bindings.
✨ New Features
- Added the `allowedHosts` option to `renderModule` and `renderApplication` in `platform-server`.
🐛 Bug Fixes
- Security-sensitive attributes in i18n bindings are now validated.
- Ensured the origin has a trailing slash when parsing URLs in `platform-server`.