v20.3.20
Breaking Changes📦 angularView on GitHub →
⚠ 1 breaking🐛 3 fixes
Summary
This release focuses on security and correctness by disallowing event attribute bindings in host bindings and validating security-sensitive i18n attributes. A fix was also applied to URL parsing in the server platform.
⚠️ Breaking Changes
- Event attribute bindings in host bindings are now unconditionally disallowed. If you were using event bindings in host bindings, you must refactor this logic.
🐛 Bug Fixes
- Disallowed event attribute bindings in host bindings unconditionally.
- Validated security-sensitive attributes in i18n bindings.
- Ensured origin has a trailing slash when parsing URLs in platform-server.