dist/ember.prod.js in ember-source-1.9.0 vs dist/ember.prod.js in ember-source-1.9.1
- old
+ new
@@ -3,11 +3,11 @@
* @copyright Copyright 2011-2014 Tilde Inc. and contributors
* Portions Copyright 2006-2011 Strobe Inc.
* Portions Copyright 2008-2011 Apple Inc. All rights reserved.
* @license Licensed under MIT license
* See https://raw.github.com/emberjs/ember.js/master/LICENSE
- * @version 1.9.0
+ * @version 1.9.1
*/
(function() {
var enifed, requireModule, eriuqer, requirejs, Ember;
@@ -6901,12 +6901,12 @@
__exports__.makeBoundHelper = makeBoundHelper;
__exports__.handlebarsGetView = handlebarsGetView;
__exports__.handlebarsGet = handlebarsGet;
});
enifed("ember-handlebars/helpers/bind_attr",
- ["ember-metal/core","ember-handlebars-compiler","ember-metal/utils","ember-runtime/system/string","ember-metal/array","ember-views/views/view","ember-metal/keys","exports"],
- function(__dependency1__, __dependency2__, __dependency3__, __dependency4__, __dependency5__, __dependency6__, __dependency7__, __exports__) {
+ ["ember-metal/core","ember-handlebars-compiler","ember-metal/utils","ember-runtime/system/string","ember-metal/array","ember-views/views/view","ember-metal/keys","ember-views/system/sanitize_attribute_value","exports"],
+ function(__dependency1__, __dependency2__, __dependency3__, __dependency4__, __dependency5__, __dependency6__, __dependency7__, __dependency8__, __exports__) {
"use strict";
/**
@module ember
@submodule ember-handlebars
*/
@@ -6920,10 +6920,12 @@
var typeOf = __dependency3__.typeOf;
var forEach = __dependency5__.forEach;
var View = __dependency6__["default"];
var keys = __dependency7__["default"];
+ var sanitizeAttributeValue = __dependency8__["default"];
+
var helpers = EmberHandlebars.helpers;
var SafeString = EmberHandlebars.SafeString;
/**
`bind-attr` allows you to create a binding between DOM element attributes and
@@ -7082,10 +7084,11 @@
var path = attrs[attr];
var lazyValue = view.getStream(path);
var value = lazyValue.value();
+ value = sanitizeAttributeValue(null, attr, value);
var type = typeOf(value);
lazyValue.subscribe(view._wrapAsScheduled(function applyAttributeBindings() {
var result = lazyValue.value();
@@ -8623,18 +8626,24 @@
},
helper: function(thisContext, newView, options) {
var data = options.data;
var fn = options.fn;
+ var newViewProto;
makeBindings(options);
var viewOptions = this.propertiesFromHTMLOptions(options, thisContext);
var currentView = data.view;
viewOptions.templateData = data;
- var newViewProto = newView.proto();
+ if (View.detectInstance(newView)) {
+ newViewProto = newView;
+ } else {
+ newViewProto = newView.proto();
+ }
+
if (fn) {
viewOptions.template = fn;
}
// We only want to override the `_context` computed property if there is
@@ -12769,11 +12778,11 @@
The core Runtime framework is based on the jQuery API with a number of
performance optimizations.
@class Ember
@static
- @version 1.9.0
+ @version 1.9.1
*/
if ('undefined' === typeof Ember) {
// Create core object. Make it act like an instance of Ember.Namespace so that
// objects assigned to it are given a sane string representation.
@@ -12796,14 +12805,14 @@
/**
@property VERSION
@type String
- @default '1.9.0'
+ @default '1.9.1'
@static
*/
- Ember.VERSION = '1.9.0';
+ Ember.VERSION = '1.9.1';
/**
Standard environmental variables. You can define these in a global `EmberENV`
variable before loading Ember to control various configuration settings.
@@ -38187,10 +38196,66 @@
}
}; // element destroyed so view.destroy shouldn't try to remove it removedFromDOM
__exports__["default"] = EmberRenderer;
});
+enifed("ember-views/system/sanitize_attribute_value",
+ ["ember-handlebars-compiler","exports"],
+ function(__dependency1__, __exports__) {
+ "use strict";
+ /* jshint scripturl:true */
+
+ var EmberHandlebars = __dependency1__["default"];
+
+ var parsingNode;
+ var badProtocols = {
+ 'javascript:': true,
+ 'vbscript:': true
+ };
+
+ var badTags = {
+ 'A': true,
+ 'BODY': true,
+ 'LINK': true,
+ 'IMG': true,
+ 'IFRAME': true
+ };
+
+ var badAttributes = {
+ 'href': true,
+ 'src': true,
+ 'background': true
+ };
+ __exports__.badAttributes = badAttributes;
+ __exports__["default"] = function sanitizeAttributeValue(element, attribute, value) {
+ var tagName;
+
+ if (!parsingNode) {
+ parsingNode = document.createElement('a');
+ }
+
+ if (!element) {
+ tagName = null;
+ } else {
+ tagName = element.tagName;
+ }
+
+ if (value instanceof EmberHandlebars.SafeString) {
+ return value.toString();
+ }
+
+ if ((tagName === null || badTags[tagName]) && badAttributes[attribute]) {
+ parsingNode.href = value;
+
+ if (badProtocols[parsingNode.protocol] === true) {
+ return 'unsafe:' + value;
+ }
+ }
+
+ return value;
+ }
+ });
enifed("ember-views/system/utils",
["exports"],
function(__exports__) {
"use strict";
/**
@@ -39868,12 +39933,12 @@
var preRender = create(_default);
__exports__["default"] = preRender;
});
enifed("ember-views/views/view",
- ["ember-metal/core","ember-metal/platform","ember-runtime/mixins/evented","ember-runtime/system/object","ember-metal/error","ember-metal/property_get","ember-metal/property_set","ember-metal/set_properties","ember-metal/run_loop","ember-metal/observer","ember-metal/properties","ember-metal/utils","ember-metal/computed","ember-metal/mixin","ember-metal/streams/simple","ember-views/streams/key_stream","ember-metal/streams/stream_binding","ember-views/streams/context_stream","ember-metal/is_none","ember-metal/deprecate_property","ember-runtime/system/native_array","ember-runtime/system/string","ember-metal/enumerable_utils","ember-metal/property_events","ember-views/system/jquery","ember-views/system/ext","ember-views/views/core_view","exports"],
- function(__dependency1__, __dependency2__, __dependency3__, __dependency4__, __dependency5__, __dependency6__, __dependency7__, __dependency8__, __dependency9__, __dependency10__, __dependency11__, __dependency12__, __dependency13__, __dependency14__, __dependency15__, __dependency16__, __dependency17__, __dependency18__, __dependency19__, __dependency20__, __dependency21__, __dependency22__, __dependency23__, __dependency24__, __dependency25__, __dependency26__, __dependency27__, __exports__) {
+ ["ember-metal/core","ember-metal/platform","ember-runtime/mixins/evented","ember-runtime/system/object","ember-metal/error","ember-metal/property_get","ember-metal/property_set","ember-metal/set_properties","ember-metal/run_loop","ember-metal/observer","ember-metal/properties","ember-metal/utils","ember-metal/computed","ember-metal/mixin","ember-metal/streams/simple","ember-views/streams/key_stream","ember-metal/streams/stream_binding","ember-views/streams/context_stream","ember-metal/is_none","ember-metal/deprecate_property","ember-runtime/system/native_array","ember-runtime/system/string","ember-metal/enumerable_utils","ember-metal/property_events","ember-views/system/jquery","ember-views/system/ext","ember-views/views/core_view","ember-views/system/sanitize_attribute_value","exports"],
+ function(__dependency1__, __dependency2__, __dependency3__, __dependency4__, __dependency5__, __dependency6__, __dependency7__, __dependency8__, __dependency9__, __dependency10__, __dependency11__, __dependency12__, __dependency13__, __dependency14__, __dependency15__, __dependency16__, __dependency17__, __dependency18__, __dependency19__, __dependency20__, __dependency21__, __dependency22__, __dependency23__, __dependency24__, __dependency25__, __dependency26__, __dependency27__, __dependency28__, __exports__) {
"use strict";
// Ember.assert, Ember.deprecate, Ember.warn, Ember.TEMPLATES,
// Ember.K, jQuery, Ember.lookup,
// Ember.ContainerView circular dependency
// Ember.ENV
@@ -39919,10 +39984,11 @@
var jQuery = __dependency25__["default"];
// for the side effect of extending Ember.run.queues
var CoreView = __dependency27__["default"];
+ var sanitizeAttributeValue = __dependency28__["default"];
/**
@module ember
@submodule ember-views
@@ -41277,10 +41343,26 @@
// In the interim, we will just re-render if that happens. It is more
// important than elements get garbage collected.
if (!this.removedFromDOM) { this.destroyElement(); }
},
+ /**
+ The HTML `id` of the view's element in the DOM. You can provide this
+ value yourself but it must be unique (just as in HTML):
+
+ ```handlebars
+ {{my-component elementId="a-really-cool-id"}}
+ ```
+
+ If not manually set a default value will be provided by the framework.
+
+ Once rendered an element's `elementId` is considered immutable and you
+ should never change it.
+
+ @property elementId
+ @type String
+ */
elementId: null,
/**
Attempts to discover the element in the parent element. The default
implementation looks for an element with an ID of `elementId` (or the
@@ -42075,10 +42157,11 @@
// supplied childViews and then restore the original computed property
// at view initialization time. This happens in Ember.ContainerView's init
// method.
View.childViewsProperty = childViewsProperty;
- View.applyAttributeBindings = function(elem, name, value) {
+ View.applyAttributeBindings = function(elem, name, initialValue) {
+ var value = sanitizeAttributeValue(elem[0], name, initialValue);
var type = typeOf(value);
// if this changes, also change the logic in ember-handlebars/lib/helpers/binding.js
if (name !== 'value' && (type === 'string' || (type === 'number' && !isNaN(value)))) {
if (value !== elem.attr(name)) {
\ No newline at end of file