DEV Community

Cover image for Ng-News 23/31: SSR Vulnerability, Q&A Session, RFC ended
ng-news for This is Angular

Posted on

Ng-News 23/31: SSR Vulnerability, Q&A Session, RFC ended

A vulnerability in Angular Universal (SSR) was detected. The RFC for the control flow syntax and deferred loading ended. The Q&A session had a comeback and new content from Dmytro Mezhenskyi and Thomas Laforge.

SSR Vulnerability

We start with a vulnerability announcement. If you SSR in Angular 16.1.0 or 16.1.1, then please upgrade to 16.1.2. Angular Universal depends on the library Critters, which is open to cross-site scripting attacks.

Notice of XSS issue affecting Angular Universal 16.1.0–16.1.1 | by Emma Twersky | Angular Blog

We just released a fix for a bug that could potentially cause an XSS vulnerability in the Critters library that Angular uses for CSS…

favicon blog.angular.dev

Closed RFC

The RFC about deferred loading and the control flow syntax in the template ended. There were more than 600 comments, and they had an impact. The Angular team must now decide with which syntax they want to go. The choice is between an at Symbol or the single brace with a hash.

https://github.com/angular/angular/discussions/51241

Template Challenges

Alex Rickabaugh, Angular framework lead, provided some insider information. He listed challenges the Angular team sees in the area of the template.

For example, one was the necessity to import a component two times. Another was about possibilities to improve content projection.

https://www.reddit.com/r/Angular2/comments/15enffo/comment/jue6dlv/

Angular Q&A

After a two months break, the Angular Q&A stream took place. Mark and Jeremy from the Angular team were the hosts.

There were quite a lot of questions, mainly centring around Signals.

To summarise, there wasn't new information, except for one thing: The Angular team is thinking about improving asynchrony with Signals.

Directive Composition API

Dmytro Mezhenskyi published a new video on the channel Decoded Frontend. It was about the Composition API we have had since Angular 15.

share/shareReplay

Thomas Laforge published an article about the differences between the RxJs operators share and shareReplace.

Thomas is also the author of the Angular Challenges. That's a collection of different exercises. Definitely check them out.

Top comments (1)

Collapse
 
spock123 profile image
Lars Rye Jeppesen

Great stuff. Love Signals, just gets better an better.