A vulnerability in Angular Universal (SSR) was detected. The RFC for the control flow syntax and deferred loading ended. The Q&A session had a comeback and new content from Dmytro Mezhenskyi and Thomas Laforge.
SSR Vulnerability
We start with a vulnerability announcement. If you SSR in Angular 16.1.0 or 16.1.1, then please upgrade to 16.1.2. Angular Universal depends on the library Critters, which is open to cross-site scripting attacks.
Notice of XSS issue affecting Angular Universal 16.1.0–16.1.1 | by Emma Twersky | Angular Blog
We just released a fix for a bug that could potentially cause an XSS vulnerability in the Critters library that Angular uses for CSS…
blog.angular.io
Closed RFC
The RFC about deferred loading and the control flow syntax in the template ended. There were more than 600 comments, and they had an impact. The Angular team must now decide with which syntax they want to go. The choice is between an at Symbol or the single brace with a hash.
https://github.com/angular/angular/discussions/51241
Template Challenges
Alex Rickabaugh, Angular framework lead, provided some insider information. He listed challenges the Angular team sees in the area of the template.
For example, one was the necessity to import a component two times. Another was about possibilities to improve content projection.
https://www.reddit.com/r/Angular2/comments/15enffo/comment/jue6dlv/
Angular Q&A
After a two months break, the Angular Q&A stream took place. Mark and Jeremy from the Angular team were the hosts.
There were quite a lot of questions, mainly centring around Signals.
To summarise, there wasn't new information, except for one thing: The Angular team is thinking about improving asynchrony with Signals.
Building Games and Q/A with the Angular Team | August 2023 | #ngGames - YouTube
Angular Community, join Jeremy Elbourn and Mark Thompson as they answer questions and have some fun!
youtube.com
Directive Composition API
Dmytro Mezhenskyi published a new video on the channel Decoded Frontend. It was about the Composition API we have had since Angular 15.
share/shareReplay
Thomas Laforge published an article about the differences between the RxJs operators share and shareReplace.
Thomas is also the author of the Angular Challenges. That's a collection of different exercises. Definitely check them out.
Top comments (1)
Great stuff. Love Signals, just gets better an better.