Release Notes - ng2-pdfjs-viewer v25.0.10
π What's New
π§ Bug Fixes
CSP Compliance (Issue #284)
- Fixed: Content Security Policy violations with inline styles
- Solution: Moved all static CSS to external stylesheet (
ng2-customization.css)
- Enhancement: Added optional
cspNonce parameter for customCSS input
- Impact: Viewer now works with strict CSP policies without violations
Blob/Uint8Array Loading (Issue #283)
- Fixed:
TypeError when loading PDFs from Blob or Uint8Array sources
- Solution: Moved
loadPdf() call to ngAfterViewInit() lifecycle hook
- Enhancement: Added proper
pdfSrc change detection in ngOnChanges()
- Impact: All PDF source types (string, Blob, Uint8Array) now work correctly
LICENSE Symlink (Issue #282)
- Fixed: LICENSE file symlink causing SBOM generation issues
- Solution: GitHub Actions workflow now copies LICENSE as real file
- Impact: Package integrity improved for security scanning tools
βΏ Accessibility Improvements
iframe Title (Issue #127)
- Added:
iframeTitle input property for accessible iframe titles
- Default: Meaningful default title "PDF document viewer"
- Impact: Improved screen reader compatibility (WCAG 2.4.1.b compliance)
π Documentation Updates
Production Deployment
- Added: Nginx MIME type configuration for
.mjs files
- Solution:
types { application/javascript js mjs; }
- Impact: Resolves PDF viewer loading issues in production environments
Blob/Uint8Array Support
- Updated: All documentation now mentions Blob and Uint8Array support
- Added: Usage examples across README and docs-website
π¨ Theme System Improvements
Event-Driven Theme Application
- Fixed: Theme not applying when loading PDFs from Blob/Uint8Array sources
- Solution: Reset configuration queuing on
pdfSrc changes
- Impact: Consistent theming across all PDF source types
π Technical Improvements
Architecture Adherence
- All fixes follow v5.x event-driven architecture principles
- No polling, timeouts, or defensive programming
- Pure event-driven approach with trust-based system
CSP-Safe Implementation
- External CSS files for static styles
- CSS custom properties for dynamic values
- CSS classes for visibility toggles
- Optional nonce support for custom styles
Lifecycle Management
- Proper Angular lifecycle hook usage
- Trust-based approach for iframe readiness
- Event-driven configuration queuing
π API Changes
New Input Properties
// Accessibility
@Input() iframeTitle?: string; // Default: 'PDF document viewer'
// CSP Compliance
@Input() cspNonce?: string; // Optional nonce for customCSS
Enhanced ThemeConfig Interface
interface ThemeConfig {
// ... existing properties
cspNonce?: string; // Optional CSP nonce
iframeTitle?: string; // Optional iframe title
}π Migration Guide
No Breaking Changes
- All existing code continues to work without modification
- New properties are optional with sensible defaults
- Backward compatibility maintained
Optional Enhancements
// Add accessible iframe title
<ng2-pdfjs-viewer
pdfSrc="document.pdf"
iframeTitle="User Manual - Chapter 3">
</ng2-pdfjs-viewer>
// Use with strict CSP
<ng2-pdfjs-viewer
pdfSrc="document.pdf"
[customCSS]="styles"
[cspNonce]="nonce">
</ng2-pdfjs-viewer>
π§ͺ Testing
New Test Cases
- Blob PDF loading in SampleApp
- Uint8Array PDF loading in SampleApp
- Theme application with different source types
- CSP compliance verification
Verified Scenarios
- β
String URL loading
- β
Blob object loading
- β
Uint8Array loading
- β
Theme consistency across source types
- β
CSP compliance with strict policies
- β
Accessibility with screen readers
π¦ Production Deployment
Nginx Configuration
# Required for PDF.js v5+ ES modules
types {
application/javascript js mjs;
}π Related Issues
- #284: CSP Compliance - Content Security Policy violations
- #283: Blob pdfSrc TypeError - Blob/Uint8Array loading issues
- #282: LICENSE Symlink - SBOM generation problems
- #127: iframe Title - Accessibility improvements
- #276: Production Build - Nginx MIME type configuration
