Skip to content

Latest commit

 

History

History
154 lines (118 loc) · 7.32 KB

CHANGELOG.md

File metadata and controls

154 lines (118 loc) · 7.32 KB

3.0.5 (2026-01-30)

Bug Fixes

  • custom-class: Preserve HTML structure in multiline selections (#594) (#595)
    • Fixed createCustomClass() stripping HTML when applying custom classes to multiline content
    • Added mode option to CustomClass: 'inline', 'block', 'auto' (default)
    • Smart detection: inline mode for single blocks, block mode for multiple paragraphs
    • Block mode applies class to each block element (P, DIV, H1-H6, LI, etc.)
    • Uses DOM Range API with extractContents() + insertNode() instead of sel.toString()

Features

  • config: Add textDirection option for RTL/LTR support (#520) (#592)
    • New config property: textDirection?: 'ltr' | 'rtl' | 'auto'
    • Binds to HTML dir attribute on editor element
    • Thanks to @jamesey2001 for the contribution

3.0.4 (2025-12-18) - Security Hotfix

Security

  • CRITICAL: Fixed XSS vulnerability in toggleEditorMode() method (#580) (#587)
    • XSS could execute when switching from HTML source mode back to WYSIWYG
    • User-entered HTML was set via innerHTML without sanitization
    • Sanitization now properly applied in both code paths
    • Thanks to @MarioTesoro for finding the root cause and submitting the fix

Note

v3.0.3 fix was incomplete - it only covered refreshView() but not toggleEditorMode(). This release provides complete XSS protection.

Upgrade Recommendation

IMMEDIATE UPGRADE RECOMMENDED for all users. This release completes the security fix started in v3.0.3.

3.0.3 (2025-01-22) - Security Hotfix

Security

  • CRITICAL: Fixed XSS vulnerability in refreshView() method (#580) (774a97d)
    • XSS could bypass sanitizer when setting editor value via ngModel/formControl
    • Sanitization now properly applied to all innerHTML assignments
    • Thanks to @MarioTesoro for responsible disclosure with PoC

Bug Fixes

  • links: Preserve relative URLs when editing existing links (#359) (c691d30)
    • Use getAttribute('href') instead of .href property
    • Prevents adding hostname to relative paths
  • debug: Remove debug console.log statement from focus() method (#324) (c691d30)

Upgrade Recommendation

IMMEDIATE UPGRADE RECOMMENDED for all users. This release fixes a critical security vulnerability.

3.0.2 (2025-01-22)

Bug Fixes

  • toolbar: toolbarHiddenButtons option now works without Bootstrap (#544) (3563552)
  • image: allow re-uploading same image after deletion (#543, #568, #503) (7d21718)
  • video: support YouTube short URLs (youtu.be format) (#557, #554) (4aa8397)

Maintenance

  • issues: Systematic triage completed - 61 issues closed, 249 remain open
  • documentation: Added issue triage session record

3.0.1 (2025-11-22)

Bug Fixes

  • Icons: Fixed list icons (unordered/ordered) display consistency in toolbar

CI/CD

  • GitHub Actions: Added automated npm publishing workflow
  • npm Publishing: Configured Granular Access Token authentication
  • GitHub Releases: Automated release creation with changelog

3.0.0 (2025-11-22) Major Angular 20 Upgrade

🎉 Stable Release - Production Ready!

Breaking Changes

  • Angular Version: Minimum required version is now Angular 20.0.0
  • RxJS: Requires RxJS 7.8.0 or higher (upgraded from 6.5.5)
  • TypeScript: Requires TypeScript 5.4 or higher
  • zone.js: Updated to 0.15.1

Features

  • Angular 20 Support: Full compatibility with Angular 20.3.13 (v20-lts)
  • Angular 21 Ready: Forward compatible with Angular 21.x
  • Modern Build System: Updated to latest ng-packagr 20.3.2
  • Enhanced Type Safety: Improved TypeScript strict mode compliance
  • Font Awesome Removed: No external icon dependencies - using pure SVG icons (27 icons)
  • Zero External Icon Dependencies: Fully self-contained icon system

Migration Path

  • Migrated through: Angular 13 → 18 → 19 → 20
  • All Angular CLI migrations applied successfully
  • Updated DOCUMENT import from @angular/core (Angular 20 requirement)
  • Modernized test infrastructure (waitForAsync)

Developer Experience

  • ESLint: Updated to @angular-eslint 20.x
  • Linting: All files pass linting (0 errors)
  • Build: Both development and production builds verified
  • Tests: 13/13 tests passing (100% success rate)

Bug Fixes

  • Tests: Fixed AeSelectComponent tests for mousedown event handling
  • Demo: Updated demo app for Angular 20 compatibility

Technical Details

  • Removed deprecated async test helper (use waitForAsync)
  • Fixed TypeScript strict type checking for event handlers
  • Disabled new strict rules for backward compatibility (prefer-standalone, prefer-inject)
  • Updated moduleResolution to 'bundler' (Angular 20 standard)

Peer Dependencies

{
  "@angular/common": "^20.0.0 || ^21.0.0",
  "@angular/core": "^20.0.0 || ^21.0.0",
  "@angular/forms": "^20.0.0 || ^21.0.0",
  "rxjs": "^7.8.0"
}

3.0.0-beta.2 (2025-01-10)

  • Refactor ae-select component (button → span)

2.0.0 (2022-01-06) Major release

  • Update to Angular v.13 and new Ivy compatible package format

1.0.2 (2019-11-28) Technical release

  • Readme update for npmjs.com

1.0.1 (2019-11-27) Technical release

  • Fix logo at npmjs.com readme

1.0.0 (2019-11-27) Initial release