Exciting news! XLTS.dev is now part of the HeroDevs never-ending support initiative. Same great product. Same great service. Read the announcement for more information!

XLTS for AngularJS v1.5.12 Released

Michael Prentice
Aug 1, 2021

Mar 5, 2024


This is the first XLTS for AngularJS 1.5.x release! 🚀

As such, there have been updates to the License and the Security Policy. New security issues should be sent to security@xlts.dev.

Bug Fixes

  • sanitizeUri: sanitize URIs that contain IDEOGRAPHIC SPACE chars
    • This is a Medium Severity Security fix for a XSS vulnerability in Chrome 62 and earlier.
    • This fix was cherry-picked from the v1.7.x branch.
  • jqlite: nosel error points to an invalid URL
  • $interpolate: fix docs URL in noconcat error
  • $sce: fix docs URL in iequirks error
  • misc:
    • update error reference links to use code.angularjs.xlts.dev
    • fix 28 security warnings in build, test, and release tooling
  • browserTrigger: support CompositionEvent
  • grunt-utils: insert the core CSS styles without using innerHTML
  • Angular:
    • add workaround for Safari / Webdriver problem
    • do not auto bootstrap if the src exists but is empty
    • do not auto bootstrap if the currentScript has been clobbered
    • do not auto bootstrap if the script source is bad and inside SVG
  • minErr: update url to https
  • docs:
    • linting cleanup of the web worker used for search
    • fix @media breakpoints for small/extra small devices
  • ngScenario: completely remove the angular scenario runner

Breaking Changes

ngScenario due to:

  • ngScenario: completely remove the angular scenario runner

The angular scenario runner end-to-end test framework has been removed from the project and will no longer be available on npm starting with 1.5.12.

It was deprecated and removed from the documentation in 2014. Applications that still use it should migrate to Protractor or another e2e testing framework.


Updated: March 5, 2024

The first high-severity CVE since AngularJS End of Life has been officially reported. For AngularJS Never-Ending Support (formerly XLTS) clients, we found this CVE last year and issued a fix immediately. For all others, as Google’s official AngularJS long-term support partner, we encourage you to either:

  1. Migrate off of AngularJS, or
  2. Contact HeroDevs about how you can keep your AngularJS environment secure, compliant, and compatible indefinitely.
Michael Prentice
Aug 1, 2021

Mar 5, 2024