Commit graph

6284 commits

Author SHA1 Message Date
Andrew Scott
9f479ae964 feat(core): Update Testability to use PendingTasks for stability indicator
Since angular@12181b9, zone stability
contributes to the PendingTasks. There is now a single source of truth for application stability
tracked in PendingTasks. This change makes protractor's whenStable compatible with zoneless.
The `Router` and `HttpClient` also contribute to stability using the
`PendingTasks` injectable. There will likely be more updates in the
future to have more features contribute to stableness in a zoneless
compatible way.

This update uses PendingTasks for stability by default when ZoneJS is not present or
can be enabled with an option when ZoneJS is present (but otherwise ignored with ZoneJS).

fixes #68180
2026-04-20 13:08:43 -07:00
SkyZeroZx
3ae40e6685 refactor(core): complete removal of deprecated createNgModuleRef alias
Finalize the cleanup by removing the remaining `createNgModuleRef` alias.
2026-04-20 12:09:45 -07:00
aparziale
d771a65ac0 refactor: Improve hydration mismatch errors for third-party scripts
Improves error messages shown during hydration mismatches to better
surface cases where third-party scripts or browser extensions have
modified the DOM outside of Angular's control.

Fixed #59224
2026-04-17 14:33:10 -07:00
Andrew Scott
17d10f7a99 fix(router): set default paramsInheritanceStrategy to 'always'
Set the default value of paramsInheritanceStrategy to 'always'. This change ensures that route parameters are inherited from parent routes by default, which is the behavior most users expect. It simplifies routing configuration for the majority of use cases.

This change aligns Angular with other popular routing systems where child routes automatically have access to parent parameters:
- React Router: useParams() includes parent params.
- Vue Router: $route.params includes parent params.
- Next.js: params are passed to nested layouts and pages.
- TanStack Router: useParams() includes parent params with full type safety.

BREAKING CHANGE: paramsInheritanceStrategy now defaults to 'always'

The default value of paramsInheritanceStrategy has been changed from 'emptyOnly' to 'always'. This means that route parameters are inherited from all parent routes by default. To restore the previous behavior, set paramsInheritanceStrategy to 'emptyOnly' in your router configuration.
2026-04-17 14:27:43 -07:00
Matthieu Riegler
4e331062e8 feat(core): allow synchronous values for stream Resources
In order for resources to allow caching in SSR context (eg in the TransferState), resource need to be able to set their value synchronously.

If the resource value is not set synchronously, the resource will be in in a "loading" state which is responsible for destroying the server-hydrated resolved DOM.
2026-04-16 00:13:04 +03:00
SkyZeroZx
281a2dba78 docs: Add guide for debounced signals
Add guide for `debounced` signals.
Also add `@see` tags
2026-04-15 20:04:10 +03:00
Matthieu Riegler
a46c64758e docs: fix bootstraping link
fixes #68212
2026-04-15 19:25:35 +03:00
Doug Parker
75f2cb8f56 feat(core): implement Angular DI graph in-page AI tool
This creates a new `angular:di-graph` in-page tool which returns the entire dependency injection graph for the application.

We use the following rough algorithm for discovering all element injectors:
1. Find all root `LView` objects by querying for `[ng-version]`.
2. Walk all the transitive `LView` descendants of the roots.
3. Filter these `LView` objects to just directives.
4. Find the injector for a given directive and walk up its ancestors to find all element injectors.

Discovering environment injectors works mostly the same way, just following the environment injector graph instead.

This approach has a few known limitations which are out of scope for the moment:
1. Any given component typically has both an element injector *and* an environment injector. The relationship of "component -> environment injector" is not expressed in the result as of now, meaning the AI doesn't really have any insight into _which_ environment injector is being used for a particular component, though the injector will be one of the returned values.
2. The implementation does not support MFE use cases of multiple applications on the page at the same time.
3. The performance is not ideal, as we walk `LView` descendants twice and walk up the injector tree for every directive, repeatedly covering the same scope (ideally we'd just walk up every *leaf* directive, which would cover the same result for less effort). However for a debug tool, this is likely fine for now and we can optimize later if/when it becomes necessary.

I did consider reusing more of the existing implementation in `global_utils` which exists to support Angular DevTools (we are already using some of it), however the existing support in `@angular/core` is actually fairly limited, returning very primitive data structures and relying on Angular DevTools to do the heavier lifting of collapsing the code into a usable graph representation. There's a potential path in the future to converge these implementations and potentially have `global_utils` use some of this code instead, but I will leave that for a future cleanup effort.
2026-04-14 18:35:51 +03:00
Doug Parker
de03e83980 refactor(core): add walkLViewDirectives
This walks all transitive descendant directives via the `LView` structure of the given input. This is a generic utility, but useful for finding all components in a tree to look for their associated `Injector` objects.

One known limitation is that this does not cover child components of i18n messages as that was more complicated than I wanted to get into right now.
2026-04-14 18:35:51 +03:00
Jaime Burgos
2f5ab541ea
feat(core): enhance profiling with documentation URLs
Enhances the Chrome DevTools performance profiling integration by adding links to relevant Angular documentation for lifecycle hooks and profiler events.
2026-04-13 22:37:11 +03:00
Matthieu Riegler
f9b74e90e3 refactor(core): simplifying the ComponentFactory usage
The `ComponentFactory` has been removed from the public API in #68055.
This commit continues the cleanup and also removes `ModuleWithComponentFactories` from the public API.
2026-04-13 22:24:18 +03:00
aparziale
6a435658e2 feat(migrations): Disabling nullishCoalescingNotNullable & optionalChainNotNullable on ng update
Related to angular#67959 disabling two diagnostics errors by `ng update`:

- nullishCoalescingNotNullable
- optionalChainNotNullable
2026-04-13 19:00:21 +03:00
SkyZeroZx
0454d4ced7 refactor(core): deprecate withIncrementalHydration
Deprecates `withIncrementalHydration()` as it is no longer required.

Updates API docs and runtime errors to reflect the new default and guide opt-out.
2026-04-13 18:53:21 +03:00
Matthieu Riegler
df9eed4ff1 refactor(core): remove ComponentFactoryResolver usages
This API was deprecated for a longtime, and was remove by #68055 from the public API.

We do have alternatives to this old API, so we can entirely remove it to spare some bytes
2026-04-13 16:00:03 +03:00
Doug Parker
8ce9cc4f6b feat(core): register AI runtime debugging tools
This registers AI runtime debugging tools during platform creation and unregisters them when the platform is destroyed. This roughly matches existing usage of global utils with respect to timing. It is limited to dev mode only because these tools are exclusively for debugging Angular's internals and not something production users would leverage.
2026-04-13 14:12:48 +03:00
Doug Parker
0c1cc6a89d refactor(core): add registerAiTools function
This will centrally manage all the AI tools supported by Angular out of the box.
2026-04-13 14:12:48 +03:00
Doug Parker
5f5428dfc0 refactor(core): implement Angular signal graph tool
This provides an `angular:signal_graph` in-page tool which exposes the signal graph from the component rendered for a particular DOM element. It leverages the algorithm defined for Angular DevTools, which essentially means it takes the effects registered on the components injector and walks transitive dependencies to find all signals referenced by the component in an effect or the template.
2026-04-13 14:12:48 +03:00
Doug Parker
06c0faecb1 refactor(core): define tool interfaces for AI agents
These serve as the type definitions for interacting with the `chrome-devtools-mcp` AI runtime debugging functionality. Eventually this will hopefully be upstreamed to some more authoritative location, but for now this will do.
2026-04-13 14:12:48 +03:00
Matthieu Riegler
70368ea94d refactor(http): Make BrowserXhr/XhrFactory tree-shakable
3bc095d made the `FetchBackend` the default, we shouldn't load anything Xhr related by default anymroe.
2026-04-13 13:56:03 +03:00
Jessica Janiuk
3c7641151c fix(core): escape forward slashes in transfer state to prevent crawler indexing
This commit escapes forward slashes in the transfer state JSON output as \u002F to prevent search engine crawlers from aggressively indexing relative paths inside the inline script tag. It also updates related unit and integration tests across core and platform-server.

Fixes #65310
2026-04-13 13:54:55 +03:00
Doug Parker
cdda51a3b2 feat(core): support bootstrapping Angular applications underneath shadow roots
This is a minimal implmentation which just focuses on registering parent shadow roots in `SharedStylesHost` correctly.

We don't currently reference count usage of host values, meaning that as soon as we call `removeHost`, all styles are removed from it, even if other components relied on them. Therefore there is no good way to know whether styles are still needed or not, leaving us with the choice of either leaking them longer than necessary or destroying them while another component still needs them. The compromise I'm using here is to delete styles when destroying a component under a shadow root (based on the assumption that only one component will exist per shadow root) and to leave styles when destroying a component in the main document (based on the assumption that dialogs being destroyed should not impact the main application).

Neither assumption is totally safe to make, but we're hoping this is a viable balance for the moment. In the future we should look into lifting these restrictions to better support those use cases while properly reference counting usage of hosts in `SharedStylesHost`.

I also added some small tests to confirm that SSR styles are not duplicated, as an earlier implementation accidentally duplicated them. This should ensure we don't repeat that mistake.
2026-04-10 21:44:08 +03:00
Doug Parker
ad04929d8e refactor(core): add getRootNode to RNode interface
This is necessary for an `RNode` to discover whether it is within the context of a shadow root, which is needed to know where a component's style should be placed.

The method is Baseline Widely Available, however we need to treat it as optional for SSR / JSDom contexts where shadow DOM is not supported.
2026-04-10 21:44:08 +03:00
Doug Parker
df1f5d4394 refactor(core): move SharedStylesHost interface into @angular/core with a dedicated InjectionToken
This allows code in `@angular/core` to inject and use `SharedStylesHost`, even though the implementation is defined in `@angular/platform-browser`.
2026-04-10 21:44:08 +03:00
aparziale
1415d86980 fix(migrations): Fix typo for strict-template migration
Fix typo for strict-template migration
2026-04-10 20:22:16 +03:00
Jessica Janiuk
68628dd45b feat(platform-browser): make incremental hydration default behavior
This commit updates provideClientHydration to automatically enable incremental hydration by default. It also introduces a new withNoIncrementalHydration feature for opting out, adds conflict safety checks, and includes a schematic migration.
2026-04-09 18:53:13 +03:00
Angular Robot
8633f15613 build: update cross-repo angular dependencies
See associated pull request for more information.
2026-04-09 14:13:51 +03:00
Andrew Scott
6fee6514c2 refactor(compiler-cli): decouple SymbolBuilder from BoundTarget and minimize adapter surface
Decouple `SymbolBuilder` from the full `BoundTarget` interface by introducing a purpose-built `SymbolBoundTarget` interface containing only the 4 methods required for symbol resolution. This eliminates the need for the large, pass-through `BoundTargetAdapter` and further isolates `SymbolBuilder` from compiler-internal implementation details.

Also minimize `TypeCheckableDirectiveMetaAdapter` by redefining `SymbolDirectiveMeta` to not extend `DirectiveMeta`, exposing only the properties actually used by `SymbolBuilder`.

Removed dead code `getDirectiveMeta` in `template_symbol_builder.ts` which was unused.

These changes improve maintainability and ensure a cleaner architecture by strictly defining the boundaries of what `SymbolBuilder` needs from the rest of the system.
By limiting the required inputs to only what's necessary for the implementation, we make it easier to re-use
the implementation between different compiler architectures
2026-04-08 11:33:41 -07:00
N. Coury
a24179e125 fix(core): remove obsolete iOS cursor pointer hack in event delegation
Since WebKit commit 67a62d98 (merged for iOS 13), WebKit no longer restricts
click event bubbling to interactable nodes like `div` or `body`. The
`cursor: pointer` hack polyfill is therefore obsolete and can safely be
removed without breaking JSAction behavior.
2026-04-08 11:31:30 -07:00
Matthieu Riegler
a0aa8304cd feat(core): bootstrap via ApplicationRef with config
This is to align the shape of the method with `createComponent`

BREAKING CHANGE:The second arguement of appRef.bootstrap does not accept `any` anymore. Make sure the element you pass is not nullable.

fixes #67946
2026-04-07 12:48:53 -07:00
splincode
77f1ca08e4 fix(core): handle missing serialized container hydration data
Simplify the hydration regression test by removing conditional early-return branches and relying on direct Jasmine expectations while keeping strict typing and OnPush configuration.
2026-04-07 11:22:03 -07:00
Matthieu Riegler
b1f5181ffd refactor(core): remove ComponentFactoryResolver & ComponentFactory from the api surface""
Those APIs date back to pre-ivy times and are long deprecated.

BREAKING CHANGE: `ComponentFactoryResolver` and `ComponentFactory` are no longer available. Pass the component class directly to APIs that previously required a factory, such as `ViewContainerRef.createComponent` or use the standalone `createComponent` function.
2026-04-07 09:30:25 -07:00
Andrew Scott
13c8df67d9 refactor(compiler-cli): decouple TemplateSymbolBuilder from ts.TypeChecker
This updates the SymbolBuilder to no longer use ts.TypeChecker internally to
build symbols for the language service. These lookups are deferred/done later
using the newly expanded template type checker API.
2026-04-06 10:55:40 -07:00
Andrew Scott
ecae525970 Revert "refactor(core): remove ComponentFactoryResolver & ComponentFactory from the api surface"
This reverts commit 9d76ac8229.
g3 cleanup not complete
2026-04-06 09:24:11 -07:00
Kristiyan Kostadinov
9c55fcb3e6 feat(core): de-duplicate host directives
With host directives we can end up in a situation where the same directive applies multiple times to the same element, potentially with conflicting configurations. The runtime isn't set up for a directive to apply more than once so historically we were throwing an error when we detect duplicates.

This ended up limiting the usefulness of host directives to library authors, because it meant that host directives couldn't be reused as much as authors wanted. To address the issue, these changes introduce logic in the compiler and runtime that will de-duplicate host directives with the following logic:

1. If a directive matches once in the template and more than once as a host directive, the host directive matches will be discarded and only the template match will apply. The mental model is that a host directive match represents `Partial<YourDirective>` while a template match represents the full `YourDirective`.
2. If a directive matches multiple times as a host directive, we merge the input/output mappings from all the instances into a single one. If we detect a case where an input/output is exposed under multiple names during the merging process, both the compiler and the runtime will produce an error.

Fixes #57846.
2026-04-03 09:44:39 -07:00
Matthieu Riegler
9d76ac8229 refactor(core): remove ComponentFactoryResolver & ComponentFactory from the api surface
Those APIs date back to pre-ivy times and are long deprecated.

BREAKING CHANGE: `ComponentFactoryResolver` and `ComponentFactory` are no longer available. Pass the component class directly to APIs that previously required a factory, such as `ViewContainerRef.createComponent` or use the standalone `createComponentFunction`.
2026-04-02 16:00:57 -07:00
Jessica Janiuk
30f63fc1c2 refactor(core): address review comments on NG0750 error message
This commit addresses review comments from AndrewKushnir regarding conditional formatting of error messages and updating tests.
2026-04-02 14:55:42 -07:00
Jessica Janiuk
8218d2e34a refactor(core): Add more detail to NG0750 error message
This adds a bit more context to the NG0750 error message to provide details about which module failed to load when executing the dependencyResolverFn. This can help with debugging a failed lazy load in a defer block.
2026-04-02 14:55:42 -07:00
Andrew Scott
8216d34976 feat(migrations): Add migration for CanMatchFn snapshot parameter (#67452)
the third partial match snapshot parameter is now required in the types
since the Router always providers it

PR Close #67452
2026-04-02 12:53:57 -07:00
SkyZeroZx
c15e3a005d test(core): refactors test to use timeout utility
Replaces direct `setTimeout` wrapped in a Promise with the `timeout` helper from `@angular/private/testing`
2026-04-01 20:46:00 +02:00
Angular Robot
436c5df488 build: update cross-repo angular dependencies to v22.0.0-next.4
See associated pull request for more information.
2026-04-01 18:31:00 +02:00
Alan Agius
e84e35cdd6 fix(core): prevent binding unsafe attributes on SVG animation elements (#67797)
SVG animation elements (`animate` and `set`) can be used to animate sensitive attributes like `href` or `xlink:href`. Binding to these animation attributes (like `to`, `from`, or `values`) with a sensitive target creates an XSS vector.

This change mitigates this risk by:
1. Classifying `to`, `from`, and `values` on `<animate>` and `<set>` elements as `ATTRIBUTE_NO_BINDING` in the DOM security schema to prevent standard dynamic bindings.
2. Adding runtime validations in `ɵɵvalidateAttribute` to verify that `attributeName` is not a sensitive attribute (such as `href` or `xlink:href`) when processed by a set of `SECURITY_SENSITIVE_ATTRIBUTE_NAMES`. If it is, a runtime error `UNSAFE_ATTRIBUTE_BINDING` is thrown.
3. Adding regression tests in `integration_spec.ts` to ensure unsafe bindings throw an error while safe ones pass correctly.

PR Close #67797
2026-04-01 11:43:58 +02:00
Alan Agius
028e1d3ce0 fix(core): treat object[data] as resource URL context (#67797)
Previously, the `data` attribute of the `<object>` tag was being sanitized as a regular URL instead of a `ResourceURL`, which is security-sensitive.
This commit updates the runtime sanitization logic to correctly identify `object[data]` as a `ResourceURL` context. Additionally, the sanitizer lookup logic has been refactored to use a more efficient lookup map (`RESOURCE_MAP`) instead of multiple `Set` lookups, providing better performance and maintainability.

Added tests to verify the correct sanitization of `object[data]` and its behavior with trusted values.

PR Close #67797
2026-04-01 11:43:58 +02:00
Alan Agius
08d36599d7 fix(compiler): register SVG animation attributes in URL security context (#67797)
This change is a security hardening measure to prevent potentially unsafe attribute value manipulation through SVG animations. By mapping `animate|to`, `animate|from`, `animate|values`, and `set|to` to the `SecurityContext.URL`,  Angular will now automatically sanitize these attributes.

PR Close #67797
2026-04-01 11:43:58 +02:00
tomer953
8fa6617352 fix(core): resolve component import by exact specifier in route lazy-loading schematic
Avoid substring matching on importClause.getText() which caused suffix collisions (e.g., BarComponent vs FooBarComponent). Use AST-based matching for default and named (including aliased) imports to reliably resolve the correct import path when generating loadComponent.
2026-04-01 09:24:08 +02:00
Doug Parker
7ba8929504 test: fix flakiness in image-directive e2e tests
Fixes race conditions where intermediate layout renders caused the browser to emit 'largest-contentful-paint' events or 'load' events that led to inconsistent console logs. Updated tests to correctly wait for elements to stabilize and properly filter expected log messages.
2026-04-01 08:40:42 +02:00
Matthieu Riegler
12b3a1a755 refactor(migrations): keep the http-xhr-backend migration idempotent
Our migrations should be idempotent in case they are run multiple times.
2026-03-27 15:58:46 +01:00
aparziale
682aaf943f feat(migrations): add strictTemplates to tsconfig during ng update
Add the strictTemplates option to tsconfig.json with a default value of false
2026-03-27 15:57:09 +01:00
SkyZeroZx
43ef7171b3 docs: update change detection strategy references 2026-03-27 15:43:43 +01:00
Angular Robot
34e1d49b75 build: update cross-repo angular dependencies
See associated pull request for more information.
2026-03-27 14:01:21 +01:00
Alex Rickabaugh
24e52d450d feat(forms): add debounce option to validateAsync and validateHttp
This adds support for a `debounce` option to the `validateAsync` and `validateHttp` functions.
This allows developers to debounce the triggering of async validators to improve performance.

A `DebounceTimer` type was also added to `@angular/core` to represent the wait condition parameters uniformly.
2026-03-25 14:17:52 -07:00