will it be safe to watch a text input after sandbox removal?

[David Michael Gang]

Hi all,

I read the http://angularjs.blogspot.co.il/2016/09/angular-16-expression-sandbox-removal.html which suggests not to watch user provided content.

There is a lack of examples so i want to be sure, if i have an ng-model on a text input called searchtext, will it be unsafe to watch this variable?

For example in an autocomplete :

Will it be unsafe to write:

$scope.$watch('searchText', wait ? $mdUtil.debounce(handleSearchText, wait) : handleSearchText);

where searchtext is the ng-model and handlesearchtext brings the results from the autocomplete server?

If yes, how can it be written in a safe way?

BR,

David

[Lucas Lacroix]

Hi David,
I interpret the article differently than you. It says that you should never use user input to generate templates, not that you shouldn't watch user input.

-Luke

--
You received this message because you are subscribed to the Google Groups "Angular" group.
To unsubscribe from this group and stop receiving emails from it, send an email to angular+u...@googlegroups.com.
To post to this group, send email to ang...@googlegroups.com.
Visit this group at https://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.

--

Lucas Lacroix

Computer Scientist

Advanced Technology Division, MEDITECH

781-774-2293

[micha...@gmail.com]

But what is the meaning of

• Passing user-provided content in calls to these methods on a scope:
• $watch(userContent, ...)
• $watchGroup(userContent, ...)
• $watchCollection(userContent, ...)
• $eval(userContent)
• $evalAsync(userContent)
• $apply(userContent)
• $applyAsync(userContent)

Sent from my iPhone

You received this message because you are subscribed to a topic in the Google Groups "Angular" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/angular/lK4SczN_xTw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to angular+u...@googlegroups.com.