feat($parse): toggle evaluation of private fields via $parseProvider.allowPrivateFields()

[boneskull]

Disallowing evaluation of private fields in Angular expressions should be toggleable through a config() block. Usage is shown in ngdoc comments.

It's worth noting that this behavior defaults to FALSE.

That is to say, if you want pre-Angular-1.2 behavior, you must do:

myModule.config(function($parseProvider) {
  $parseProvider.allowPrivateFields(true);
});

Please let me know if the unit tests are insufficient; they do not consider multiple "formats" of private variables as the tests do in 3d6a89e, but the main intent here was to show that the toggle works.

[Mparaiso]

I'd definetly vote for that , though OFF by default would make more sense, let me write javascript with MY dev team conventions.

[kofalt]

Looks like a productive alternative to the discussion in #4509 👍

I strongly agree with @Mparaiso; I'd really rather only enable string blacklisting when explicitly requested.
But as long as there's a way to disable it, I'm happier :)

[eknkc]

How about making the check itself customizable? Rather than a boolean flag for allow/disallow, it could accept a function that checks if a name is accessible or not and returns a boolean.

[boneskull]

It defaults to false because I don't feel it's really my call to disable functionality by default. I'm more than happy letting the core devs paw through that hornet's nest. 😄

@eknkc May be a good idea but the motivation here was simply to toggle the existing functionality, not provide anything new.

[kofalt]

@boneskull sage :)

@eknkc Passing function(val) { return false } to disable a feature feels weird to me. I don't hate the idea of custom functions, but you can also check if the parameter's a boolean and toggle accordingly.

[lezhangxyz]

This is simple, to the point, and follows the existing $parseProvider conventions. 👍

[jonathannorris]

I agree that that this is a good solution, but also believe the default should be true.

Causing a wide reaching breaking change like this should only be done where absolutely necessary, I don't believe the proposed problem the breaking change solves warrant's the pain it will cause. Currently any teams using a MongoDB or CouchDB backed application will get a very rude introduction to 1.2.0.

[cburgdorf]

I think it should be

myModule.config(function($parseProvider) {
  //set it to an empty string to completely ignore it.
  $parseProvider.privateFieldPrefix('_');
});

[petebacondarwin]

+1 @cburgdorf - this is the ideal solution

[mlandalv]

IMO it should be a combination of the OP and @cburgdorf.

It feels a bit magic to disable private fields because the prefix is an empty string. It feels like a not-so-obvious side effect. But on the other hand it's a nice feature to be able to change the prefix.

myModule.config(function ($parseProvider) {
    $parseProvider.privateFields(true);
    $parseProvider.privateFieldPrefix('_');
});

Notice I changed allowPrivateFields to privateFields. Isn't that more consistent with e.g. $locationProvider.html5Mode?

[alexgorbatchev]

👍 If this is made customizable without ability to just switch it off, then people will just set random strings as prefixes and it will just slow their applications down.

[petebacondarwin]

I think the api should be something like:

$parseProvider.restrictFieldsMatching(/^_/);
On 9 Nov 2013 16:59, "Martin Landälv" notifications@github.com wrote:

IMO it should be a combination of the OP and @cburgdorfhttps://github.com/cburgdorf
.

It feels a bit magic to disable private fields because the prefix is an
empty string. It feels like a not-so-obvious side effect. But on the other
hand it's a nice feature to be able to change the prefix.

myModule.config(function ($parseProvider) {
$parseProvider.privateFields(true);
$parseProvider.privateFieldPrefix('_');
});

Notice I changed allowPrivateFields to privateFields. Isn't that more
consistent with e.g. $locationProvider.html5Mode?

—
Reply to this email directly or view it on GitHubhttps://github.com//pull/4849#issuecomment-28131421
.

[petebacondarwin]

With null meaning "switch it off"
On 9 Nov 2013 17:33, "Pete Bacon Darwin" pete@bacondarwin.com wrote:

I think the api should be something like:

$parseProvider.restrictFieldsMatching(/^_/);
On 9 Nov 2013 16:59, "Martin Landälv" notifications@github.com wrote:

IMO it should be a combination of the OP and @cburgdorfhttps://github.com/cburgdorf
.

It feels a bit magic to disable private fields because the prefix is an
empty string. It feels like a not-so-obvious side effect. But on the other
hand it's a nice feature to be able to change the prefix.

myModule.config(function ($parseProvider) {
$parseProvider.privateFields(true);
$parseProvider.privateFieldPrefix('_');
});

Notice I changed allowPrivateFields to privateFields. Isn't that more
consistent with e.g. $locationProvider.html5Mode?

—
Reply to this email directly or view it on GitHubhttps://github.com//pull/4849#issuecomment-28131421
.

[lrlopez]

Guys, take a look into #4859 and tell me what you think... It implements Pete's proposal.

[gabrieledarrigo]

+1 for this

[TheHippo]

Thats what we need.

[wedgybo]

👍

[geddski]

+1