ember-source 4.6.0-alpha.1 → 4.6.0-alpha.2

package/dist/header/license.js

@@ -5,5 +5,5 @@
  *            Portions Copyright 2008-2011 Apple Inc. All rights reserved.
  * @license   Licensed under MIT license
  *            See https://raw.github.com/emberjs/ember.js/master/LICENSE
- * @version   4.6.0-alpha.1
+ * @version   4.6.0-alpha.2
  */

package/dist/packages/@ember/-internals/glimmer/index.js

@@ -2957,14 +2957,25 @@ function escapeExpression(string) {
   return string.replace(badChars, escapeChar);
 }
 /**
-  Mark a string as safe for unescaped output with Ember templates. If you
-  return HTML from a helper, use this function to
-  ensure Ember's rendering layer does not escape the HTML.
+  Use this method to indicate that a string should be rendered as HTML
+  when the string is used in a template. To say this another way,
+  strings marked with `htmlSafe` will not be HTML escaped.
+
+  A word of warning -   The `htmlSafe` method does not make the string safe;
+  it only tells the framework to treat the string as if it is safe to render
+  as HTML. If a string contains user inputs or other untrusted
+  data, you must sanitize the string before using the `htmlSafe` method.
+  Otherwise your code is vulnerable to
+  [Cross-Site Scripting](https://owasp.org/www-community/attacks/DOM_Based_XSS).
+  There are many open source sanitization libraries to choose from,
+  both for front end and server-side sanitization.
 
   ```javascript
   import { htmlSafe } from '@ember/template';
 
-  htmlSafe('<div>someString</div>')
+  const someTrustedOrSanitizedString = "<div>Hello!</div>"
+
+  htmlSafe(someTrustedorSanitizedString)
   ```
 
   @method htmlSafe
@@ -5166,10 +5177,13 @@ class DynamicScope {
     return value;
   }
 
-} // This wrapper logic prevents us from rerendering in case of a hard failure
+}
+
+const NO_OP = () => {}; // This wrapper logic prevents us from rerendering in case of a hard failure
 // during render. This prevents infinite revalidation type loops from occuring,
 // and ensures that errors are not swallowed by subsequent follow on failures.
 
+
 function errorLoopTransaction(fn$$1) {
   if (DEBUG) {
     return () => {
@@ -5270,10 +5284,6 @@ function loopBegin() {
   }
 }
 
-function K() {
-  /* noop */
-}
-
 let renderSettledDeferred = null;
 /*
   Returns a promise which will resolve when rendering has settled. Settled in
@@ -5292,7 +5302,7 @@ function renderSettled() {
 
     if (!_getCurrentRunLoop()) {
       // ensure a runloop has been kicked off
-      _backburner.schedule('actions', null, K);
+      _backburner.schedule('actions', null, NO_OP);
     }
   }
 
@@ -5321,7 +5331,7 @@ function loopEnd() {
       }
 
       loops++;
-      return _backburner.join(null, K);
+      return _backburner.join(null, NO_OP);
     }
   }
 

package/dist/packages/@ember/-internals/metal/index.js

@@ -14,9 +14,6 @@ import VERSION from 'ember/version';
 import { INIT_FACTORY } from '@ember/-internals/container';
 import { getOwner } from '@ember/-internals/owner';
 
-/**
-@module @ember/object
-*/
 /*
   The event system uses a series of nested hashes to store listeners on an
   object. When a listener is registered, or when an event arrives, these

package/dist/packages/@ember/-internals/routing/lib/system/router.js

@@ -12,10 +12,6 @@ import { calculateCacheKey, extractRouteArgs, getActiveTargetName, resemblesURL
 import DSL from './dsl';
 import { defaultSerialize, getFullQueryParams, hasDefaultSerialize, ROUTE_CONNECTIONS } from './route';
 import RouterState from './router_state';
-/**
-@module @ember/routing
-*/
-
 import Router, { logAbort, STATE_SYMBOL } from 'router_js';
 import EngineInstance from '@ember/engine/instance';
 

package/dist/packages/@ember/controller/lib/controller_mixin.js

@@ -2,31 +2,20 @@ import { Mixin, computed } from '@ember/-internals/metal';
 import { ActionHandler } from '@ember/-internals/runtime';
 import { symbol } from '@ember/-internals/utils';
 const MODEL = symbol('MODEL');
-/**
-@module ember
-*/
-
-/**
-  @class ControllerMixin
-  @namespace Ember
-  @uses Ember.ActionHandler
-  @private
-*/
-
-export default Mixin.create(ActionHandler, {
+const ControllerMixin = Mixin.create(ActionHandler, {
   /* ducktype as a controller */
   isController: true,
 
   /**
     The object to which actions from the view should be sent.
-     For example, when a Handlebars template uses the `{{action}}` helper,
+       For example, when a Handlebars template uses the `{{action}}` helper,
     it will attempt to send the action to the view's controller's `target`.
-     By default, the value of the target property is set to the router, and
+       By default, the value of the target property is set to the router, and
     is injected when a controller is instantiated. This injection is applied
     as part of the application's initialization process. In most cases the
     `target` property will automatically be set to the logical consumer of
     actions for the controller.
-     @property target
+       @property target
     @default null
     @public
   */
@@ -36,7 +25,7 @@ export default Mixin.create(ActionHandler, {
   /**
     The controller's current model. When retrieving or modifying a controller's
     model, this property should be used instead of the `content` property.
-     @property model
+       @property model
     @public
   */
   model: computed({
@@ -44,9 +33,10 @@ export default Mixin.create(ActionHandler, {
       return this[MODEL];
     },
 
-    set(key, value) {
+    set(_key, value) {
       return this[MODEL] = value;
     }
 
   })
-});
+});
+export default ControllerMixin;

package/dist/packages/@ember/object/lib/computed/computed_macros.js

@@ -11,8 +11,7 @@ function expandPropertiesToArray(predicateName, properties) {
     expandedProperties.push(entry);
   }
 
-  for (let i = 0; i < properties.length; i++) {
-    let property = properties[i];
+  for (let property of properties) {
     assert(`Dependent keys passed to \`${predicateName}\` computed macro can't have spaces.`, property.indexOf(' ') < 0);
     expandProperties(property, extractProperty);
   }
@@ -21,19 +20,22 @@ function expandPropertiesToArray(predicateName, properties) {
 }
 
 function generateComputedWithPredicate(name, predicate) {
-  return (...properties) => {
+  return (dependentKey, ...additionalDependentKeys) => {
+    let properties = [dependentKey, ...additionalDependentKeys];
     assert(`You attempted to use @${name} as a decorator directly, but it requires at least one dependent key parameter`, !isElementDescriptor(properties));
     let dependentKeys = expandPropertiesToArray(name, properties);
     let computedFunc = computed(...dependentKeys, function () {
       let lastIdx = dependentKeys.length - 1;
 
       for (let i = 0; i < lastIdx; i++) {
+        // SAFETY: `i` is derived from the length of `dependentKeys`
         let value = get(this, dependentKeys[i]);
 
         if (!predicate(value)) {
           return value;
         }
-      }
+      } // SAFETY: `lastIdx` is derived from the length of `dependentKeys`
+
 
       return get(this, dependentKeys[lastIdx]);
     });