December 9th, 2016
AngularJS 1.6.0 - rainbow-tsunami
Continuing our development and support of Angular 1, we are announcing the next significant release, 1.6.0, which has been in development since May this year.
In this release we have added a number of useful features that should improve the developer experience and we have tightened up the security of Angular 1 even further. We have also removed a handful of deprecated features that makes the codebase easier to maintain and in many cases improves performance.
Here are the most significant new features available in 1.6.0. Check out the changelog for more detail.
When defining model options using the
ngModelOptions directive, you can now choose to inherit options from ancestor
ngModelOptions directives. This means that developers can centralise common model options rather than repeating themselves across all their HTML.
You can see examples of what you can do with this new feature in Todd Motto's recent blog post.
Alignment with jQuery 3
jQuery 3 was released in June this year and contains some changes that left our own jqLite implementation out of sync. In this release we have changed jqLite so that it matches the behaviour of jQuery 3.
Controller binding pre-assignment
Now all directive controllers should use
$onInit to initialize their state, where the bindings are guaranteed to be ready. This is also closer to the semantic of Angular 2 components.
Todd Motto has written about how to handle this change in a recent blog post.
Support for non-string
With improved support for non-string values in
option elements, you can now render most select option use cases using
ngValue, rather than having to resort to
In other words, as shown in this Plunker, rather than this:
ng-options="x as x.name disable when !x.enabled for x in $ctrl.options">
<option value="">Empty Option</option>
you can now write:
<option ng-value="null">Empty Option</option>
ng-repeat="x in $ctrl.options"
This results in clearer Angular 1 templates and is more in keeping with how it is done in Angular 2.
Better support for range inputs
In Angular 1.5.x (from 1.5.10 and later) you need to manually opt-in to this support since the behaviour of native range inputs required a change to how ngModel handled updates to the value:
Angular 1.6 now fully supports
<input type=range ng-model="..."> by default without having to opt-in.
- It requires the model to be a number, and will set the model to a number.
- It only supports setting minimum and maximum values via the
- It follows the browser behavior of never allowing an invalid value: when the browser converts an invalid value to a valid value, the the model is set to this new valid value.
There have been a number of commits that have improved or clarified the security of Angular 1 applications. Here are some of the highlights.
Due to some strengthening work we have done to make it more difficult to autobootstrap Angular in browser extensions, all versions of Angular from 1.5.9/1.6.0 onwards are now whitelisted as safe to use in Mozilla Addons.
Expression sandbox removal
In this version of Angular we have removed the Angular expression sandbox feature. Some developers were incorrectly using this in an attempt to prevent XSS attacks to their templates. To make it clear that this should not be relied upon in this way we have made the decision to remove it completely. A more detailed write up of the background, the decision and whether you need to do anything can be found in our previous blog post.
JSONP is now secured by the
$sce service, in the same way that other significant resources are in Angular 1. JSONP URLs must now be whitelisted or explicitly trusted before Angular will allow a request to the end point. Further the syntax for JSONP URLs is now more secure, by disallowing the
JSON_CALLBACK from the URL template and requiring that the callback is provided via the
jsonpCallbackParam config param for requests.
There are over 70 significant commits between 1.5 and 1.6. You can find a detailed list of all the changes, including bug fixes and performance improvements in our changelog.
Migrating from 1.5 to 1.6
While there are a number of breaking changes between 1.5 and 1.6, many only affect very rare corner cases. There are a few significant changes that you should be aware of and we have a comprehensive migration guide to ensure that your migration goes smoothly.
Previous Version Support
We believe that Angular 1.6 is now the best Angular 1 version out there and that you should update your applications to use it.
We continue to support Angular 1.2 with security patches as it is the last version of Angular to support Internet Explorer 8 and from now on Angular 1.5 will receive serious bug fixes and security patches.
Angular 1.6 will get regular non-breaking change releases over the next six months, and we will be aiming for the release of Angular 1.7 containing any necessary breaking changes by Summer 2017.
As always the work on Angular 1 is a major collaborative effort between people both within and outside the Angular team. We hope that it continues to provide the solid application development platform that you have been relying on for over 7 years!