From 264d25cc0a45afa920b6055bcfc0a0e238999026 Mon Sep 17 00:00:00 2001 From: andypotts Date: Sun, 30 Jul 2017 17:53:57 +0100 Subject: [PATCH 1/7] docs($http): update YQL currency exchange API example Closes #16130 --- docs/content/guide/concepts.ngdoc | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) diff --git a/docs/content/guide/concepts.ngdoc b/docs/content/guide/concepts.ngdoc index cc64ddb92e0e..3b3a16b71001 100644 --- a/docs/content/guide/concepts.ngdoc +++ b/docs/content/guide/concepts.ngdoc @@ -186,7 +186,7 @@ Right now, the `InvoiceController` contains all logic of our example. When the a is a good practice to move view-independent logic from the controller into a {@link services service}, so it can be reused by other parts of the application as well. Later on, we could also change that service to load the exchange rates -from the web, e.g. by calling the Yahoo Finance API, without changing the controller. +from the web, e.g. by calling the Fixer.io exchange rate API, without changing the controller. Let's refactor our example and move the currency conversion into a service in another file: @@ -300,7 +300,7 @@ to something shorter like `a`. ## Accessing the backend -Let's finish our example by fetching the exchange rates from the Yahoo Finance API. +Let's finish our example by fetching the exchange rates from the Fixer.io exchange rate API. The following example shows how this is done with AngularJS: @@ -323,10 +323,6 @@ The following example shows how this is done with AngularJS: angular.module('finance3', []) .factory('currencyConverter', ['$http', function($http) { - var YAHOO_FINANCE_URL_PATTERN = - '//query.yahooapis.com/v1/public/yql?q=select * from ' + - 'yahoo.finance.xchange where pair in ("PAIRS")&format=json&' + - 'env=store://datatables.org/alltableswithkeys'; var currencies = ['USD', 'EUR', 'CNY']; var usdToForeignRates = {}; @@ -335,15 +331,10 @@ The following example shows how this is done with AngularJS: }; var refresh = function() { - var url = YAHOO_FINANCE_URL_PATTERN. - replace('PAIRS', 'USD' + currencies.join('","USD')); + var url = 'https://api.fixer.io/latest?base=USD&symbols='+currencies.join(","); return $http.get(url).then(function(response) { - var newUsdToForeignRates = {}; - angular.forEach(response.data.query.results.rate, function(rate) { - var currency = rate.id.substring(3,6); - newUsdToForeignRates[currency] = window.parseFloat(rate.Rate); - }); - usdToForeignRates = newUsdToForeignRates; + usdToForeignRates = response.data.rates; + usdToForeignRates['USD'] = 1; }); }; From 85292b427c47581d7de1b2dc5f976ef8bf38ce8e Mon Sep 17 00:00:00 2001 From: andypotts Date: Sun, 30 Jul 2017 18:03:39 +0100 Subject: [PATCH 2/7] docs($http): update reference to Yahoo Finance --- docs/content/guide/security.ngdoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/guide/security.ngdoc b/docs/content/guide/security.ngdoc index e4236de03d07..888b8fa9e3f3 100644 --- a/docs/content/guide/security.ngdoc +++ b/docs/content/guide/security.ngdoc @@ -100,7 +100,7 @@ Protection from JSON Hijacking is provided if the server prefixes all JSON reque AngularJS will automatically strip the prefix before processing it as JSON. For more information please visit {@link $http#json-vulnerability-protection JSON Hijacking Protection}. -Bear in mind that calling `$http.jsonp`, like in [our Yahoo! finance example](https://docs.angularjs.org/guide/concepts#accessing-the-backend), +Bear in mind that calling `$http.jsonp`, like in [our currency exchange example](https://docs.angularjs.org/guide/concepts#accessing-the-backend), gives the remote server (and, if the request is not secured, any Man-in-the-Middle attackers) instant remote code execution in your application: the result of these requests is handed off to the browser as regular `