fix(compiler): strip <script> tag from templates

Fixes #2766
Closes #3486

modules/angular2/src/render/dom/compiler/compiler.ts

@@ -82,8 +82,8 @@ export class DomCompiler extends RenderCompiler {
     var pipeline = new CompilePipeline(this._stepFactory.createSteps(viewDef));
 
     var compiledStyles = pipeline.processStyles(templateAndStyles.styles);
-    var compileElements = pipeline.processElements(DOM.createTemplate(templateAndStyles.template),
+    var compileElements = pipeline.processElements(
-                                                   protoViewType, viewDef);
+        this._createTemplateElm(templateAndStyles.template), protoViewType, viewDef);
     if (viewDef.encapsulation === ViewEncapsulation.NATIVE) {
       prependAll(DOM.content(compileElements[0].element),
                  compiledStyles.map(style => DOM.createStyleElement(style)));
@@ -95,6 +95,17 @@ export class DomCompiler extends RenderCompiler {
         compileElements[0].inheritedProtoView.build(this._schemaRegistry, this._templateCloner));
   }
 
+  _createTemplateElm(template: string) {
+    var templateElm = DOM.createTemplate(template);
+    var scriptTags = DOM.querySelectorAll(DOM.templateAwareRoot(templateElm), 'script');
+
+    for (var i = 0; i < scriptTags.length; i++) {
+      DOM.remove(scriptTags[i]);
+    }
+
+    return templateElm;
+  }
+
   _normalizeViewEncapsulationIfThereAreNoStyles(viewDef: ViewDefinition): ViewDefinition {
     if (viewDef.encapsulation === ViewEncapsulation.EMULATED) {
       return new ViewDefinition({

modules/angular2/test/core/compiler/integration_spec.ts

@@ -1130,6 +1130,22 @@ export function main() {
          }));
     });
 
+    describe("corner cases", () => {
+      it('should remove script tags from templates',
+         inject([TestComponentBuilder, AsyncTestCompleter], (tcb: TestComponentBuilder, async) => {
+           tcb.overrideView(MyComp, new viewAnn.View({
+                template: `
+            <script>alert("Ooops");</script>
+            <div>before<script>alert("Ooops");</script><span>inside</span>after</div>`
+              }))
+               .createAsync(MyComp)
+               .then((rootTC) => {
+                 expect(DOM.querySelectorAll(rootTC.nativeElement, 'script').length).toEqual(0);
+                 async.done();
+               });
+         }));
+    });
+
     describe("error handling", () => {
       it('should report a meaningful error when a directive is missing annotation',
          inject([TestComponentBuilder, AsyncTestCompleter], (tcb: TestComponentBuilder, async) => {

modules/angular2/test/render/dom/compiler/compiler_common_tests.ts

@@ -131,6 +131,16 @@ export function runCompilerCommonTests() {
                });
          }));
 
+      it('should remove script tags from templates', inject([AsyncTestCompleter], (async) => {
+           var compiler = createCompiler(EMPTY_STEP);
+           compiler.compile(new ViewDefinition(
+                                {componentId: 'someId', template: '<div></div><script></script>'}))
+               .then((protoView) => {
+                 expect(DOM.getInnerHTML(templateRoot(protoView))).toEqual('<div></div>');
+                 async.done();
+               });
+         }));
+
       it('should report loading errors', inject([AsyncTestCompleter], (async) => {
            var compiler = createCompiler(EMPTY_STEP, null, new Map());
            PromiseWrapper.catchError(