Commit Graph

11 Commits

Author SHA1 Message Date
Miško Hevery 538f1d980f refactor(core): move sanitization into core (#22540)
This is in preparation of having Ivy have sanitization inline.

PR Close #22540
2018-03-07 18:24:06 -08:00
George Kalpakas 0d248079ba test(platform-browser): remove stray `debugger` statement (#22167)
PR Close #22167
2018-02-25 10:06:14 -08:00
Peter Bacon Darwin a751649c8d fix(core): use appropriate inert document strategy for Firefox & Safari (#17019)
Both Firefox and Safari are vulnerable to XSS if we use an inert document
created via `document.implementation.createHTMLDocument()`.

Now we check for those vulnerabilities and then use a DOMParser or XHR
strategy if needed.

Further the platform-server has its own library for parsing HTML, so we
sniff for that (by checking whether DOMParser exists) and fall back to
the standard strategy.

Thanks to @cure53 for the heads up on this issue.

PR Close #17019
2018-02-08 08:55:15 -08:00
Misko Hevery 47e251a80a build: remove `main()` from specs (#21053)
PR Close #21053
2017-12-22 13:10:51 -08:00
Marc Laval 516759b1ff test(platform-browser): fix mXSS attack test in Canary (#18809)
PR Close #18809
2017-09-22 13:10:00 -07:00
Victor Berchet 9479a106bb build: enable TSLint on the packages folder 2017-07-31 15:47:57 -07:00
Miško Hevery 728c9d0632 fix(platform-browser): Update types for TypeScript nullability support
Closes #15898
2017-04-18 12:07:33 -07:00
Victor Berchet a4076c70cc fix(platform-browser): prevent clobbered elements from freezing the browser
see
4f69d38f09
2017-03-16 10:16:39 -07:00
Victor Berchet 52bbc9baf4 refactor(platform-browser): cleanup HtmlSanitizer specs 2017-03-16 10:16:39 -07:00
Jason Aden 8573e36574 build: fix file paths after moving modules/@angular/* to packages/* 2017-03-08 16:29:28 -08:00
Jason Aden 3e51a19983 refactor: move angular source to /packages rather than modules/@angular 2017-03-08 16:29:27 -08:00