538f1d980f
refactor(core): move sanitization into core ( #22540 )
...
This is in preparation of having Ivy have sanitization inline.
PR Close #22540
2018-03-07 18:24:06 -08:00
0d248079ba
test(platform-browser): remove stray `debugger` statement ( #22167 )
...
PR Close #22167
2018-02-25 10:06:14 -08:00
a751649c8d
fix(core): use appropriate inert document strategy for Firefox & Safari ( #17019 )
...
Both Firefox and Safari are vulnerable to XSS if we use an inert document
created via `document.implementation.createHTMLDocument()`.
Now we check for those vulnerabilities and then use a DOMParser or XHR
strategy if needed.
Further the platform-server has its own library for parsing HTML, so we
sniff for that (by checking whether DOMParser exists) and fall back to
the standard strategy.
Thanks to @cure53 for the heads up on this issue.
PR Close #17019
2018-02-08 08:55:15 -08:00
47e251a80a
build: remove `main()` from specs ( #21053 )
...
PR Close #21053
2017-12-22 13:10:51 -08:00
516759b1ff
test(platform-browser): fix mXSS attack test in Canary ( #18809 )
...
PR Close #18809
2017-09-22 13:10:00 -07:00
9479a106bb
build: enable TSLint on the packages folder
2017-07-31 15:47:57 -07:00
728c9d0632
fix(platform-browser): Update types for TypeScript nullability support
...
Closes #15898
2017-04-18 12:07:33 -07:00
a4076c70cc
fix(platform-browser): prevent clobbered elements from freezing the browser
...
see
4f69d38f09
2017-03-16 10:16:39 -07:00
52bbc9baf4
refactor(platform-browser): cleanup HtmlSanitizer specs
2017-03-16 10:16:39 -07:00
8573e36574
build: fix file paths after moving modules/@angular/* to packages/*
2017-03-08 16:29:28 -08:00
3e51a19983
refactor: move angular source to /packages rather than modules/@angular
2017-03-08 16:29:27 -08:00
Miško Hevery
George Kalpakas
Peter Bacon Darwin
Marc Laval
Victor Berchet
Jason Aden