a751649c8d
Both Firefox and Safari are vulnerable to XSS if we use an inert document created via `document.implementation.createHTMLDocument()`. Now we check for those vulnerabilities and then use a DOMParser or XHR strategy if needed. Further the platform-server has its own library for parsing HTML, so we sniff for that (by checking whether DOMParser exists) and fall back to the standard strategy. Thanks to @cure53 for the heads up on this issue. PR Close #17019 |
||
|---|---|---|
| .. | ||
| dom_sanitization_service_spec.ts | ||
| html_sanitizer_spec.ts | ||
| style_sanitizer_spec.ts | ||
| url_sanitizer_spec.ts | ||