docs(security): hide TOC for Dart; other minor copyedits (#3017)

public/docs/_examples/security/ts/app/bypass-security.component.html

@@ -1,20 +1,17 @@
 <!--#docregion -->
 <h3>Bypass Security Component</h3>
 
-<!--#docregion dangerous-url -->
+<!--#docregion URL -->
 <h4>An untrusted URL:</h4>
 <p><a class="e2e-dangerous-url" [href]="dangerousUrl">Click me</a></p>
 <h4>A trusted URL:</h4>
 <p><a class="e2e-trusted-url" [href]="trustedUrl">Click me</a></p>
-<!--#enddocregion dangerous-url -->
+<!--#enddocregion URL -->
 
-<!--#docregion iframe-videoid -->
+<!--#docregion iframe -->
 <h4>Resource URL:</h4>
 <p><label>Showing: <input (input)="updateVideoUrl($event.target.value)"></label></p>
 <p>Trusted:</p>
 <iframe class="e2e-iframe-trusted-src" width="640" height="390" [src]="videoUrl"></iframe>
 <p>Untrusted:</p>
 <iframe class="e2e-iframe-untrusted-src" width="640" height="390" [src]="dangerousVideoUrl"></iframe>
-<!--#enddocregion iframe-videoid -->
-
-<!--#enddocregion -->

public/docs/_examples/security/ts/app/inner-html-binding.component.ts

@@ -6,7 +6,7 @@ import { Component } from '@angular/core';
   selector: 'inner-html-binding',
   templateUrl: 'inner-html-binding.component.html',
 })
-// #docregion inner-html-controller
+// #docregion class
 export class InnerHtmlBindingComponent {
   // For example, a user/attacker-controlled value from a URL.
   htmlSnippet = 'Template <script>alert("0wned")</script> <b>Syntax</b>';

public/docs/ts/latest/guide/security.jade

@@ -8,6 +8,7 @@ block includes
 
   For more information about the attacks and mitigations described below, see [OWASP Guide Project](https://www.owasp.org/index.php/Category:OWASP_Guide_Project).
 
++ifDocsFor('ts')
   .l-main-section
   :marked
     # Contents:
@@ -19,6 +20,7 @@ block includes
     * [HTTP-Level vulnerabilities](#http).
     * [Auditing Angular applications](#code-review).
 
+:marked
   Try the <live-example></live-example> of the code shown in this page.
 
 .l-main-section
@@ -103,8 +105,9 @@ h2#xss Preventing cross-site scripting (XSS)
   a value that an attacker might control into `innerHTML` normally causes an XSS
   vulnerability. For example, code contained in a `<script>` tag is executed:
 
-+makeExcerpt('app/inner-html-binding.component.ts ()', 'inner-html-controller')
++makeExcerpt('app/inner-html-binding.component.ts', 'class')
 
+block html-sanitization
   :marked
     Angular recognizes the value as unsafe and automatically sanitizes it, which removes the `<script>`
     tag but keeps safe content such as the text content of the `<script>` tag, or the `<b>` element.
@@ -112,6 +115,7 @@ h2#xss Preventing cross-site scripting (XSS)
   figure.image-display
       img(src='/resources/images/devguide/security/binding-inner-html.png'
           alt='A screenshot showing interpolated and bound HTML values')
+
 :marked
   ### Avoid direct use of the DOM APIs
 
@@ -144,6 +148,7 @@ figure.image-display
   the server. Do not generate Angular templates on the server side using a templating language; doing this
   carries a high risk of introducing template-injection vulnerabilities.
 
+block bypass-security-apis
   .l-main-section
   h2#bypass-security-apis Trusting safe values
   :marked
@@ -167,7 +172,7 @@ h2#bypass-security-apis Trusting safe values
     your intended use of the value. Imagine that the following template needs to bind a URL to a
     `javascript:alert(...)` call:
 
-+makeExcerpt('app/bypass-security.component.html ()', 'dangerous-url')
+  +makeExcerpt('app/bypass-security.component.html', 'URL')
 
   :marked
     Normally, Angular automatically sanitizes the URL, disables the dangerous code, and
@@ -188,9 +193,10 @@ figure.image-display
     could execute. So call a method on the controller to construct a trusted video URL, that causes
     Angular to then allow binding into `<iframe src>`:
 
-+makeExcerpt('app/bypass-security.component.html ()', 'iframe-videoid')
+  +makeExcerpt('app/bypass-security.component.html', 'iframe')
   +makeExcerpt('app/bypass-security.component.ts ()', 'trust-video-url')
 
+block http
   .l-main-section
   h2#http HTTP-level vulnerabilities
   :marked