diff --git a/public/docs/ts/latest/guide/security.jade b/public/docs/ts/latest/guide/security.jade index edd15655c8..98958083e0 100644 --- a/public/docs/ts/latest/guide/security.jade +++ b/public/docs/ts/latest/guide/security.jade @@ -20,7 +20,7 @@ block includes * [Reporting Vulnerabilities](#report-issues) - * [漏洞举报](#report-issues) + * [举报漏洞](#report-issues) * [Best Practices](#best-practices) @@ -49,18 +49,18 @@ p 运行#[+liveExampleLink2('在线例子')] .l-main-section h2#report-issues Reporting Vulnerabilities -h2#report-issues 漏洞举报 +h2#report-issues 举报漏洞 :marked Email us at [security@angular.io](mailto:security@angular.io) to report vulnerabilities in Angular itself. - 给我们[security@angular.io](mailto:security@angular.io)发邮件,报告Angular本身的漏洞。 + 给我们([security@angular.io](mailto:security@angular.io))发邮件,报告Angular本身的漏洞。 For further details on how Google handles security issues please refer to [Google's security philosophy](https://www.google.com/about/appsecurity/). - 请到[谷歌安全哲学](https://www.google.com/about/appsecurity/)了解关于“谷歌如何处理安全问题”的更多信息。 + 请到[谷歌的安全哲学](https://www.google.com/about/appsecurity/)了解关于“谷歌如何处理安全问题”的更多信息。 .l-main-section h2#best-practices Best Practices @@ -74,23 +74,27 @@ h2#best-practices 最佳实践 log](https://github.com/angular/angular/blob/master/CHANGELOG.md) for security-related updates. * **及时把Angular包更新到最新版本。** - 我们会频繁的更新Angular库,这些更新可能会修复之前版本中发现的安全漏洞。查看Angular的[更新记录](https://github.com/angular/angular/blob/master/CHANGELOG.md),了解与安全有关的更新。 + + 我们会频繁的更新Angular库,这些更新可能会修复之前版本中发现的安全漏洞。查看Angular的[更新记录](https://github.com/angular/angular/blob/master/CHANGELOG.md),了解与安全有关的更新。 * **Don't modify your copy of Angular.** Private, customized versions of Angular tend to fall behind the current version and may neglect important security fixes and enhancements. Instead, share your Angular improvements with the community and make a pull request. - * **不要修改你的Angular副本** - 私有的、定制版的Angular往往跟不上最新版本,这可能导致你忽略重要的安全修复与增强。反之,应该在社区共享你对Angular所做的改进并创建Pull Request。 + * **不要修改你的Angular副本。** + + 私有的、定制版的Angular往往跟不上最新版本,这可能导致你忽略重要的安全修复与增强。反之,应该在社区共享你对Angular所做的改进并创建Pull Request。 * **Avoid Angular APIs marked in the documentation as “[_Security Risk_](#bypass-security-apis)”.** - * **避免使用在本文档中被标记为“[_安全风险_](#bypass-security-apis)”的Angular API。** + + * **避免使用本文档中带“[_安全风险_](#bypass-security-apis)”标记的Angular API。** .l-main-section h2#xss Preventing Cross-Site Scripting (XSS) h2#xss 防范跨站脚本(XSS)攻击 + :marked [Cross-Site Scripting (XSS)](https://en.wikipedia.org/wiki/Cross-site_scripting) enables attackers to inject malicious code into web pages. Such code can then for example steal user's data (in @@ -98,7 +102,7 @@ h2#xss 防范跨站脚本(XSS)攻击 common attacks on the web. [跨站脚本(XSS)](https://en.wikipedia.org/wiki/Cross-site_scripting)允许攻击者将恶意代码注入到页面中。这些代码可以偷取用户数据 - (特别是他们的登陆数据),还可以冒充用户执行操作。它是Web上最常见的攻击方式之一。 + (特别是他们的登录数据),还可以冒充用户执行操作。它是Web上最常见的攻击方式之一。 To block XSS attacks, we must prevent malicious code from entering the DOM. For example, if an attacker can trick us into inserting a `