angular-docs-cn/packages/platform-browser
Peter Bacon Darwin a751649c8d fix(core): use appropriate inert document strategy for Firefox & Safari (#17019)
Both Firefox and Safari are vulnerable to XSS if we use an inert document
created via `document.implementation.createHTMLDocument()`.

Now we check for those vulnerabilities and then use a DOMParser or XHR
strategy if needed.

Further the platform-server has its own library for parsing HTML, so we
sniff for that (by checking whether DOMParser exists) and fall back to
the standard strategy.

Thanks to @cure53 for the heads up on this issue.

PR Close #17019
2018-02-08 08:55:15 -08:00
..
animations fix(core): should check Zone existance when scheduleMicroTask (#20656) 2018-02-02 07:53:55 -08:00
src fix(core): use appropriate inert document strategy for Firefox & Safari (#17019) 2018-02-08 08:55:15 -08:00
test fix(core): use appropriate inert document strategy for Firefox & Safari (#17019) 2018-02-08 08:55:15 -08:00
testing build: move repeated tsconfig attributes to a macro (#20964) 2018-01-10 12:30:19 -08:00
BUILD.bazel build: move repeated tsconfig attributes to a macro (#20964) 2018-01-10 12:30:19 -08:00
index.ts refactor: move angular source to /packages rather than modules/@angular 2017-03-08 16:29:27 -08:00
package.json build: roll up to named .js files rather than 'index.js' (#19190) 2017-09-19 16:59:18 -07:00
public_api.ts build: publish tree of files rather than FESMs (#18541) 2017-08-31 15:34:50 -07:00
rollup.config.js refactor: make all rollup config ES5 compatible (#20028) 2017-10-30 23:09:17 -04:00
tsconfig-build.json fix: don’t use the global `ng` at all with closure enhanced optimizations 2017-09-27 10:09:56 -07:00