Go to file

Harri Lehtola b950d4675f fix(core): do not trigger CSP alert/report in Firefox and Chrome (#36578 ) (#36578 ) If [innerHTML] is used in a component and a Content-Security-Policy is set that does not allow inline styles then Firefox and Chrome show the following message: > Content Security Policy: The page’s settings observed the loading of a resource at self (“default-src”). A CSP report is being sent. This message is caused because Angular is creating an inline style tag to test for a browser bug that we use to decide what sanitization strategy to use, which causes CSP violation errors if inline CSS is prohibited. This test is no longer necessary, since the `DOMParser` is now safe to use and the `style` based check is redundant. In this fix, we default to using `DOMParser` if it is available and fall back to `createHTMLDocument()` if needed. This is the approach used by DOMPurify too. The related unit tests in `html_sanitizer_spec.ts`, "should not allow JavaScript execution when creating inert document" and "should not allow JavaScript hidden in badly formed HTML to get through sanitization (Firefox bug)", are left untouched to assert that the behavior hasn't changed in those scenarios. Fixes #25214. PR Close #36578		2020-06-26 14:54:08 -07:00
.circleci	ci(docs-infra): store JS bundles as CI artifacts to debug size check flakes (#37703 )	2020-06-25 17:29:35 -07:00
.devcontainer	build: update the recommended `Dockerfile` for VSCode remote development (#34697 )	2020-01-09 13:31:14 -08:00
.github	docs: update the stackblitz in the GitHub Issue template (#37219 )	2020-06-03 15:55:44 -07:00
.ng-dev	ci: exclude "docs" commit type from minBodyLength commit message validation (#37764 )	2020-06-26 11:13:09 -07:00
.vscode	build: fix @bazel/bazel to bazelisk leftovers (#36132 )	2020-03-19 08:58:47 -07:00
.yarn	build: update to latest version of yarn (#36464 )	2020-04-14 12:47:30 -07:00
aio	docs: add note about the month being zero-based in the Date constructor (#37770 )	2020-06-26 09:55:18 -07:00
dev-infra	feat(dev-infra): add support for minBodyLengthTypeExcludes to commit-message validation (#37764 )	2020-06-26 11:13:09 -07:00
docs	docs: correct outdated dev instructions for public api golds (#37026 )	2020-06-26 09:56:32 -07:00
goldens	refactor(core): throw more descriptive error message in case of invalid host element (#35916 )	2020-06-26 11:10:14 -07:00
integration	fix(migrations): do not incorrectly add todo for @Injectable or @Pipe (#37732 )	2020-06-25 14:22:08 -07:00
modules	refactor(dev-infra): ng_rollup_bundle rule should leverage `@bazel/rollup` (#37623 )	2020-06-22 10:55:28 -07:00
packages	fix(core): do not trigger CSP alert/report in Firefox and Chrome (#36578 ) (#36578 )	2020-06-26 14:54:08 -07:00
scripts	style(dev-infra): enforce format on newly included files (#36940 )	2020-06-12 15:06:41 -07:00
third_party	build: move shims_for_IE to third_party directory (#37624 )	2020-06-26 11:09:01 -07:00
tools	refactor(dev-infra): ng_rollup_bundle rule should leverage `@bazel/rollup` (#37623 )	2020-06-22 10:55:28 -07:00
.bazelignore	build: add npm package manifest to npm_integration_test (#35669 )	2020-02-26 12:58:35 -08:00
.bazelrc	build: do not build runfile trees unnecessarily (#36914 )	2020-05-05 12:00:04 -07:00
.bazelversion	build: upgrade to bazel 3.2.0 and rules_nodejs 1.7.0 (#37358 )	2020-06-08 09:15:50 -07:00
.clang-format	feat(tooling): Add a .clang-format for automated JavaScript formatting.	2015-04-02 08:44:34 -07:00
.editorconfig	build: use https link to editorconfig.org in .editorconfig (#27664 )	2018-12-18 09:30:09 -08:00
.gitattributes	test: fix ts api guardian and public guard tests on windows (#30105 )	2019-04-26 16:32:22 -07:00
.gitignore	ci: do not run benchmark measurements in circleci (#34753 )	2020-01-29 09:22:27 -08:00
.mailmap	build: add a Git .mailmap with my new name (#19550 )	2017-10-09 14:35:30 -07:00
.nvmrc	build: migrate to node@12.14.1 (#34955 )	2020-01-27 09:31:22 -08:00
.pullapprove.yml	ci(compiler-cli): exempt compiler-cli .bazel files from dev-infra approval (#37558 )	2020-06-25 11:47:50 -07:00
.yarnrc	build: update to latest version of yarn (#36464 )	2020-04-14 12:47:30 -07:00
BUILD.bazel	build: move shims_for_IE to third_party directory (#37624 )	2020-06-26 11:09:01 -07:00
CHANGELOG.md	docs: release notes for the v10.0.1 release	2020-06-26 13:35:40 -07:00
CODE_OF_CONDUCT.md	docs: fix community tab in GitHub by copying CoC	2018-02-27 19:02:30 -08:00
CONTRIBUTING.md	docs: fix grammatical errors in developer docs (#37633 )	2020-06-18 16:04:58 -07:00
LICENSE	build: bump year (#34651 )	2020-01-13 07:21:43 -08:00
README.md	docs: remove browserstack badge from readme (#35684 )	2020-03-17 09:29:43 -07:00
WORKSPACE	build: upgrade to bazel 3.2.0 and rules_nodejs 1.7.0 (#37358 )	2020-06-08 09:15:50 -07:00
browser-providers.conf.js	ci: disable saucelabs tests on Firefox ESR while investigating failures (#37647 )	2020-06-22 10:56:28 -07:00
gulpfile.js	build: update license headers to reference Google LLC (#37205 )	2020-05-26 14:26:58 -04:00
karma-js.conf.js	build: move shims_for_IE to third_party directory (#37624 )	2020-06-26 11:09:01 -07:00
package.json	refactor(dev-infra): ng_rollup_bundle rule should leverage `@bazel/rollup` (#37623 )	2020-06-22 10:55:28 -07:00
test-events.js	build: update license headers to reference Google LLC (#37205 )	2020-05-26 14:26:58 -04:00
test-main.js	build: import in-memory-web-api project (#37182 )	2020-06-15 14:28:37 -07:00
tslint.json	build: Update file-header lint rule to Google LLC (#37205 )	2020-05-26 14:26:58 -04:00
yarn.lock	refactor(dev-infra): ng_rollup_bundle rule should leverage `@bazel/rollup` (#37623 )	2020-06-22 10:55:28 -07:00
yarn.lock.readme.md	build: remove travisci leftovers (#27979 )	2019-01-09 10:41:16 -08:00

README.md

Angular

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages.

Quickstart

Get started in 5 minutes.

Changelog

Learn about the latest improvements.

Want to help?

Want to file a bug, contribute some code, or improve documentation? Excellent! Read up on our guidelines for contributing and then check out one of our issues in the hotlist: community-help.