Elgato_dark/angular
1
0
Fork 0
mirror of https://github.com/angular/angular synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
angular/packages/core
History
Misko Hevery 6bf99e0eda fix(core): fix possible XSS attack in development through SSR (#40525) 
This is a follow up fix for
894286dd0c.

It turns out that comments can be closed in several ways:
- `<!-->`
- `<!-- -->`
- `<!-- --!>`

All of the above are valid ways to close comment per:
https://html.spec.whatwg.org/multipage/syntax.html#comments

The new fix surrounds `<` and `>` with zero width space so that it
renders in the same way, but it prevents the comment to be closed eagerly.

PR Close #40525
2021-01-26 09:32:27 -08:00
..
global build: update license headers to reference Google LLC (#37205) 2020-05-26 14:26:58 -04:00
schematics refactor(migrations): remove rxjs usage within static queries migration (#38657) 2021-01-21 14:04:20 -08:00
src fix(core): fix possible XSS attack in development through SSR (#40525) 2021-01-26 09:32:27 -08:00
test fix(core): fix possible XSS attack in development through SSR (#40525) 2021-01-26 09:32:27 -08:00
testing fix(core): fix fakeAsync() error messages (#40442) 2021-01-19 09:15:12 -08:00
BUILD.bazel fix(core): disable tsickle pass when producing APF packages (#37221) 2020-05-21 09:14:47 -07:00
index.ts build: update license headers to reference Google LLC (#37205) 2020-05-26 14:26:58 -04:00
package.json build: update peerDependencies of zone.js to 0.10~0.11 (#39809) 2020-11-25 14:25:48 -08:00
PACKAGE.md docs: add package doc files (#26047) 2018-10-05 15:42:14 -07:00
public_api.ts build: update license headers to reference Google LLC (#37205) 2020-05-26 14:26:58 -04:00