@angular/core 9.1.9 → 9.1.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bundles/core-testing.umd.js +1 -1
- package/bundles/core-testing.umd.min.js +1 -1
- package/bundles/core-testing.umd.min.js.map +1 -1
- package/bundles/core.umd.js +68 -17
- package/bundles/core.umd.js.map +1 -1
- package/bundles/core.umd.min.js +117 -110
- package/bundles/core.umd.min.js.map +1 -1
- package/core.d.ts +1 -1
- package/core.metadata.json +1 -1
- package/esm2015/src/render3/di.js +29 -16
- package/esm2015/src/render3/instructions/shared.js +3 -2
- package/esm2015/src/util/dom.js +36 -0
- package/esm2015/src/util/is_dev_mode.js +7 -1
- package/esm2015/src/version.js +1 -1
- package/esm2015/src/view/services.js +4 -3
- package/esm5/src/render3/di.js +22 -12
- package/esm5/src/render3/instructions/shared.js +3 -2
- package/esm5/src/util/dom.js +36 -0
- package/esm5/src/util/is_dev_mode.js +7 -1
- package/esm5/src/version.js +1 -1
- package/esm5/src/view/services.js +4 -3
- package/fesm2015/core.js +74 -20
- package/fesm2015/core.js.map +1 -1
- package/fesm2015/testing.js +1 -1
- package/fesm5/core.js +68 -17
- package/fesm5/core.js.map +1 -1
- package/fesm5/testing.js +1 -1
- package/package.json +1 -1
- package/src/r3_symbols.d.ts +1 -1
- package/testing/testing.d.ts +1 -1
- package/testing.d.ts +1 -1
package/bundles/core.umd.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* @license Angular v9.1.
|
|
2
|
+
* @license Angular v9.1.13
|
|
3
3
|
* (c) 2010-2020 Google LLC. https://angular.io/
|
|
4
4
|
* License: MIT
|
|
5
5
|
*/
|
|
@@ -4242,18 +4242,28 @@
|
|
|
4242
4242
|
*/
|
|
4243
4243
|
function ɵɵgetInheritedFactory(type) {
|
|
4244
4244
|
return noSideEffects(function () {
|
|
4245
|
-
var
|
|
4246
|
-
var
|
|
4247
|
-
|
|
4248
|
-
|
|
4249
|
-
|
|
4250
|
-
|
|
4251
|
-
|
|
4252
|
-
//
|
|
4253
|
-
//
|
|
4254
|
-
//
|
|
4255
|
-
|
|
4256
|
-
|
|
4245
|
+
var ownConstructor = type.prototype.constructor;
|
|
4246
|
+
var ownFactory = ownConstructor[NG_FACTORY_DEF] || ɵɵgetFactoryOf(ownConstructor);
|
|
4247
|
+
var objectPrototype = Object.prototype;
|
|
4248
|
+
var parent = Object.getPrototypeOf(type.prototype).constructor;
|
|
4249
|
+
// Go up the prototype until we hit `Object`.
|
|
4250
|
+
while (parent && parent !== objectPrototype) {
|
|
4251
|
+
var factory = parent[NG_FACTORY_DEF] || ɵɵgetFactoryOf(parent);
|
|
4252
|
+
// If we hit something that has a factory and the factory isn't the same as the type,
|
|
4253
|
+
// we've found the inherited factory. Note the check that the factory isn't the type's
|
|
4254
|
+
// own factory is redundant in most cases, but if the user has custom decorators on the
|
|
4255
|
+
// class, this lookup will start one level down in the prototype chain, causing us to
|
|
4256
|
+
// find the own factory first and potentially triggering an infinite loop downstream.
|
|
4257
|
+
if (factory && factory !== ownFactory) {
|
|
4258
|
+
return factory;
|
|
4259
|
+
}
|
|
4260
|
+
parent = Object.getPrototypeOf(parent);
|
|
4261
|
+
}
|
|
4262
|
+
// There is no factory defined. Either this was improper usage of inheritance
|
|
4263
|
+
// (no Angular decorator on the superclass) or there is no constructor at all
|
|
4264
|
+
// in the inheritance chain. Since the two cases cannot be distinguished, the
|
|
4265
|
+
// latter has to be assumed.
|
|
4266
|
+
return function (t) { return new t(); };
|
|
4257
4267
|
});
|
|
4258
4268
|
}
|
|
4259
4269
|
|
|
@@ -4587,6 +4597,11 @@
|
|
|
4587
4597
|
if (_runModeLocked) {
|
|
4588
4598
|
throw new Error('Cannot enable prod mode after platform setup.');
|
|
4589
4599
|
}
|
|
4600
|
+
// The below check is there so when ngDevMode is set via terser
|
|
4601
|
+
// `global['ngDevMode'] = false;` is also dropped.
|
|
4602
|
+
if (typeof ngDevMode === undefined || !!ngDevMode) {
|
|
4603
|
+
_global['ngDevMode'] = false;
|
|
4604
|
+
}
|
|
4590
4605
|
_devMode = false;
|
|
4591
4606
|
}
|
|
4592
4607
|
|
|
@@ -5405,6 +5420,42 @@
|
|
|
5405
5420
|
return lView && lView[SANITIZER];
|
|
5406
5421
|
}
|
|
5407
5422
|
|
|
5423
|
+
/**
|
|
5424
|
+
* @license
|
|
5425
|
+
* Copyright Google Inc. All Rights Reserved.
|
|
5426
|
+
*
|
|
5427
|
+
* Use of this source code is governed by an MIT-style license that can be
|
|
5428
|
+
* found in the LICENSE file at https://angular.io/license
|
|
5429
|
+
*/
|
|
5430
|
+
var END_COMMENT = /-->/g;
|
|
5431
|
+
var END_COMMENT_ESCAPED = '-\u200B-\u200B>';
|
|
5432
|
+
/**
|
|
5433
|
+
* Escape the content of the strings so that it can be safely inserted into a comment node.
|
|
5434
|
+
*
|
|
5435
|
+
* The issue is that HTML does not specify any way to escape comment end text inside the comment.
|
|
5436
|
+
* `<!-- The way you close a comment is with "-->". -->`. Above the `"-->"` is meant to be text not
|
|
5437
|
+
* an end to the comment. This can be created programmatically through DOM APIs.
|
|
5438
|
+
*
|
|
5439
|
+
* ```
|
|
5440
|
+
* div.innerHTML = div.innerHTML
|
|
5441
|
+
* ```
|
|
5442
|
+
*
|
|
5443
|
+
* One would expect that the above code would be safe to do, but it turns out that because comment
|
|
5444
|
+
* text is not escaped, the comment may contain text which will prematurely close the comment
|
|
5445
|
+
* opening up the application for XSS attack. (In SSR we programmatically create comment nodes which
|
|
5446
|
+
* may contain such text and expect them to be safe.)
|
|
5447
|
+
*
|
|
5448
|
+
* This function escapes the comment text by looking for the closing char sequence `-->` and replace
|
|
5449
|
+
* it with `-_-_>` where the `_` is a zero width space `\u200B`. The result is that if a comment
|
|
5450
|
+
* contains `-->` text it will render normally but it will not cause the HTML parser to close the
|
|
5451
|
+
* comment.
|
|
5452
|
+
*
|
|
5453
|
+
* @param value text to make safe for comment node by escaping the comment close character sequence
|
|
5454
|
+
*/
|
|
5455
|
+
function escapeCommentText(value) {
|
|
5456
|
+
return value.replace(END_COMMENT, END_COMMENT_ESCAPED);
|
|
5457
|
+
}
|
|
5458
|
+
|
|
5408
5459
|
/**
|
|
5409
5460
|
* @license
|
|
5410
5461
|
* Copyright Google Inc. All Rights Reserved.
|
|
@@ -8370,7 +8421,7 @@
|
|
|
8370
8421
|
}
|
|
8371
8422
|
}
|
|
8372
8423
|
else {
|
|
8373
|
-
var textContent = "bindings=" + JSON.stringify((_a = {}, _a[attrName] = debugValue, _a), null, 2);
|
|
8424
|
+
var textContent = escapeCommentText("bindings=" + JSON.stringify((_a = {}, _a[attrName] = debugValue, _a), null, 2));
|
|
8374
8425
|
if (isProceduralRenderer(renderer)) {
|
|
8375
8426
|
renderer.setValue(element, textContent);
|
|
8376
8427
|
}
|
|
@@ -20219,7 +20270,7 @@
|
|
|
20219
20270
|
/**
|
|
20220
20271
|
* @publicApi
|
|
20221
20272
|
*/
|
|
20222
|
-
var VERSION = new Version('9.1.
|
|
20273
|
+
var VERSION = new Version('9.1.13');
|
|
20223
20274
|
|
|
20224
20275
|
/**
|
|
20225
20276
|
* @license
|
|
@@ -32256,7 +32307,7 @@
|
|
|
32256
32307
|
var el = asElementData(view, elDef.nodeIndex).renderElement;
|
|
32257
32308
|
if (!elDef.element.name) {
|
|
32258
32309
|
// a comment.
|
|
32259
|
-
view.renderer.setValue(el, "bindings=" + JSON.stringify(bindingValues, null, 2));
|
|
32310
|
+
view.renderer.setValue(el, escapeCommentText("bindings=" + JSON.stringify(bindingValues, null, 2)));
|
|
32260
32311
|
}
|
|
32261
32312
|
else {
|
|
32262
32313
|
// a regular element.
|
|
@@ -32545,7 +32596,7 @@
|
|
|
32545
32596
|
return el;
|
|
32546
32597
|
};
|
|
32547
32598
|
DebugRenderer2.prototype.createComment = function (value) {
|
|
32548
|
-
var comment = this.delegate.createComment(value);
|
|
32599
|
+
var comment = this.delegate.createComment(escapeCommentText(value));
|
|
32549
32600
|
var debugCtx = this.createDebugContext(comment);
|
|
32550
32601
|
if (debugCtx) {
|
|
32551
32602
|
indexDebugNode(new DebugNode__PRE_R3__(comment, null, debugCtx));
|