@angular/language-service 12.2.15 → 12.2.17

package/bundles/ivy.js

@@ -1,5 +1,5 @@
 /**
- * @license Angular v12.2.15
+ * @license Angular v12.2.17
  * Copyright Google LLC All Rights Reserved.
  * License: MIT
  */
@@ -2557,6 +2557,7 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'os', 'typescript', 'fs', '
     Identifiers.sanitizeUrlOrResourceUrl = { name: 'ɵɵsanitizeUrlOrResourceUrl', moduleName: CORE };
     Identifiers.trustConstantHtml = { name: 'ɵɵtrustConstantHtml', moduleName: CORE };
     Identifiers.trustConstantResourceUrl = { name: 'ɵɵtrustConstantResourceUrl', moduleName: CORE };
+    Identifiers.validateIframeAttribute = { name: 'ɵɵvalidateIframeAttribute', moduleName: CORE };
 
     /**
      * @license
@@ -7817,6 +7818,84 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'os', 'typescript', 'fs', '
         }
     }
 
+    /**
+     * @license
+     * Copyright Google LLC All Rights Reserved.
+     *
+     * Use of this source code is governed by an MIT-style license that can be
+     * found in the LICENSE file at https://angular.io/license
+     */
+    // =================================================================================================
+    // =================================================================================================
+    // =========== S T O P   -  S T O P   -  S T O P   -  S T O P   -  S T O P   -  S T O P  ===========
+    // =================================================================================================
+    // =================================================================================================
+    //
+    //        DO NOT EDIT THIS LIST OF SECURITY SENSITIVE PROPERTIES WITHOUT A SECURITY REVIEW!
+    //                               Reach out to mprobst for details.
+    //
+    // =================================================================================================
+    /** Map from tagName|propertyName to SecurityContext. Properties applying to all tags use '*'. */
+    let _SECURITY_SCHEMA;
+    function SECURITY_SCHEMA() {
+        if (!_SECURITY_SCHEMA) {
+            _SECURITY_SCHEMA = {};
+            // Case is insignificant below, all element and attribute names are lower-cased for lookup.
+            registerContext(SecurityContext.HTML, [
+                'iframe|srcdoc',
+                '*|innerHTML',
+                '*|outerHTML',
+            ]);
+            registerContext(SecurityContext.STYLE, ['*|style']);
+            // NB: no SCRIPT contexts here, they are never allowed due to the parser stripping them.
+            registerContext(SecurityContext.URL, [
+                '*|formAction', 'area|href', 'area|ping', 'audio|src', 'a|href',
+                'a|ping', 'blockquote|cite', 'body|background', 'del|cite', 'form|action',
+                'img|src', 'img|srcset', 'input|src', 'ins|cite', 'q|cite',
+                'source|src', 'source|srcset', 'track|src', 'video|poster', 'video|src',
+            ]);
+            registerContext(SecurityContext.RESOURCE_URL, [
+                'applet|code',
+                'applet|codebase',
+                'base|href',
+                'embed|src',
+                'frame|src',
+                'head|profile',
+                'html|manifest',
+                'iframe|src',
+                'link|href',
+                'media|src',
+                'object|codebase',
+                'object|data',
+                'script|src',
+            ]);
+        }
+        return _SECURITY_SCHEMA;
+    }
+    function registerContext(ctx, specs) {
+        for (const spec of specs)
+            _SECURITY_SCHEMA[spec.toLowerCase()] = ctx;
+    }
+    /**
+     * The set of security-sensitive attributes of an `<iframe>` that *must* be
+     * applied as a static attribute only. This ensures that all security-sensitive
+     * attributes are taken into account while creating an instance of an `<iframe>`
+     * at runtime.
+     *
+     * Note: avoid using this set directly, use the `isIframeSecuritySensitiveAttr` function
+     * in the code instead.
+     */
+    const IFRAME_SECURITY_SENSITIVE_ATTRS = new Set(['sandbox', 'allow', 'allowfullscreen', 'referrerpolicy', 'csp', 'fetchpriority']);
+    /**
+     * Checks whether a given attribute name might represent a security-sensitive
+     * attribute of an <iframe>.
+     */
+    function isIframeSecuritySensitiveAttr(attrName) {
+        // The `setAttribute` DOM API is case-insensitive, so we lowercase the value
+        // before checking it against a known security-sensitive attributes.
+        return IFRAME_SECURITY_SENSITIVE_ATTRS.has(attrName.toLowerCase());
+    }
+
     /**
      * @license
      * Copyright Google LLC All Rights Reserved.
@@ -15231,65 +15310,6 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'os', 'typescript', 'fs', '
         })));
     }
 
-    /**
-     * @license
-     * Copyright Google LLC All Rights Reserved.
-     *
-     * Use of this source code is governed by an MIT-style license that can be
-     * found in the LICENSE file at https://angular.io/license
-     */
-    // =================================================================================================
-    // =================================================================================================
-    // =========== S T O P   -  S T O P   -  S T O P   -  S T O P   -  S T O P   -  S T O P  ===========
-    // =================================================================================================
-    // =================================================================================================
-    //
-    //        DO NOT EDIT THIS LIST OF SECURITY SENSITIVE PROPERTIES WITHOUT A SECURITY REVIEW!
-    //                               Reach out to mprobst for details.
-    //
-    // =================================================================================================
-    /** Map from tagName|propertyName to SecurityContext. Properties applying to all tags use '*'. */
-    let _SECURITY_SCHEMA;
-    function SECURITY_SCHEMA() {
-        if (!_SECURITY_SCHEMA) {
-            _SECURITY_SCHEMA = {};
-            // Case is insignificant below, all element and attribute names are lower-cased for lookup.
-            registerContext(SecurityContext.HTML, [
-                'iframe|srcdoc',
-                '*|innerHTML',
-                '*|outerHTML',
-            ]);
-            registerContext(SecurityContext.STYLE, ['*|style']);
-            // NB: no SCRIPT contexts here, they are never allowed due to the parser stripping them.
-            registerContext(SecurityContext.URL, [
-                '*|formAction', 'area|href', 'area|ping', 'audio|src', 'a|href',
-                'a|ping', 'blockquote|cite', 'body|background', 'del|cite', 'form|action',
-                'img|src', 'img|srcset', 'input|src', 'ins|cite', 'q|cite',
-                'source|src', 'source|srcset', 'track|src', 'video|poster', 'video|src',
-            ]);
-            registerContext(SecurityContext.RESOURCE_URL, [
-                'applet|code',
-                'applet|codebase',
-                'base|href',
-                'embed|src',
-                'frame|src',
-                'head|profile',
-                'html|manifest',
-                'iframe|src',
-                'link|href',
-                'media|src',
-                'object|codebase',
-                'object|data',
-                'script|src',
-            ]);
-        }
-        return _SECURITY_SCHEMA;
-    }
-    function registerContext(ctx, specs) {
-        for (const spec of specs)
-            _SECURITY_SCHEMA[spec.toLowerCase()] = ctx;
-    }
-
     /**
      * @license
      * Copyright Google LLC All Rights Reserved.
@@ -17768,9 +17788,19 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'os', 'typescript', 'fs', '
                         const params = [];
                         const [attrNamespace, attrName] = splitNsName(input.name);
                         const isAttributeBinding = inputType === 1 /* Attribute */;
-                        const sanitizationRef = resolveSanitizationFn(input.securityContext, isAttributeBinding);
-                        if (sanitizationRef)
+                        let sanitizationRef = resolveSanitizationFn(input.securityContext, isAttributeBinding);
+                        if (!sanitizationRef) {
+                            // If there was no sanitization function found based on the security context
+                            // of an attribute/property - check whether this attribute/property is
+                            // one of the security-sensitive <iframe> attributes (and that the current
+                            // element is actually an <iframe>).
+                            if (isIframeElement(element.name) && isIframeSecuritySensitiveAttr(input.name)) {
+                                sanitizationRef = importExpr(Identifiers.validateIframeAttribute);
+                            }
+                        }
+                        if (sanitizationRef) {
                             params.push(sanitizationRef);
+                        }
                         if (attrNamespace) {
                             const namespaceLiteral = literal(attrNamespace);
                             if (sanitizationRef) {
@@ -18893,6 +18923,9 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'os', 'typescript', 'fs', '
     function isTextNode(node) {
         return node instanceof Text || node instanceof BoundText || node instanceof Icu;
     }
+    function isIframeElement(tagName) {
+        return tagName.toLowerCase() === 'iframe';
+    }
     function hasTextChildrenOnly(children) {
         return children.every(isTextNode);
     }
@@ -19349,6 +19382,20 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'os', 'typescript', 'fs', '
             if (sanitizerFn) {
                 instructionParams.push(sanitizerFn);
             }
+            else {
+                // If there was no sanitization function found based on the security context
+                // of an attribute/property binding - check whether this attribute/property is
+                // one of the security-sensitive <iframe> attributes.
+                // Note: for host bindings defined on a directive, we do not try to find all
+                // possible places where it can be matched, so we can not determine whether
+                // the host element is an <iframe>. In this case, if an attribute/binding
+                // name is in the `IFRAME_SECURITY_SENSITIVE_ATTRS` set - append a validation
+                // function, which would be invoked at runtime and would have access to the
+                // underlying DOM element, check if it's an <iframe> and if so - runs extra checks.
+                if (isIframeSecuritySensitiveAttr(bindingName)) {
+                    instructionParams.push(importExpr(Identifiers.validateIframeAttribute));
+                }
+            }
             updateStatements.push(...bindingExpr.stmts);
             if (instruction === Identifiers.hostProperty) {
                 propertyBindings.push(instructionParams);
@@ -20028,7 +20075,7 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'os', 'typescript', 'fs', '
      * Use of this source code is governed by an MIT-style license that can be
      * found in the LICENSE file at https://angular.io/license
      */
-    const VERSION$1 = new Version('12.2.15');
+    const VERSION$1 = new Version('12.2.17');
 
     /**
      * @license
@@ -20667,7 +20714,7 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'os', 'typescript', 'fs', '
     function compileDeclareClassMetadata(metadata) {
         const definitionMap = new DefinitionMap();
         definitionMap.set('minVersion', literal(MINIMUM_PARTIAL_LINKER_VERSION));
-        definitionMap.set('version', literal('12.2.15'));
+        definitionMap.set('version', literal('12.2.17'));
         definitionMap.set('ngImport', importExpr(Identifiers.core));
         definitionMap.set('type', metadata.type);
         definitionMap.set('decorators', metadata.decorators);
@@ -20784,7 +20831,7 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'os', 'typescript', 'fs', '
     function createDirectiveDefinitionMap(meta) {
         const definitionMap = new DefinitionMap();
         definitionMap.set('minVersion', literal(MINIMUM_PARTIAL_LINKER_VERSION$1));
-        definitionMap.set('version', literal('12.2.15'));
+        definitionMap.set('version', literal('12.2.17'));
         // e.g. `type: MyDirective`
         definitionMap.set('type', meta.internalType);
         // e.g. `selector: 'some-dir'`
@@ -21002,7 +21049,7 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'os', 'typescript', 'fs', '
     function compileDeclareFactoryFunction(meta) {
         const definitionMap = new DefinitionMap();
         definitionMap.set('minVersion', literal(MINIMUM_PARTIAL_LINKER_VERSION$2));
-        definitionMap.set('version', literal('12.2.15'));
+        definitionMap.set('version', literal('12.2.17'));
         definitionMap.set('ngImport', importExpr(Identifiers.core));
         definitionMap.set('type', meta.internalType);
         definitionMap.set('deps', compileDependencies(meta.deps));
@@ -21044,7 +21091,7 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'os', 'typescript', 'fs', '
     function createInjectableDefinitionMap(meta) {
         const definitionMap = new DefinitionMap();
         definitionMap.set('minVersion', literal(MINIMUM_PARTIAL_LINKER_VERSION$3));
-        definitionMap.set('version', literal('12.2.15'));
+        definitionMap.set('version', literal('12.2.17'));
         definitionMap.set('ngImport', importExpr(Identifiers.core));
         definitionMap.set('type', meta.internalType);
         // Only generate providedIn property if it has a non-null value
@@ -21102,7 +21149,7 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'os', 'typescript', 'fs', '
     function createInjectorDefinitionMap(meta) {
         const definitionMap = new DefinitionMap();
         definitionMap.set('minVersion', literal(MINIMUM_PARTIAL_LINKER_VERSION$4));
-        definitionMap.set('version', literal('12.2.15'));
+        definitionMap.set('version', literal('12.2.17'));
         definitionMap.set('ngImport', importExpr(Identifiers.core));
         definitionMap.set('type', meta.internalType);
         definitionMap.set('providers', meta.providers);
@@ -21139,7 +21186,7 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'os', 'typescript', 'fs', '
     function createNgModuleDefinitionMap(meta) {
         const definitionMap = new DefinitionMap();
         definitionMap.set('minVersion', literal(MINIMUM_PARTIAL_LINKER_VERSION$5));
-        definitionMap.set('version', literal('12.2.15'));
+        definitionMap.set('version', literal('12.2.17'));
         definitionMap.set('ngImport', importExpr(Identifiers.core));
         definitionMap.set('type', meta.internalType);
         // We only generate the keys in the metadata if the arrays contain values.
@@ -21197,7 +21244,7 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'os', 'typescript', 'fs', '
     function createPipeDefinitionMap(meta) {
         const definitionMap = new DefinitionMap();
         definitionMap.set('minVersion', literal(MINIMUM_PARTIAL_LINKER_VERSION$6));
-        definitionMap.set('version', literal('12.2.15'));
+        definitionMap.set('version', literal('12.2.17'));
         definitionMap.set('ngImport', importExpr(Identifiers.core));
         // e.g. `type: MyPipe`
         definitionMap.set('type', meta.internalType);
@@ -21229,7 +21276,7 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'os', 'typescript', 'fs', '
      * Use of this source code is governed by an MIT-style license that can be
      * found in the LICENSE file at https://angular.io/license
      */
-    const VERSION$2 = new Version('12.2.15');
+    const VERSION$2 = new Version('12.2.17');
 
     /**
      * @license

package/bundles/language-service.js

@@ -1,5 +1,5 @@
 /**
- * @license Angular v12.2.15
+ * @license Angular v12.2.17
  * Copyright Google LLC All Rights Reserved.
  * License: MIT
  */
@@ -2176,6 +2176,7 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'typescript', 'path'], func
     Identifiers.sanitizeUrlOrResourceUrl = { name: 'ɵɵsanitizeUrlOrResourceUrl', moduleName: CORE };
     Identifiers.trustConstantHtml = { name: 'ɵɵtrustConstantHtml', moduleName: CORE };
     Identifiers.trustConstantResourceUrl = { name: 'ɵɵtrustConstantResourceUrl', moduleName: CORE };
+    Identifiers.validateIframeAttribute = { name: 'ɵɵvalidateIframeAttribute', moduleName: CORE };
 
     /**
      * @license
@@ -7529,6 +7530,84 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'typescript', 'path'], func
         }
     }
 
+    /**
+     * @license
+     * Copyright Google LLC All Rights Reserved.
+     *
+     * Use of this source code is governed by an MIT-style license that can be
+     * found in the LICENSE file at https://angular.io/license
+     */
+    // =================================================================================================
+    // =================================================================================================
+    // =========== S T O P   -  S T O P   -  S T O P   -  S T O P   -  S T O P   -  S T O P  ===========
+    // =================================================================================================
+    // =================================================================================================
+    //
+    //        DO NOT EDIT THIS LIST OF SECURITY SENSITIVE PROPERTIES WITHOUT A SECURITY REVIEW!
+    //                               Reach out to mprobst for details.
+    //
+    // =================================================================================================
+    /** Map from tagName|propertyName to SecurityContext. Properties applying to all tags use '*'. */
+    let _SECURITY_SCHEMA;
+    function SECURITY_SCHEMA() {
+        if (!_SECURITY_SCHEMA) {
+            _SECURITY_SCHEMA = {};
+            // Case is insignificant below, all element and attribute names are lower-cased for lookup.
+            registerContext(SecurityContext.HTML, [
+                'iframe|srcdoc',
+                '*|innerHTML',
+                '*|outerHTML',
+            ]);
+            registerContext(SecurityContext.STYLE, ['*|style']);
+            // NB: no SCRIPT contexts here, they are never allowed due to the parser stripping them.
+            registerContext(SecurityContext.URL, [
+                '*|formAction', 'area|href', 'area|ping', 'audio|src', 'a|href',
+                'a|ping', 'blockquote|cite', 'body|background', 'del|cite', 'form|action',
+                'img|src', 'img|srcset', 'input|src', 'ins|cite', 'q|cite',
+                'source|src', 'source|srcset', 'track|src', 'video|poster', 'video|src',
+            ]);
+            registerContext(SecurityContext.RESOURCE_URL, [
+                'applet|code',
+                'applet|codebase',
+                'base|href',
+                'embed|src',
+                'frame|src',
+                'head|profile',
+                'html|manifest',
+                'iframe|src',
+                'link|href',
+                'media|src',
+                'object|codebase',
+                'object|data',
+                'script|src',
+            ]);
+        }
+        return _SECURITY_SCHEMA;
+    }
+    function registerContext(ctx, specs) {
+        for (const spec of specs)
+            _SECURITY_SCHEMA[spec.toLowerCase()] = ctx;
+    }
+    /**
+     * The set of security-sensitive attributes of an `<iframe>` that *must* be
+     * applied as a static attribute only. This ensures that all security-sensitive
+     * attributes are taken into account while creating an instance of an `<iframe>`
+     * at runtime.
+     *
+     * Note: avoid using this set directly, use the `isIframeSecuritySensitiveAttr` function
+     * in the code instead.
+     */
+    const IFRAME_SECURITY_SENSITIVE_ATTRS = new Set(['sandbox', 'allow', 'allowfullscreen', 'referrerpolicy', 'csp', 'fetchpriority']);
+    /**
+     * Checks whether a given attribute name might represent a security-sensitive
+     * attribute of an <iframe>.
+     */
+    function isIframeSecuritySensitiveAttr(attrName) {
+        // The `setAttribute` DOM API is case-insensitive, so we lowercase the value
+        // before checking it against a known security-sensitive attributes.
+        return IFRAME_SECURITY_SENSITIVE_ATTRS.has(attrName.toLowerCase());
+    }
+
     /**
      * @license
      * Copyright Google LLC All Rights Reserved.
@@ -16837,65 +16916,6 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'typescript', 'path'], func
         })));
     }
 
-    /**
-     * @license
-     * Copyright Google LLC All Rights Reserved.
-     *
-     * Use of this source code is governed by an MIT-style license that can be
-     * found in the LICENSE file at https://angular.io/license
-     */
-    // =================================================================================================
-    // =================================================================================================
-    // =========== S T O P   -  S T O P   -  S T O P   -  S T O P   -  S T O P   -  S T O P  ===========
-    // =================================================================================================
-    // =================================================================================================
-    //
-    //        DO NOT EDIT THIS LIST OF SECURITY SENSITIVE PROPERTIES WITHOUT A SECURITY REVIEW!
-    //                               Reach out to mprobst for details.
-    //
-    // =================================================================================================
-    /** Map from tagName|propertyName to SecurityContext. Properties applying to all tags use '*'. */
-    let _SECURITY_SCHEMA;
-    function SECURITY_SCHEMA() {
-        if (!_SECURITY_SCHEMA) {
-            _SECURITY_SCHEMA = {};
-            // Case is insignificant below, all element and attribute names are lower-cased for lookup.
-            registerContext(SecurityContext.HTML, [
-                'iframe|srcdoc',
-                '*|innerHTML',
-                '*|outerHTML',
-            ]);
-            registerContext(SecurityContext.STYLE, ['*|style']);
-            // NB: no SCRIPT contexts here, they are never allowed due to the parser stripping them.
-            registerContext(SecurityContext.URL, [
-                '*|formAction', 'area|href', 'area|ping', 'audio|src', 'a|href',
-                'a|ping', 'blockquote|cite', 'body|background', 'del|cite', 'form|action',
-                'img|src', 'img|srcset', 'input|src', 'ins|cite', 'q|cite',
-                'source|src', 'source|srcset', 'track|src', 'video|poster', 'video|src',
-            ]);
-            registerContext(SecurityContext.RESOURCE_URL, [
-                'applet|code',
-                'applet|codebase',
-                'base|href',
-                'embed|src',
-                'frame|src',
-                'head|profile',
-                'html|manifest',
-                'iframe|src',
-                'link|href',
-                'media|src',
-                'object|codebase',
-                'object|data',
-                'script|src',
-            ]);
-        }
-        return _SECURITY_SCHEMA;
-    }
-    function registerContext(ctx, specs) {
-        for (const spec of specs)
-            _SECURITY_SCHEMA[spec.toLowerCase()] = ctx;
-    }
-
     /**
      * @license
      * Copyright Google LLC All Rights Reserved.
@@ -19374,9 +19394,19 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'typescript', 'path'], func
                         const params = [];
                         const [attrNamespace, attrName] = splitNsName(input.name);
                         const isAttributeBinding = inputType === 1 /* Attribute */;
-                        const sanitizationRef = resolveSanitizationFn(input.securityContext, isAttributeBinding);
-                        if (sanitizationRef)
+                        let sanitizationRef = resolveSanitizationFn(input.securityContext, isAttributeBinding);
+                        if (!sanitizationRef) {
+                            // If there was no sanitization function found based on the security context
+                            // of an attribute/property - check whether this attribute/property is
+                            // one of the security-sensitive <iframe> attributes (and that the current
+                            // element is actually an <iframe>).
+                            if (isIframeElement(element.name) && isIframeSecuritySensitiveAttr(input.name)) {
+                                sanitizationRef = importExpr(Identifiers.validateIframeAttribute);
+                            }
+                        }
+                        if (sanitizationRef) {
                             params.push(sanitizationRef);
+                        }
                         if (attrNamespace) {
                             const namespaceLiteral = literal(attrNamespace);
                             if (sanitizationRef) {
@@ -20499,6 +20529,9 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'typescript', 'path'], func
     function isTextNode(node) {
         return node instanceof Text || node instanceof BoundText || node instanceof Icu;
     }
+    function isIframeElement(tagName) {
+        return tagName.toLowerCase() === 'iframe';
+    }
     function hasTextChildrenOnly(children) {
         return children.every(isTextNode);
     }
@@ -20955,6 +20988,20 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'typescript', 'path'], func
             if (sanitizerFn) {
                 instructionParams.push(sanitizerFn);
             }
+            else {
+                // If there was no sanitization function found based on the security context
+                // of an attribute/property binding - check whether this attribute/property is
+                // one of the security-sensitive <iframe> attributes.
+                // Note: for host bindings defined on a directive, we do not try to find all
+                // possible places where it can be matched, so we can not determine whether
+                // the host element is an <iframe>. In this case, if an attribute/binding
+                // name is in the `IFRAME_SECURITY_SENSITIVE_ATTRS` set - append a validation
+                // function, which would be invoked at runtime and would have access to the
+                // underlying DOM element, check if it's an <iframe> and if so - runs extra checks.
+                if (isIframeSecuritySensitiveAttr(bindingName)) {
+                    instructionParams.push(importExpr(Identifiers.validateIframeAttribute));
+                }
+            }
             updateStatements.push(...bindingExpr.stmts);
             if (instruction === Identifiers.hostProperty) {
                 propertyBindings.push(instructionParams);
@@ -21634,7 +21681,7 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'typescript', 'path'], func
      * Use of this source code is governed by an MIT-style license that can be
      * found in the LICENSE file at https://angular.io/license
      */
-    const VERSION$1 = new Version('12.2.15');
+    const VERSION$1 = new Version('12.2.17');
 
     /**
      * @license
@@ -29569,6 +29616,7 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'typescript', 'path'], func
         "300" /* MULTIPLE_COMPONENTS_MATCH */,
         "301" /* EXPORT_NOT_FOUND */,
         "302" /* PIPE_NOT_FOUND */,
+        "910" /* UNSAFE_IFRAME_ATTRS */,
     ]);
     /* tslint:enable:no-toplevel-property-access */
     /** Called to format a runtime error */
@@ -32902,194 +32950,23 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'typescript', 'path'], func
      * found in the LICENSE file at https://angular.io/license
      */
     /**
-     * The Trusted Types policy, or null if Trusted Types are not
-     * enabled/supported, or undefined if the policy has not been created yet.
-     */
-    let policy$1;
-    /**
-     * Returns the Trusted Types policy, or null if Trusted Types are not
-     * enabled/supported. The first call to this function will create the policy.
-     */
-    function getPolicy$1() {
-        if (policy$1 === undefined) {
-            policy$1 = null;
-            if (_global$1.trustedTypes) {
-                try {
-                    policy$1 = _global$1.trustedTypes.createPolicy('angular', {
-                        createHTML: (s) => s,
-                        createScript: (s) => s,
-                        createScriptURL: (s) => s,
-                    });
-                }
-                catch (_a) {
-                    // trustedTypes.createPolicy throws if called with a name that is
-                    // already registered, even in report-only mode. Until the API changes,
-                    // catch the error not to break the applications functionally. In such
-                    // cases, the code will fall back to using strings.
-                }
-            }
-        }
-        return policy$1;
-    }
-    /**
-     * Unsafely promote a string to a TrustedScript, falling back to strings when
-     * Trusted Types are not available.
-     * @security In particular, it must be assured that the provided string will
-     * never cause an XSS vulnerability if used in a context that will be
-     * interpreted and executed as a script by a browser, e.g. when calling eval.
-     */
-    function trustedScriptFromString$1(script) {
-        var _a;
-        return ((_a = getPolicy$1()) === null || _a === void 0 ? void 0 : _a.createScript(script)) || script;
-    }
-    /**
-     * Unsafely call the Function constructor with the given string arguments. It
-     * is only available in development mode, and should be stripped out of
-     * production code.
-     * @security This is a security-sensitive function; any use of this function
-     * must go through security review. In particular, it must be assured that it
-     * is only called from development code, as use in production code can lead to
-     * XSS vulnerabilities.
-     */
-    function newTrustedFunctionForDev(...args) {
-        if (typeof ngDevMode === 'undefined') {
-            throw new Error('newTrustedFunctionForDev should never be called in production');
-        }
-        if (!_global$1.trustedTypes) {
-            // In environments that don't support Trusted Types, fall back to the most
-            // straightforward implementation:
-            return new Function(...args);
-        }
-        // Chrome currently does not support passing TrustedScript to the Function
-        // constructor. The following implements the workaround proposed on the page
-        // below, where the Chromium bug is also referenced:
-        // https://github.com/w3c/webappsec-trusted-types/wiki/Trusted-Types-for-function-constructor
-        const fnArgs = args.slice(0, -1).join(',');
-        const fnBody = args[args.length - 1];
-        const body = `(function anonymous(${fnArgs}
-) { ${fnBody}
-})`;
-        // Using eval directly confuses the compiler and prevents this module from
-        // being stripped out of JS binaries even if not used. The global['eval']
-        // indirection fixes that.
-        const fn = _global$1['eval'](trustedScriptFromString$1(body));
-        if (fn.bind === undefined) {
-            // Workaround for a browser bug that only exists in Chrome 83, where passing
-            // a TrustedScript to eval just returns the TrustedScript back without
-            // evaluating it. In that case, fall back to the most straightforward
-            // implementation:
-            return new Function(...args);
-        }
-        // To completely mimic the behavior of calling "new Function", two more
-        // things need to happen:
-        // 1. Stringifying the resulting function should return its source code
-        fn.toString = () => body;
-        // 2. When calling the resulting function, `this` should refer to `global`
-        return fn.bind(_global$1);
-        // When Trusted Types support in Function constructors is widely available,
-        // the implementation of this function can be simplified to:
-        // return new Function(...args.map(a => trustedScriptFromString(a)));
-    }
-
-    /**
-     * @license
-     * Copyright Google LLC All Rights Reserved.
-     *
-     * Use of this source code is governed by an MIT-style license that can be
-     * found in the LICENSE file at https://angular.io/license
-     */
-    function tagSet(tags) {
-        const res = {};
-        for (const t of tags.split(','))
-            res[t] = true;
-        return res;
-    }
-    function merge(...sets) {
-        const res = {};
-        for (const s of sets) {
-            for (const v in s) {
-                if (s.hasOwnProperty(v))
-                    res[v] = true;
-            }
-        }
-        return res;
-    }
-    // Good source of info about elements and attributes
-    // https://html.spec.whatwg.org/#semantics
-    // https://simon.html5.org/html-elements
-    // Safe Void Elements - HTML5
-    // https://html.spec.whatwg.org/#void-elements
-    const VOID_ELEMENTS = tagSet('area,br,col,hr,img,wbr');
-    // Elements that you can, intentionally, leave open (and which close themselves)
-    // https://html.spec.whatwg.org/#optional-tags
-    const OPTIONAL_END_TAG_BLOCK_ELEMENTS = tagSet('colgroup,dd,dt,li,p,tbody,td,tfoot,th,thead,tr');
-    const OPTIONAL_END_TAG_INLINE_ELEMENTS = tagSet('rp,rt');
-    const OPTIONAL_END_TAG_ELEMENTS = merge(OPTIONAL_END_TAG_INLINE_ELEMENTS, OPTIONAL_END_TAG_BLOCK_ELEMENTS);
-    // Safe Block Elements - HTML5
-    const BLOCK_ELEMENTS = merge(OPTIONAL_END_TAG_BLOCK_ELEMENTS, tagSet('address,article,' +
-        'aside,blockquote,caption,center,del,details,dialog,dir,div,dl,figure,figcaption,footer,h1,h2,h3,h4,h5,' +
-        'h6,header,hgroup,hr,ins,main,map,menu,nav,ol,pre,section,summary,table,ul'));
-    // Inline Elements - HTML5
-    const INLINE_ELEMENTS = merge(OPTIONAL_END_TAG_INLINE_ELEMENTS, tagSet('a,abbr,acronym,audio,b,' +
-        'bdi,bdo,big,br,cite,code,del,dfn,em,font,i,img,ins,kbd,label,map,mark,picture,q,ruby,rp,rt,s,' +
-        'samp,small,source,span,strike,strong,sub,sup,time,track,tt,u,var,video'));
-    const VALID_ELEMENTS = merge(VOID_ELEMENTS, BLOCK_ELEMENTS, INLINE_ELEMENTS, OPTIONAL_END_TAG_ELEMENTS);
-    // Attributes that have href and hence need to be sanitized
-    const URI_ATTRS = tagSet('background,cite,href,itemtype,longdesc,poster,src,xlink:href');
-    // Attributes that have special href set hence need to be sanitized
-    const SRCSET_ATTRS = tagSet('srcset');
-    const HTML_ATTRS = tagSet('abbr,accesskey,align,alt,autoplay,axis,bgcolor,border,cellpadding,cellspacing,class,clear,color,cols,colspan,' +
-        'compact,controls,coords,datetime,default,dir,download,face,headers,height,hidden,hreflang,hspace,' +
-        'ismap,itemscope,itemprop,kind,label,lang,language,loop,media,muted,nohref,nowrap,open,preload,rel,rev,role,rows,rowspan,rules,' +
-        'scope,scrolling,shape,size,sizes,span,srclang,start,summary,tabindex,target,title,translate,type,usemap,' +
-        'valign,value,vspace,width');
-    // Accessibility attributes as per WAI-ARIA 1.1 (W3C Working Draft 14 December 2018)
-    const ARIA_ATTRS = tagSet('aria-activedescendant,aria-atomic,aria-autocomplete,aria-busy,aria-checked,aria-colcount,aria-colindex,' +
-        'aria-colspan,aria-controls,aria-current,aria-describedby,aria-details,aria-disabled,aria-dropeffect,' +
-        'aria-errormessage,aria-expanded,aria-flowto,aria-grabbed,aria-haspopup,aria-hidden,aria-invalid,' +
-        'aria-keyshortcuts,aria-label,aria-labelledby,aria-level,aria-live,aria-modal,aria-multiline,' +
-        'aria-multiselectable,aria-orientation,aria-owns,aria-placeholder,aria-posinset,aria-pressed,aria-readonly,' +
-        'aria-relevant,aria-required,aria-roledescription,aria-rowcount,aria-rowindex,aria-rowspan,aria-selected,' +
-        'aria-setsize,aria-sort,aria-valuemax,aria-valuemin,aria-valuenow,aria-valuetext');
-    // NB: This currently consciously doesn't support SVG. SVG sanitization has had several security
-    // issues in the past, so it seems safer to leave it out if possible. If support for binding SVG via
-    // innerHTML is required, SVG attributes should be added here.
-    // NB: Sanitization does not allow <form> elements or other active elements (<button> etc). Those
-    // can be sanitized, but they increase security surface area without a legitimate use case, so they
-    // are left out here.
-    const VALID_ATTRS = merge(URI_ATTRS, SRCSET_ATTRS, HTML_ATTRS, ARIA_ATTRS);
-    // Elements whose content should not be traversed/preserved, if the elements themselves are invalid.
-    //
-    // Typically, `<invalid>Some content</invalid>` would traverse (and in this case preserve)
-    // `Some content`, but strip `invalid-element` opening/closing tags. For some elements, though, we
-    // don't want to preserve the content, if the elements themselves are going to be removed.
-    const SKIP_TRAVERSING_CONTENT_IF_INVALID_ELEMENTS = tagSet('script,style,template');
-
-    /**
-     * @license
-     * Copyright Google LLC All Rights Reserved.
-     *
-     * Use of this source code is governed by an MIT-style license that can be
-     * found in the LICENSE file at https://angular.io/license
-     */
-    /**
-     * A SecurityContext marks a location that has dangerous security implications, e.g. a DOM property
-     * like `innerHTML` that could cause Cross Site Scripting (XSS) security bugs when improperly
-     * handled.
-     *
-     * See DomSanitizer for more details on security in Angular applications.
-     *
+     * Flags for renderer-specific style modifiers.
      * @publicApi
      */
-    var SecurityContext$1;
-    (function (SecurityContext) {
-        SecurityContext[SecurityContext["NONE"] = 0] = "NONE";
-        SecurityContext[SecurityContext["HTML"] = 1] = "HTML";
-        SecurityContext[SecurityContext["STYLE"] = 2] = "STYLE";
-        SecurityContext[SecurityContext["SCRIPT"] = 3] = "SCRIPT";
-        SecurityContext[SecurityContext["URL"] = 4] = "URL";
-        SecurityContext[SecurityContext["RESOURCE_URL"] = 5] = "RESOURCE_URL";
-    })(SecurityContext$1 || (SecurityContext$1 = {}));
+    var RendererStyleFlags2;
+    (function (RendererStyleFlags2) {
+        // TODO(misko): This needs to be refactored into a separate file so that it can be imported from
+        // `node_manipulation.ts` Currently doing the import cause resolution order to change and fails
+        // the tests. The work around is to have hard coded value in `node_manipulation.ts` for now.
+        /**
+         * Marks a style as important.
+         */
+        RendererStyleFlags2[RendererStyleFlags2["Important"] = 1] = "Important";
+        /**
+         * Marks a style as using dash case naming (this-is-dash-case).
+         */
+        RendererStyleFlags2[RendererStyleFlags2["DashCase"] = 2] = "DashCase";
+    })(RendererStyleFlags2 || (RendererStyleFlags2 = {}));
 
     /**
      * @license
@@ -33126,182 +33003,6 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'typescript', 'path'], func
         return null;
     }
 
-    /**
-     * @license
-     * Copyright Google LLC All Rights Reserved.
-     *
-     * Use of this source code is governed by an MIT-style license that can be
-     * found in the LICENSE file at https://angular.io/license
-     */
-    const ERROR_DEBUG_CONTEXT = 'ngDebugContext';
-    const ERROR_ORIGINAL_ERROR = 'ngOriginalError';
-    const ERROR_LOGGER = 'ngErrorLogger';
-
-    /**
-     * @license
-     * Copyright Google LLC All Rights Reserved.
-     *
-     * Use of this source code is governed by an MIT-style license that can be
-     * found in the LICENSE file at https://angular.io/license
-     */
-    function getDebugContext(error) {
-        return error[ERROR_DEBUG_CONTEXT];
-    }
-    function getOriginalError(error) {
-        return error[ERROR_ORIGINAL_ERROR];
-    }
-    function getErrorLogger(error) {
-        return error && error[ERROR_LOGGER] || defaultErrorLogger;
-    }
-    function defaultErrorLogger(console, ...values) {
-        console.error(...values);
-    }
-
-    /**
-     * @license
-     * Copyright Google LLC All Rights Reserved.
-     *
-     * Use of this source code is governed by an MIT-style license that can be
-     * found in the LICENSE file at https://angular.io/license
-     */
-    /**
-     * Provides a hook for centralized exception handling.
-     *
-     * The default implementation of `ErrorHandler` prints error messages to the `console`. To
-     * intercept error handling, write a custom exception handler that replaces this default as
-     * appropriate for your app.
-     *
-     * @usageNotes
-     * ### Example
-     *
-     * ```
-     * class MyErrorHandler implements ErrorHandler {
-     *   handleError(error) {
-     *     // do something with the exception
-     *   }
-     * }
-     *
-     * @NgModule({
-     *   providers: [{provide: ErrorHandler, useClass: MyErrorHandler}]
-     * })
-     * class MyModule {}
-     * ```
-     *
-     * @publicApi
-     */
-    class ErrorHandler {
-        constructor() {
-            /**
-             * @internal
-             */
-            this._console = console;
-        }
-        handleError(error) {
-            const originalError = this._findOriginalError(error);
-            const context = this._findContext(error);
-            // Note: Browser consoles show the place from where console.error was called.
-            // We can use this to give users additional information about the error.
-            const errorLogger = getErrorLogger(error);
-            errorLogger(this._console, `ERROR`, error);
-            if (originalError) {
-                errorLogger(this._console, `ORIGINAL ERROR`, originalError);
-            }
-            if (context) {
-                errorLogger(this._console, 'ERROR CONTEXT', context);
-            }
-        }
-        /** @internal */
-        _findContext(error) {
-            return error ? (getDebugContext(error) || this._findContext(getOriginalError(error))) : null;
-        }
-        /** @internal */
-        _findOriginalError(error) {
-            let e = error && getOriginalError(error);
-            while (e && getOriginalError(e)) {
-                e = getOriginalError(e);
-            }
-            return e || null;
-        }
-    }
-
-    /**
-     * @license
-     * Copyright Google LLC All Rights Reserved.
-     *
-     * Use of this source code is governed by an MIT-style license that can be
-     * found in the LICENSE file at https://angular.io/license
-     */
-    /**
-     * THIS FILE CONTAINS CODE WHICH SHOULD BE TREE SHAKEN AND NEVER CALLED FROM PRODUCTION CODE!!!
-     */
-    /**
-     * Creates an `Array` construction with a given name. This is useful when
-     * looking for memory consumption to see what time of array it is.
-     *
-     *
-     * @param name Name to give to the constructor
-     * @returns A subclass of `Array` if possible. This can only be done in
-     *          environments which support `class` construct.
-     */
-    function createNamedArrayType(name) {
-        // This should never be called in prod mode, so let's verify that is the case.
-        if (ngDevMode) {
-            try {
-                // If this function were compromised the following could lead to arbitrary
-                // script execution. We bless it with Trusted Types anyway since this
-                // function is stripped out of production binaries.
-                return (newTrustedFunctionForDev('Array', `return class ${name} extends Array{}`))(Array);
-            }
-            catch (e) {
-                // If it does not work just give up and fall back to regular Array.
-                return Array;
-            }
-        }
-        else {
-            throw new Error('Looks like we are in \'prod mode\', but we are creating a named Array type, which is wrong! Check your code');
-        }
-    }
-
-    /**
-     * @license
-     * Copyright Google LLC All Rights Reserved.
-     *
-     * Use of this source code is governed by an MIT-style license that can be
-     * found in the LICENSE file at https://angular.io/license
-     */
-    const ɵ0$4 = () => (typeof requestAnimationFrame !== 'undefined' &&
-        requestAnimationFrame || // browser only
-        setTimeout // everything else
-    )
-        .bind(_global$1);
-    const defaultScheduler = (ɵ0$4)();
-
-    /**
-     * @license
-     * Copyright Google LLC All Rights Reserved.
-     *
-     * Use of this source code is governed by an MIT-style license that can be
-     * found in the LICENSE file at https://angular.io/license
-     */
-    /**
-     * Flags for renderer-specific style modifiers.
-     * @publicApi
-     */
-    var RendererStyleFlags2;
-    (function (RendererStyleFlags2) {
-        // TODO(misko): This needs to be refactored into a separate file so that it can be imported from
-        // `node_manipulation.ts` Currently doing the import cause resolution order to change and fails
-        // the tests. The work around is to have hard coded value in `node_manipulation.ts` for now.
-        /**
-         * Marks a style as important.
-         */
-        RendererStyleFlags2[RendererStyleFlags2["Important"] = 1] = "Important";
-        /**
-         * Marks a style as using dash case naming (this-is-dash-case).
-         */
-        RendererStyleFlags2[RendererStyleFlags2["DashCase"] = 2] = "DashCase";
-    })(RendererStyleFlags2 || (RendererStyleFlags2 = {}));
-
     /**
      * @license
      * Copyright Google LLC All Rights Reserved.
@@ -33921,6 +33622,353 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'typescript', 'path'], func
         ngDevMode && ngDevMode.rendererSetClassName++;
     }
 
+    /**
+     * @license
+     * Copyright Google LLC All Rights Reserved.
+     *
+     * Use of this source code is governed by an MIT-style license that can be
+     * found in the LICENSE file at https://angular.io/license
+     */
+    /**
+     * The Trusted Types policy, or null if Trusted Types are not
+     * enabled/supported, or undefined if the policy has not been created yet.
+     */
+    let policy$1;
+    /**
+     * Returns the Trusted Types policy, or null if Trusted Types are not
+     * enabled/supported. The first call to this function will create the policy.
+     */
+    function getPolicy$1() {
+        if (policy$1 === undefined) {
+            policy$1 = null;
+            if (_global$1.trustedTypes) {
+                try {
+                    policy$1 = _global$1.trustedTypes.createPolicy('angular', {
+                        createHTML: (s) => s,
+                        createScript: (s) => s,
+                        createScriptURL: (s) => s,
+                    });
+                }
+                catch (_a) {
+                    // trustedTypes.createPolicy throws if called with a name that is
+                    // already registered, even in report-only mode. Until the API changes,
+                    // catch the error not to break the applications functionally. In such
+                    // cases, the code will fall back to using strings.
+                }
+            }
+        }
+        return policy$1;
+    }
+    /**
+     * Unsafely promote a string to a TrustedScript, falling back to strings when
+     * Trusted Types are not available.
+     * @security In particular, it must be assured that the provided string will
+     * never cause an XSS vulnerability if used in a context that will be
+     * interpreted and executed as a script by a browser, e.g. when calling eval.
+     */
+    function trustedScriptFromString$1(script) {
+        var _a;
+        return ((_a = getPolicy$1()) === null || _a === void 0 ? void 0 : _a.createScript(script)) || script;
+    }
+    /**
+     * Unsafely call the Function constructor with the given string arguments. It
+     * is only available in development mode, and should be stripped out of
+     * production code.
+     * @security This is a security-sensitive function; any use of this function
+     * must go through security review. In particular, it must be assured that it
+     * is only called from development code, as use in production code can lead to
+     * XSS vulnerabilities.
+     */
+    function newTrustedFunctionForDev(...args) {
+        if (typeof ngDevMode === 'undefined') {
+            throw new Error('newTrustedFunctionForDev should never be called in production');
+        }
+        if (!_global$1.trustedTypes) {
+            // In environments that don't support Trusted Types, fall back to the most
+            // straightforward implementation:
+            return new Function(...args);
+        }
+        // Chrome currently does not support passing TrustedScript to the Function
+        // constructor. The following implements the workaround proposed on the page
+        // below, where the Chromium bug is also referenced:
+        // https://github.com/w3c/webappsec-trusted-types/wiki/Trusted-Types-for-function-constructor
+        const fnArgs = args.slice(0, -1).join(',');
+        const fnBody = args[args.length - 1];
+        const body = `(function anonymous(${fnArgs}
+) { ${fnBody}
+})`;
+        // Using eval directly confuses the compiler and prevents this module from
+        // being stripped out of JS binaries even if not used. The global['eval']
+        // indirection fixes that.
+        const fn = _global$1['eval'](trustedScriptFromString$1(body));
+        if (fn.bind === undefined) {
+            // Workaround for a browser bug that only exists in Chrome 83, where passing
+            // a TrustedScript to eval just returns the TrustedScript back without
+            // evaluating it. In that case, fall back to the most straightforward
+            // implementation:
+            return new Function(...args);
+        }
+        // To completely mimic the behavior of calling "new Function", two more
+        // things need to happen:
+        // 1. Stringifying the resulting function should return its source code
+        fn.toString = () => body;
+        // 2. When calling the resulting function, `this` should refer to `global`
+        return fn.bind(_global$1);
+        // When Trusted Types support in Function constructors is widely available,
+        // the implementation of this function can be simplified to:
+        // return new Function(...args.map(a => trustedScriptFromString(a)));
+    }
+
+    /**
+     * @license
+     * Copyright Google LLC All Rights Reserved.
+     *
+     * Use of this source code is governed by an MIT-style license that can be
+     * found in the LICENSE file at https://angular.io/license
+     */
+    function tagSet(tags) {
+        const res = {};
+        for (const t of tags.split(','))
+            res[t] = true;
+        return res;
+    }
+    function merge(...sets) {
+        const res = {};
+        for (const s of sets) {
+            for (const v in s) {
+                if (s.hasOwnProperty(v))
+                    res[v] = true;
+            }
+        }
+        return res;
+    }
+    // Good source of info about elements and attributes
+    // https://html.spec.whatwg.org/#semantics
+    // https://simon.html5.org/html-elements
+    // Safe Void Elements - HTML5
+    // https://html.spec.whatwg.org/#void-elements
+    const VOID_ELEMENTS = tagSet('area,br,col,hr,img,wbr');
+    // Elements that you can, intentionally, leave open (and which close themselves)
+    // https://html.spec.whatwg.org/#optional-tags
+    const OPTIONAL_END_TAG_BLOCK_ELEMENTS = tagSet('colgroup,dd,dt,li,p,tbody,td,tfoot,th,thead,tr');
+    const OPTIONAL_END_TAG_INLINE_ELEMENTS = tagSet('rp,rt');
+    const OPTIONAL_END_TAG_ELEMENTS = merge(OPTIONAL_END_TAG_INLINE_ELEMENTS, OPTIONAL_END_TAG_BLOCK_ELEMENTS);
+    // Safe Block Elements - HTML5
+    const BLOCK_ELEMENTS = merge(OPTIONAL_END_TAG_BLOCK_ELEMENTS, tagSet('address,article,' +
+        'aside,blockquote,caption,center,del,details,dialog,dir,div,dl,figure,figcaption,footer,h1,h2,h3,h4,h5,' +
+        'h6,header,hgroup,hr,ins,main,map,menu,nav,ol,pre,section,summary,table,ul'));
+    // Inline Elements - HTML5
+    const INLINE_ELEMENTS = merge(OPTIONAL_END_TAG_INLINE_ELEMENTS, tagSet('a,abbr,acronym,audio,b,' +
+        'bdi,bdo,big,br,cite,code,del,dfn,em,font,i,img,ins,kbd,label,map,mark,picture,q,ruby,rp,rt,s,' +
+        'samp,small,source,span,strike,strong,sub,sup,time,track,tt,u,var,video'));
+    const VALID_ELEMENTS = merge(VOID_ELEMENTS, BLOCK_ELEMENTS, INLINE_ELEMENTS, OPTIONAL_END_TAG_ELEMENTS);
+    // Attributes that have href and hence need to be sanitized
+    const URI_ATTRS = tagSet('background,cite,href,itemtype,longdesc,poster,src,xlink:href');
+    // Attributes that have special href set hence need to be sanitized
+    const SRCSET_ATTRS = tagSet('srcset');
+    const HTML_ATTRS = tagSet('abbr,accesskey,align,alt,autoplay,axis,bgcolor,border,cellpadding,cellspacing,class,clear,color,cols,colspan,' +
+        'compact,controls,coords,datetime,default,dir,download,face,headers,height,hidden,hreflang,hspace,' +
+        'ismap,itemscope,itemprop,kind,label,lang,language,loop,media,muted,nohref,nowrap,open,preload,rel,rev,role,rows,rowspan,rules,' +
+        'scope,scrolling,shape,size,sizes,span,srclang,start,summary,tabindex,target,title,translate,type,usemap,' +
+        'valign,value,vspace,width');
+    // Accessibility attributes as per WAI-ARIA 1.1 (W3C Working Draft 14 December 2018)
+    const ARIA_ATTRS = tagSet('aria-activedescendant,aria-atomic,aria-autocomplete,aria-busy,aria-checked,aria-colcount,aria-colindex,' +
+        'aria-colspan,aria-controls,aria-current,aria-describedby,aria-details,aria-disabled,aria-dropeffect,' +
+        'aria-errormessage,aria-expanded,aria-flowto,aria-grabbed,aria-haspopup,aria-hidden,aria-invalid,' +
+        'aria-keyshortcuts,aria-label,aria-labelledby,aria-level,aria-live,aria-modal,aria-multiline,' +
+        'aria-multiselectable,aria-orientation,aria-owns,aria-placeholder,aria-posinset,aria-pressed,aria-readonly,' +
+        'aria-relevant,aria-required,aria-roledescription,aria-rowcount,aria-rowindex,aria-rowspan,aria-selected,' +
+        'aria-setsize,aria-sort,aria-valuemax,aria-valuemin,aria-valuenow,aria-valuetext');
+    // NB: This currently consciously doesn't support SVG. SVG sanitization has had several security
+    // issues in the past, so it seems safer to leave it out if possible. If support for binding SVG via
+    // innerHTML is required, SVG attributes should be added here.
+    // NB: Sanitization does not allow <form> elements or other active elements (<button> etc). Those
+    // can be sanitized, but they increase security surface area without a legitimate use case, so they
+    // are left out here.
+    const VALID_ATTRS = merge(URI_ATTRS, SRCSET_ATTRS, HTML_ATTRS, ARIA_ATTRS);
+    // Elements whose content should not be traversed/preserved, if the elements themselves are invalid.
+    //
+    // Typically, `<invalid>Some content</invalid>` would traverse (and in this case preserve)
+    // `Some content`, but strip `invalid-element` opening/closing tags. For some elements, though, we
+    // don't want to preserve the content, if the elements themselves are going to be removed.
+    const SKIP_TRAVERSING_CONTENT_IF_INVALID_ELEMENTS = tagSet('script,style,template');
+
+    /**
+     * @license
+     * Copyright Google LLC All Rights Reserved.
+     *
+     * Use of this source code is governed by an MIT-style license that can be
+     * found in the LICENSE file at https://angular.io/license
+     */
+    /**
+     * A SecurityContext marks a location that has dangerous security implications, e.g. a DOM property
+     * like `innerHTML` that could cause Cross Site Scripting (XSS) security bugs when improperly
+     * handled.
+     *
+     * See DomSanitizer for more details on security in Angular applications.
+     *
+     * @publicApi
+     */
+    var SecurityContext$1;
+    (function (SecurityContext) {
+        SecurityContext[SecurityContext["NONE"] = 0] = "NONE";
+        SecurityContext[SecurityContext["HTML"] = 1] = "HTML";
+        SecurityContext[SecurityContext["STYLE"] = 2] = "STYLE";
+        SecurityContext[SecurityContext["SCRIPT"] = 3] = "SCRIPT";
+        SecurityContext[SecurityContext["URL"] = 4] = "URL";
+        SecurityContext[SecurityContext["RESOURCE_URL"] = 5] = "RESOURCE_URL";
+    })(SecurityContext$1 || (SecurityContext$1 = {}));
+
+    /**
+     * @license
+     * Copyright Google LLC All Rights Reserved.
+     *
+     * Use of this source code is governed by an MIT-style license that can be
+     * found in the LICENSE file at https://angular.io/license
+     */
+    const ERROR_DEBUG_CONTEXT = 'ngDebugContext';
+    const ERROR_ORIGINAL_ERROR = 'ngOriginalError';
+    const ERROR_LOGGER = 'ngErrorLogger';
+
+    /**
+     * @license
+     * Copyright Google LLC All Rights Reserved.
+     *
+     * Use of this source code is governed by an MIT-style license that can be
+     * found in the LICENSE file at https://angular.io/license
+     */
+    function getDebugContext(error) {
+        return error[ERROR_DEBUG_CONTEXT];
+    }
+    function getOriginalError(error) {
+        return error[ERROR_ORIGINAL_ERROR];
+    }
+    function getErrorLogger(error) {
+        return error && error[ERROR_LOGGER] || defaultErrorLogger;
+    }
+    function defaultErrorLogger(console, ...values) {
+        console.error(...values);
+    }
+
+    /**
+     * @license
+     * Copyright Google LLC All Rights Reserved.
+     *
+     * Use of this source code is governed by an MIT-style license that can be
+     * found in the LICENSE file at https://angular.io/license
+     */
+    /**
+     * Provides a hook for centralized exception handling.
+     *
+     * The default implementation of `ErrorHandler` prints error messages to the `console`. To
+     * intercept error handling, write a custom exception handler that replaces this default as
+     * appropriate for your app.
+     *
+     * @usageNotes
+     * ### Example
+     *
+     * ```
+     * class MyErrorHandler implements ErrorHandler {
+     *   handleError(error) {
+     *     // do something with the exception
+     *   }
+     * }
+     *
+     * @NgModule({
+     *   providers: [{provide: ErrorHandler, useClass: MyErrorHandler}]
+     * })
+     * class MyModule {}
+     * ```
+     *
+     * @publicApi
+     */
+    class ErrorHandler {
+        constructor() {
+            /**
+             * @internal
+             */
+            this._console = console;
+        }
+        handleError(error) {
+            const originalError = this._findOriginalError(error);
+            const context = this._findContext(error);
+            // Note: Browser consoles show the place from where console.error was called.
+            // We can use this to give users additional information about the error.
+            const errorLogger = getErrorLogger(error);
+            errorLogger(this._console, `ERROR`, error);
+            if (originalError) {
+                errorLogger(this._console, `ORIGINAL ERROR`, originalError);
+            }
+            if (context) {
+                errorLogger(this._console, 'ERROR CONTEXT', context);
+            }
+        }
+        /** @internal */
+        _findContext(error) {
+            return error ? (getDebugContext(error) || this._findContext(getOriginalError(error))) : null;
+        }
+        /** @internal */
+        _findOriginalError(error) {
+            let e = error && getOriginalError(error);
+            while (e && getOriginalError(e)) {
+                e = getOriginalError(e);
+            }
+            return e || null;
+        }
+    }
+
+    /**
+     * @license
+     * Copyright Google LLC All Rights Reserved.
+     *
+     * Use of this source code is governed by an MIT-style license that can be
+     * found in the LICENSE file at https://angular.io/license
+     */
+    /**
+     * THIS FILE CONTAINS CODE WHICH SHOULD BE TREE SHAKEN AND NEVER CALLED FROM PRODUCTION CODE!!!
+     */
+    /**
+     * Creates an `Array` construction with a given name. This is useful when
+     * looking for memory consumption to see what time of array it is.
+     *
+     *
+     * @param name Name to give to the constructor
+     * @returns A subclass of `Array` if possible. This can only be done in
+     *          environments which support `class` construct.
+     */
+    function createNamedArrayType(name) {
+        // This should never be called in prod mode, so let's verify that is the case.
+        if (ngDevMode) {
+            try {
+                // If this function were compromised the following could lead to arbitrary
+                // script execution. We bless it with Trusted Types anyway since this
+                // function is stripped out of production binaries.
+                return (newTrustedFunctionForDev('Array', `return class ${name} extends Array{}`))(Array);
+            }
+            catch (e) {
+                // If it does not work just give up and fall back to regular Array.
+                return Array;
+            }
+        }
+        else {
+            throw new Error('Looks like we are in \'prod mode\', but we are creating a named Array type, which is wrong! Check your code');
+        }
+    }
+
+    /**
+     * @license
+     * Copyright Google LLC All Rights Reserved.
+     *
+     * Use of this source code is governed by an MIT-style license that can be
+     * found in the LICENSE file at https://angular.io/license
+     */
+    const ɵ0$4 = () => (typeof requestAnimationFrame !== 'undefined' &&
+        requestAnimationFrame || // browser only
+        setTimeout // everything else
+    )
+        .bind(_global$1);
+    const defaultScheduler = (ɵ0$4)();
+
     /**
      * @license
      * Copyright Google LLC All Rights Reserved.
@@ -36868,7 +36916,7 @@ define(['exports', 'typescript/lib/tsserverlibrary', 'typescript', 'path'], func
     /**
      * @publicApi
      */
-    const VERSION$2 = new Version$1('12.2.15');
+    const VERSION$2 = new Version$1('12.2.17');
 
     /**
      * @license

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@angular/language-service",
-  "version": "12.2.15",
+  "version": "12.2.17",
   "description": "Angular - language services",
   "main": "./index.js",
   "typings": "./index.d.ts",