@angular/platform-browser 0.0.0-6 → 2.0.0-rc.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bundles/platform-browser.umd.js +4685 -0
- package/bundles/platform-browser.umd.min.js +4 -0
- package/core_private.d.ts +27 -1
- package/core_private.js +16 -0
- package/core_private.js.map +1 -1
- package/core_private.metadata.json +1 -1
- package/esm/core_private.d.ts +27 -1
- package/esm/core_private.js +16 -0
- package/esm/core_private.js.map +1 -1
- package/esm/core_private.metadata.json +1 -1
- package/esm/index.d.ts +22 -1
- package/esm/index.js +25 -1
- package/esm/index.js.map +1 -1
- package/esm/index.metadata.json +1 -0
- package/esm/private_export.d.ts +21 -21
- package/esm/private_export.js +11 -21
- package/esm/private_export.js.map +1 -1
- package/esm/private_export.metadata.json +1 -0
- package/esm/src/browser/browser_adapter.d.ts +6 -0
- package/esm/src/browser/browser_adapter.js +146 -76
- package/esm/src/browser/browser_adapter.js.map +1 -1
- package/esm/src/browser/generic_browser_adapter.js +4 -4
- package/esm/src/browser/generic_browser_adapter.js.map +1 -1
- package/esm/src/browser/location/browser_platform_location.d.ts +1 -5
- package/esm/src/browser/location/browser_platform_location.js +16 -3
- package/esm/src/browser/location/browser_platform_location.js.map +1 -1
- package/esm/src/browser/location/browser_platform_location.metadata.json +1 -1
- package/esm/src/browser/location/history.d.ts +1 -0
- package/esm/src/browser/location/history.js +4 -0
- package/esm/src/browser/location/history.js.map +1 -0
- package/esm/src/browser/location/history.metadata.json +1 -0
- package/esm/src/browser/testability.d.ts +1 -1
- package/esm/src/browser/testability.js +7 -5
- package/esm/src/browser/testability.js.map +1 -1
- package/esm/src/browser/title.d.ts +2 -0
- package/esm/src/browser/title.js +2 -0
- package/esm/src/browser/title.js.map +1 -1
- package/esm/src/browser/tools/common_tools.js +2 -2
- package/esm/src/browser/tools/common_tools.js.map +1 -1
- package/esm/src/browser/tools/tools.d.ts +1 -1
- package/esm/src/browser/tools/tools.js +2 -1
- package/esm/src/browser/tools/tools.js.map +1 -1
- package/esm/src/browser.d.ts +15 -0
- package/esm/src/browser.js +76 -0
- package/esm/src/browser.js.map +1 -0
- package/esm/src/browser.metadata.json +1 -0
- package/esm/src/dom/debug/by.d.ts +2 -2
- package/esm/src/dom/debug/by.js +1 -1
- package/esm/src/dom/debug/by.js.map +1 -1
- package/esm/src/dom/debug/ng_probe.js +10 -19
- package/esm/src/dom/debug/ng_probe.js.map +1 -1
- package/esm/src/dom/debug/ng_probe.metadata.json +1 -1
- package/esm/src/dom/dom_adapter.d.ts +7 -5
- package/esm/src/dom/dom_adapter.js +1 -1
- package/esm/src/dom/dom_adapter.js.map +1 -1
- package/esm/src/dom/dom_adapter.metadata.json +1 -0
- package/esm/src/dom/dom_animate_player.d.ts +9 -0
- package/esm/src/dom/dom_animate_player.js +1 -0
- package/esm/src/dom/dom_animate_player.js.map +1 -0
- package/esm/src/dom/dom_renderer.d.ts +9 -19
- package/esm/src/dom/dom_renderer.js +29 -61
- package/esm/src/dom/dom_renderer.js.map +1 -1
- package/esm/src/dom/dom_renderer.metadata.json +1 -1
- package/esm/src/dom/dom_tokens.js.map +1 -1
- package/esm/src/dom/dom_tokens.metadata.json +1 -1
- package/esm/src/dom/events/dom_events.js +3 -2
- package/esm/src/dom/events/dom_events.js.map +1 -1
- package/esm/src/dom/events/dom_events.metadata.json +1 -1
- package/esm/src/dom/events/event_manager.d.ts +1 -3
- package/esm/src/dom/events/event_manager.js +9 -8
- package/esm/src/dom/events/event_manager.js.map +1 -1
- package/esm/src/dom/events/event_manager.metadata.json +1 -1
- package/esm/src/dom/events/hammer_common.js +1 -1
- package/esm/src/dom/events/hammer_common.js.map +1 -1
- package/esm/src/dom/events/hammer_gestures.js +10 -6
- package/esm/src/dom/events/hammer_gestures.js.map +1 -1
- package/esm/src/dom/events/hammer_gestures.metadata.json +1 -1
- package/esm/src/dom/events/key_events.d.ts +0 -2
- package/esm/src/dom/events/key_events.js +5 -3
- package/esm/src/dom/events/key_events.js.map +1 -1
- package/esm/src/dom/events/key_events.metadata.json +1 -1
- package/esm/src/dom/shared_styles_host.d.ts +0 -6
- package/esm/src/dom/shared_styles_host.js +5 -1
- package/esm/src/dom/shared_styles_host.js.map +1 -1
- package/esm/src/dom/shared_styles_host.metadata.json +1 -1
- package/esm/src/dom/util.js +3 -3
- package/esm/src/dom/util.js.map +1 -1
- package/esm/src/dom/util.metadata.json +1 -0
- package/esm/src/dom/web_animations_driver.d.ts +4 -0
- package/esm/src/dom/web_animations_driver.js +118 -0
- package/esm/src/dom/web_animations_driver.js.map +1 -0
- package/esm/src/dom/web_animations_player.d.ts +20 -0
- package/esm/src/dom/web_animations_player.js +42 -0
- package/esm/src/dom/web_animations_player.js.map +1 -0
- package/esm/src/facade/async.d.ts +90 -0
- package/esm/src/facade/async.js +137 -0
- package/esm/src/facade/async.js.map +1 -0
- package/esm/src/facade/base_wrapped_exception.js +4 -4
- package/esm/src/facade/base_wrapped_exception.js.map +1 -1
- package/esm/src/facade/browser.js +2 -2
- package/esm/src/facade/browser.js.map +1 -1
- package/esm/src/facade/browser.metadata.json +1 -1
- package/esm/src/facade/collection.js +1 -1
- package/esm/src/facade/collection.js.map +1 -1
- package/esm/src/facade/collection.metadata.json +1 -1
- package/esm/src/facade/exception_handler.d.ts +2 -11
- package/esm/src/facade/exception_handler.js +8 -7
- package/esm/src/facade/exception_handler.js.map +1 -1
- package/esm/src/facade/exceptions.d.ts +4 -0
- package/esm/src/facade/exceptions.js +6 -2
- package/esm/src/facade/exceptions.js.map +1 -1
- package/esm/src/facade/exceptions.metadata.json +1 -0
- package/esm/src/facade/lang.d.ts +6 -4
- package/esm/src/facade/lang.js +12 -11
- package/esm/src/facade/lang.js.map +1 -1
- package/esm/src/facade/lang.metadata.json +1 -1
- package/esm/src/facade/promise.d.ts +17 -0
- package/esm/src/facade/promise.js +41 -0
- package/esm/src/facade/promise.js.map +1 -0
- package/esm/src/security/dom_sanitization_service.d.ts +98 -0
- package/esm/src/security/dom_sanitization_service.js +108 -0
- package/esm/src/security/dom_sanitization_service.js.map +1 -0
- package/esm/src/security/dom_sanitization_service.metadata.json +1 -0
- package/esm/src/security/html_sanitizer.d.ts +5 -0
- package/esm/src/security/html_sanitizer.js +233 -0
- package/esm/src/security/html_sanitizer.js.map +1 -0
- package/esm/src/security/style_sanitizer.d.ts +5 -0
- package/esm/src/security/style_sanitizer.js +81 -0
- package/esm/src/security/style_sanitizer.js.map +1 -0
- package/esm/src/security/url_sanitizer.d.ts +1 -0
- package/esm/src/security/url_sanitizer.js +40 -0
- package/esm/src/security/url_sanitizer.js.map +1 -0
- package/esm/src/web_workers/shared/api.d.ts +2 -0
- package/esm/src/web_workers/shared/api.js +3 -0
- package/esm/src/web_workers/shared/api.js.map +1 -0
- package/esm/src/web_workers/shared/api.metadata.json +1 -0
- package/esm/src/web_workers/shared/client_message_broker.d.ts +51 -0
- package/esm/src/web_workers/shared/client_message_broker.js +156 -0
- package/esm/src/web_workers/shared/client_message_broker.js.map +1 -0
- package/esm/src/web_workers/shared/client_message_broker.metadata.json +1 -0
- package/esm/src/web_workers/shared/message_bus.d.ts +82 -0
- package/esm/src/web_workers/shared/message_bus.js +10 -0
- package/esm/src/web_workers/shared/message_bus.js.map +1 -0
- package/esm/src/web_workers/shared/messaging_api.d.ts +7 -0
- package/esm/src/web_workers/shared/messaging_api.js +8 -0
- package/esm/src/web_workers/shared/messaging_api.js.map +1 -0
- package/esm/src/web_workers/shared/messaging_api.metadata.json +1 -0
- package/esm/src/web_workers/shared/post_message_bus.d.ts +41 -0
- package/esm/src/web_workers/shared/post_message_bus.js +133 -0
- package/esm/src/web_workers/shared/post_message_bus.js.map +1 -0
- package/esm/src/web_workers/shared/post_message_bus.metadata.json +1 -0
- package/esm/src/web_workers/shared/render_store.d.ts +11 -0
- package/esm/src/web_workers/shared/render_store.js +40 -0
- package/esm/src/web_workers/shared/render_store.js.map +1 -0
- package/esm/src/web_workers/shared/render_store.metadata.json +1 -0
- package/esm/src/web_workers/shared/serialized_types.d.ts +12 -0
- package/esm/src/web_workers/shared/serialized_types.js +16 -0
- package/esm/src/web_workers/shared/serialized_types.js.map +1 -0
- package/esm/src/web_workers/shared/serializer.d.ts +18 -0
- package/esm/src/web_workers/shared/serializer.js +110 -0
- package/esm/src/web_workers/shared/serializer.js.map +1 -0
- package/esm/src/web_workers/shared/serializer.metadata.json +1 -0
- package/esm/src/web_workers/shared/service_message_broker.d.ts +48 -0
- package/esm/src/web_workers/shared/service_message_broker.js +88 -0
- package/esm/src/web_workers/shared/service_message_broker.js.map +1 -0
- package/esm/src/web_workers/shared/service_message_broker.metadata.json +1 -0
- package/esm/src/web_workers/ui/event_dispatcher.d.ts +8 -0
- package/esm/src/web_workers/ui/event_dispatcher.js +104 -0
- package/esm/src/web_workers/ui/event_dispatcher.js.map +1 -0
- package/esm/src/web_workers/ui/event_serializer.d.ts +15 -0
- package/esm/src/web_workers/ui/event_serializer.js +53 -0
- package/esm/src/web_workers/ui/event_serializer.js.map +1 -0
- package/esm/src/web_workers/ui/event_serializer.metadata.json +1 -0
- package/esm/src/web_workers/ui/location_providers.d.ts +14 -0
- package/esm/src/web_workers/ui/location_providers.js +19 -0
- package/esm/src/web_workers/ui/location_providers.js.map +1 -0
- package/esm/src/web_workers/ui/location_providers.metadata.json +1 -0
- package/esm/src/web_workers/ui/platform_location.d.ts +16 -0
- package/esm/src/web_workers/ui/platform_location.js +49 -0
- package/esm/src/web_workers/ui/platform_location.js.map +1 -0
- package/esm/src/web_workers/ui/platform_location.metadata.json +1 -0
- package/esm/src/web_workers/ui/renderer.d.ts +35 -0
- package/esm/src/web_workers/ui/renderer.js +122 -0
- package/esm/src/web_workers/ui/renderer.js.map +1 -0
- package/esm/src/web_workers/ui/renderer.metadata.json +1 -0
- package/esm/src/web_workers/worker/event_deserializer.d.ts +5 -0
- package/esm/src/web_workers/worker/event_deserializer.js +6 -0
- package/esm/src/web_workers/worker/event_deserializer.js.map +1 -0
- package/esm/src/web_workers/worker/event_deserializer.metadata.json +1 -0
- package/esm/src/web_workers/worker/location_providers.d.ts +17 -0
- package/esm/src/web_workers/worker/location_providers.js +20 -0
- package/esm/src/web_workers/worker/location_providers.js.map +1 -0
- package/esm/src/web_workers/worker/location_providers.metadata.json +1 -0
- package/esm/src/web_workers/worker/platform_location.d.ts +23 -0
- package/esm/src/web_workers/worker/platform_location.js +111 -0
- package/esm/src/web_workers/worker/platform_location.js.map +1 -0
- package/esm/src/web_workers/worker/platform_location.metadata.json +1 -0
- package/esm/src/web_workers/worker/renderer.d.ts +55 -0
- package/esm/src/web_workers/worker/renderer.js +227 -0
- package/esm/src/web_workers/worker/renderer.js.map +1 -0
- package/esm/src/web_workers/worker/renderer.metadata.json +1 -0
- package/esm/src/web_workers/worker/worker_adapter.d.ts +132 -0
- package/esm/src/web_workers/worker/worker_adapter.js +192 -0
- package/esm/src/web_workers/worker/worker_adapter.js.map +1 -0
- package/esm/src/worker_app.d.ts +13 -0
- package/esm/src/worker_app.js +68 -0
- package/esm/src/worker_app.js.map +1 -0
- package/esm/src/worker_app.metadata.json +1 -0
- package/esm/src/worker_render.d.ts +35 -0
- package/esm/src/worker_render.js +147 -0
- package/esm/src/worker_render.js.map +1 -0
- package/esm/src/worker_render.metadata.json +1 -0
- package/esm/testing/browser.d.ts +8 -0
- package/esm/testing/browser.js +38 -0
- package/esm/testing/browser.js.map +1 -0
- package/esm/testing/browser.metadata.json +1 -0
- package/esm/testing/browser_util.d.ts +1 -0
- package/esm/testing/browser_util.js +11 -6
- package/esm/testing/browser_util.js.map +1 -1
- package/esm/testing/browser_util.metadata.json +1 -1
- package/esm/testing/e2e_util.d.ts +4 -0
- package/esm/testing/e2e_util.js +21 -0
- package/esm/testing/e2e_util.js.map +1 -0
- package/esm/testing/e2e_util.metadata.json +1 -0
- package/esm/testing/matchers.js +24 -22
- package/esm/testing/matchers.js.map +1 -1
- package/esm/testing/matchers.metadata.json +1 -1
- package/esm/testing.d.ts +1 -2
- package/esm/testing.js +1 -2
- package/esm/testing.js.map +1 -1
- package/esm/testing_e2e.d.ts +1 -0
- package/esm/testing_e2e.js +2 -0
- package/esm/testing_e2e.js.map +1 -0
- package/index.d.ts +22 -1
- package/index.js +50 -1
- package/index.js.map +1 -1
- package/index.metadata.json +1 -0
- package/package.json +8 -4
- package/private_export.d.ts +21 -21
- package/private_export.js +11 -21
- package/private_export.js.map +1 -1
- package/private_export.metadata.json +1 -0
- package/src/browser/browser_adapter.d.ts +6 -0
- package/src/browser/browser_adapter.js +144 -76
- package/src/browser/browser_adapter.js.map +1 -1
- package/src/browser/generic_browser_adapter.js +4 -4
- package/src/browser/generic_browser_adapter.js.map +1 -1
- package/src/browser/location/browser_platform_location.d.ts +1 -5
- package/src/browser/location/browser_platform_location.js +16 -3
- package/src/browser/location/browser_platform_location.js.map +1 -1
- package/src/browser/location/browser_platform_location.metadata.json +1 -1
- package/src/browser/location/history.d.ts +1 -0
- package/src/browser/location/history.js +6 -0
- package/src/browser/location/history.js.map +1 -0
- package/src/browser/location/history.metadata.json +1 -0
- package/src/browser/testability.d.ts +1 -1
- package/src/browser/testability.js +7 -5
- package/src/browser/testability.js.map +1 -1
- package/src/browser/title.d.ts +2 -0
- package/src/browser/title.js +2 -0
- package/src/browser/title.js.map +1 -1
- package/src/browser/tools/common_tools.js +2 -2
- package/src/browser/tools/common_tools.js.map +1 -1
- package/src/browser/tools/tools.d.ts +1 -1
- package/src/browser/tools/tools.js +2 -1
- package/src/browser/tools/tools.js.map +1 -1
- package/src/browser.d.ts +15 -0
- package/src/browser.js +78 -0
- package/src/browser.js.map +1 -0
- package/src/browser.metadata.json +1 -0
- package/src/dom/debug/by.d.ts +2 -2
- package/src/dom/debug/by.js +1 -1
- package/src/dom/debug/by.js.map +1 -1
- package/src/dom/debug/ng_probe.js +9 -18
- package/src/dom/debug/ng_probe.js.map +1 -1
- package/src/dom/debug/ng_probe.metadata.json +1 -1
- package/src/dom/dom_adapter.d.ts +7 -5
- package/src/dom/dom_adapter.js +1 -1
- package/src/dom/dom_adapter.js.map +1 -1
- package/src/dom/dom_adapter.metadata.json +1 -0
- package/src/dom/dom_animate_player.d.ts +9 -0
- package/src/dom/dom_animate_player.js +2 -0
- package/src/dom/dom_animate_player.js.map +1 -0
- package/src/dom/dom_renderer.d.ts +9 -19
- package/src/dom/dom_renderer.js +29 -61
- package/src/dom/dom_renderer.js.map +1 -1
- package/src/dom/dom_renderer.metadata.json +1 -1
- package/src/dom/dom_tokens.js.map +1 -1
- package/src/dom/dom_tokens.metadata.json +1 -1
- package/src/dom/events/dom_events.js +3 -2
- package/src/dom/events/dom_events.js.map +1 -1
- package/src/dom/events/dom_events.metadata.json +1 -1
- package/src/dom/events/event_manager.d.ts +1 -3
- package/src/dom/events/event_manager.js +8 -7
- package/src/dom/events/event_manager.js.map +1 -1
- package/src/dom/events/event_manager.metadata.json +1 -1
- package/src/dom/events/hammer_common.js +1 -1
- package/src/dom/events/hammer_common.js.map +1 -1
- package/src/dom/events/hammer_gestures.js +9 -5
- package/src/dom/events/hammer_gestures.js.map +1 -1
- package/src/dom/events/hammer_gestures.metadata.json +1 -1
- package/src/dom/events/key_events.d.ts +0 -2
- package/src/dom/events/key_events.js +5 -3
- package/src/dom/events/key_events.js.map +1 -1
- package/src/dom/events/key_events.metadata.json +1 -1
- package/src/dom/shared_styles_host.d.ts +0 -6
- package/src/dom/shared_styles_host.js +5 -1
- package/src/dom/shared_styles_host.js.map +1 -1
- package/src/dom/shared_styles_host.metadata.json +1 -1
- package/src/dom/util.js +3 -3
- package/src/dom/util.js.map +1 -1
- package/src/dom/util.metadata.json +1 -0
- package/src/dom/web_animations_driver.d.ts +4 -0
- package/src/dom/web_animations_driver.js +123 -0
- package/src/dom/web_animations_driver.js.map +1 -0
- package/src/dom/web_animations_player.d.ts +20 -0
- package/src/dom/web_animations_player.js +46 -0
- package/src/dom/web_animations_player.js.map +1 -0
- package/src/facade/async.d.ts +90 -0
- package/src/facade/async.js +160 -0
- package/src/facade/async.js.map +1 -0
- package/src/facade/base_wrapped_exception.js +4 -4
- package/src/facade/base_wrapped_exception.js.map +1 -1
- package/src/facade/browser.js +2 -2
- package/src/facade/browser.js.map +1 -1
- package/src/facade/browser.metadata.json +1 -1
- package/src/facade/collection.js.map +1 -1
- package/src/facade/collection.metadata.json +1 -1
- package/src/facade/exception_handler.d.ts +2 -11
- package/src/facade/exception_handler.js +8 -7
- package/src/facade/exception_handler.js.map +1 -1
- package/src/facade/exceptions.d.ts +4 -0
- package/src/facade/exceptions.js +6 -2
- package/src/facade/exceptions.js.map +1 -1
- package/src/facade/exceptions.metadata.json +1 -0
- package/src/facade/lang.d.ts +6 -4
- package/src/facade/lang.js +12 -11
- package/src/facade/lang.js.map +1 -1
- package/src/facade/lang.metadata.json +1 -1
- package/src/facade/promise.d.ts +17 -0
- package/src/facade/promise.js +49 -0
- package/src/facade/promise.js.map +1 -0
- package/src/security/dom_sanitization_service.d.ts +98 -0
- package/src/security/dom_sanitization_service.js +150 -0
- package/src/security/dom_sanitization_service.js.map +1 -0
- package/src/security/dom_sanitization_service.metadata.json +1 -0
- package/src/security/html_sanitizer.d.ts +5 -0
- package/src/security/html_sanitizer.js +246 -0
- package/src/security/html_sanitizer.js.map +1 -0
- package/src/security/style_sanitizer.d.ts +5 -0
- package/src/security/style_sanitizer.js +83 -0
- package/src/security/style_sanitizer.js.map +1 -0
- package/src/security/url_sanitizer.d.ts +1 -0
- package/src/security/url_sanitizer.js +42 -0
- package/src/security/url_sanitizer.js.map +1 -0
- package/src/web_workers/shared/api.d.ts +2 -0
- package/src/web_workers/shared/api.js +4 -0
- package/src/web_workers/shared/api.js.map +1 -0
- package/src/web_workers/shared/api.metadata.json +1 -0
- package/src/web_workers/shared/client_message_broker.d.ts +51 -0
- package/src/web_workers/shared/client_message_broker.js +184 -0
- package/src/web_workers/shared/client_message_broker.js.map +1 -0
- package/src/web_workers/shared/client_message_broker.metadata.json +1 -0
- package/src/web_workers/shared/message_bus.d.ts +82 -0
- package/src/web_workers/shared/message_bus.js +15 -0
- package/src/web_workers/shared/message_bus.js.map +1 -0
- package/src/web_workers/shared/messaging_api.d.ts +7 -0
- package/src/web_workers/shared/messaging_api.js +9 -0
- package/src/web_workers/shared/messaging_api.js.map +1 -0
- package/src/web_workers/shared/messaging_api.metadata.json +1 -0
- package/src/web_workers/shared/post_message_bus.d.ts +41 -0
- package/src/web_workers/shared/post_message_bus.js +147 -0
- package/src/web_workers/shared/post_message_bus.js.map +1 -0
- package/src/web_workers/shared/post_message_bus.metadata.json +1 -0
- package/src/web_workers/shared/render_store.d.ts +11 -0
- package/src/web_workers/shared/render_store.js +43 -0
- package/src/web_workers/shared/render_store.js.map +1 -0
- package/src/web_workers/shared/render_store.metadata.json +1 -0
- package/src/web_workers/shared/serialized_types.d.ts +12 -0
- package/src/web_workers/shared/serialized_types.js +19 -0
- package/src/web_workers/shared/serialized_types.js.map +1 -0
- package/src/web_workers/shared/serializer.d.ts +18 -0
- package/src/web_workers/shared/serializer.js +119 -0
- package/src/web_workers/shared/serializer.js.map +1 -0
- package/src/web_workers/shared/serializer.metadata.json +1 -0
- package/src/web_workers/shared/service_message_broker.d.ts +48 -0
- package/src/web_workers/shared/service_message_broker.js +114 -0
- package/src/web_workers/shared/service_message_broker.js.map +1 -0
- package/src/web_workers/shared/service_message_broker.metadata.json +1 -0
- package/src/web_workers/ui/event_dispatcher.d.ts +8 -0
- package/src/web_workers/ui/event_dispatcher.js +107 -0
- package/src/web_workers/ui/event_dispatcher.js.map +1 -0
- package/src/web_workers/ui/event_serializer.d.ts +15 -0
- package/src/web_workers/ui/event_serializer.js +59 -0
- package/src/web_workers/ui/event_serializer.js.map +1 -0
- package/src/web_workers/ui/event_serializer.metadata.json +1 -0
- package/src/web_workers/ui/location_providers.d.ts +14 -0
- package/src/web_workers/ui/location_providers.js +20 -0
- package/src/web_workers/ui/location_providers.js.map +1 -0
- package/src/web_workers/ui/location_providers.metadata.json +1 -0
- package/src/web_workers/ui/platform_location.d.ts +16 -0
- package/src/web_workers/ui/platform_location.js +52 -0
- package/src/web_workers/ui/platform_location.js.map +1 -0
- package/src/web_workers/ui/platform_location.metadata.json +1 -0
- package/src/web_workers/ui/renderer.d.ts +35 -0
- package/src/web_workers/ui/renderer.js +131 -0
- package/src/web_workers/ui/renderer.js.map +1 -0
- package/src/web_workers/ui/renderer.metadata.json +1 -0
- package/src/web_workers/worker/event_deserializer.d.ts +5 -0
- package/src/web_workers/worker/event_deserializer.js +8 -0
- package/src/web_workers/worker/event_deserializer.js.map +1 -0
- package/src/web_workers/worker/event_deserializer.metadata.json +1 -0
- package/src/web_workers/worker/location_providers.d.ts +17 -0
- package/src/web_workers/worker/location_providers.js +21 -0
- package/src/web_workers/worker/location_providers.js.map +1 -0
- package/src/web_workers/worker/location_providers.metadata.json +1 -0
- package/src/web_workers/worker/platform_location.d.ts +23 -0
- package/src/web_workers/worker/platform_location.js +134 -0
- package/src/web_workers/worker/platform_location.js.map +1 -0
- package/src/web_workers/worker/platform_location.metadata.json +1 -0
- package/src/web_workers/worker/renderer.d.ts +55 -0
- package/src/web_workers/worker/renderer.js +241 -0
- package/src/web_workers/worker/renderer.js.map +1 -0
- package/src/web_workers/worker/renderer.metadata.json +1 -0
- package/src/web_workers/worker/worker_adapter.d.ts +132 -0
- package/src/web_workers/worker/worker_adapter.js +208 -0
- package/src/web_workers/worker/worker_adapter.js.map +1 -0
- package/src/worker_app.d.ts +13 -0
- package/src/worker_app.js +71 -0
- package/src/worker_app.js.map +1 -0
- package/src/worker_app.metadata.json +1 -0
- package/src/worker_render.d.ts +35 -0
- package/src/worker_render.js +153 -0
- package/src/worker_render.js.map +1 -0
- package/src/worker_render.metadata.json +1 -0
- package/testing/browser.d.ts +8 -0
- package/testing/browser.js +39 -0
- package/testing/browser.js.map +1 -0
- package/testing/browser.metadata.json +1 -0
- package/testing/browser_util.d.ts +1 -0
- package/testing/browser_util.js +14 -5
- package/testing/browser_util.js.map +1 -1
- package/testing/browser_util.metadata.json +1 -1
- package/testing/e2e_util.d.ts +4 -0
- package/testing/e2e_util.js +24 -0
- package/testing/e2e_util.js.map +1 -0
- package/testing/e2e_util.metadata.json +1 -0
- package/testing/matchers.js +24 -22
- package/testing/matchers.js.map +1 -1
- package/testing/matchers.metadata.json +1 -1
- package/testing.d.ts +1 -2
- package/testing.js +1 -2
- package/testing.js.map +1 -1
- package/testing_e2e.d.ts +1 -0
- package/testing_e2e.js +6 -0
- package/testing_e2e.js.map +1 -0
- package/esm/platform-browser.umd.js.map +0 -1
- package/esm/src/animate/animation.d.ts +0 -82
- package/esm/src/animate/animation.js +0 -173
- package/esm/src/animate/animation.js.map +0 -1
- package/esm/src/animate/animation_builder.d.ts +0 -15
- package/esm/src/animate/animation_builder.js +0 -24
- package/esm/src/animate/animation_builder.js.map +0 -1
- package/esm/src/animate/animation_builder.metadata.json +0 -1
- package/esm/src/animate/browser_details.d.ts +0 -10
- package/esm/src/animate/browser_details.js +0 -60
- package/esm/src/animate/browser_details.js.map +0 -1
- package/esm/src/animate/browser_details.metadata.json +0 -1
- package/esm/src/animate/css_animation_builder.d.ts +0 -66
- package/esm/src/animate/css_animation_builder.js +0 -84
- package/esm/src/animate/css_animation_builder.js.map +0 -1
- package/esm/src/animate/css_animation_options.d.ts +0 -20
- package/esm/src/animate/css_animation_options.js +0 -11
- package/esm/src/animate/css_animation_options.js.map +0 -1
- package/esm/src/browser_common.d.ts +0 -20
- package/esm/src/browser_common.js +0 -76
- package/esm/src/browser_common.js.map +0 -1
- package/esm/src/browser_common.metadata.json +0 -1
- package/esm/src/facade/math.d.ts +0 -2
- package/esm/src/facade/math.js +0 -4
- package/esm/src/facade/math.js.map +0 -1
- package/esm/src/facade/math.metadata.json +0 -1
- package/esm/src/platform_browser.d.ts +0 -9
- package/esm/src/platform_browser.js +0 -17
- package/esm/src/platform_browser.js.map +0 -1
- package/esm/src/platform_browser_static.d.ts +0 -16
- package/esm/src/platform_browser_static.js +0 -32
- package/esm/src/platform_browser_static.js.map +0 -1
- package/esm/src/platform_browser_static.metadata.json +0 -1
- package/esm/testing/animation_builder_mock.d.ts +0 -6
- package/esm/testing/animation_builder_mock.js +0 -35
- package/esm/testing/animation_builder_mock.js.map +0 -1
- package/esm/testing/animation_builder_mock.metadata.json +0 -1
- package/esm/testing/browser_static.d.ts +0 -10
- package/esm/testing/browser_static.js +0 -53
- package/esm/testing/browser_static.js.map +0 -1
- package/esm/testing/browser_static.metadata.json +0 -1
- package/esm/testing/dom_test_component_renderer.d.ts +0 -9
- package/esm/testing/dom_test_component_renderer.js +0 -27
- package/esm/testing/dom_test_component_renderer.js.map +0 -1
- package/esm/testing/dom_test_component_renderer.metadata.json +0 -1
- package/platform-browser.umd.js +0 -2488
- package/src/animate/animation.d.ts +0 -82
- package/src/animate/animation.js +0 -183
- package/src/animate/animation.js.map +0 -1
- package/src/animate/animation_builder.d.ts +0 -15
- package/src/animate/animation_builder.js +0 -27
- package/src/animate/animation_builder.js.map +0 -1
- package/src/animate/animation_builder.metadata.json +0 -1
- package/src/animate/browser_details.d.ts +0 -10
- package/src/animate/browser_details.js +0 -66
- package/src/animate/browser_details.js.map +0 -1
- package/src/animate/browser_details.metadata.json +0 -1
- package/src/animate/css_animation_builder.d.ts +0 -66
- package/src/animate/css_animation_builder.js +0 -87
- package/src/animate/css_animation_builder.js.map +0 -1
- package/src/animate/css_animation_options.d.ts +0 -20
- package/src/animate/css_animation_options.js +0 -14
- package/src/animate/css_animation_options.js.map +0 -1
- package/src/browser_common.d.ts +0 -20
- package/src/browser_common.js +0 -85
- package/src/browser_common.js.map +0 -1
- package/src/browser_common.metadata.json +0 -1
- package/src/facade/math.d.ts +0 -2
- package/src/facade/math.js +0 -5
- package/src/facade/math.js.map +0 -1
- package/src/facade/math.metadata.json +0 -1
- package/src/platform_browser.d.ts +0 -9
- package/src/platform_browser.js +0 -39
- package/src/platform_browser.js.map +0 -1
- package/src/platform_browser_static.d.ts +0 -16
- package/src/platform_browser_static.js +0 -42
- package/src/platform_browser_static.js.map +0 -1
- package/src/platform_browser_static.metadata.json +0 -1
- package/testing/animation_builder_mock.d.ts +0 -6
- package/testing/animation_builder_mock.js +0 -53
- package/testing/animation_builder_mock.js.map +0 -1
- package/testing/animation_builder_mock.metadata.json +0 -1
- package/testing/browser_static.d.ts +0 -10
- package/testing/browser_static.js +0 -55
- package/testing/browser_static.js.map +0 -1
- package/testing/browser_static.metadata.json +0 -1
- package/testing/dom_test_component_renderer.d.ts +0 -9
- package/testing/dom_test_component_renderer.js +0 -36
- package/testing/dom_test_component_renderer.js.map +0 -1
- package/testing/dom_test_component_renderer.metadata.json +0 -1
|
@@ -0,0 +1,233 @@
|
|
|
1
|
+
import { getDOM } from '../dom/dom_adapter';
|
|
2
|
+
import { assertionsEnabled } from '../facade/lang';
|
|
3
|
+
import { sanitizeUrl } from './url_sanitizer';
|
|
4
|
+
/** A <body> element that can be safely used to parse untrusted HTML. Lazily initialized below. */
|
|
5
|
+
let inertElement = null;
|
|
6
|
+
/** Lazily initialized to make sure the DOM adapter gets set before use. */
|
|
7
|
+
let DOM = null;
|
|
8
|
+
/** Returns an HTML element that is guaranteed to not execute code when creating elements in it. */
|
|
9
|
+
function getInertElement() {
|
|
10
|
+
if (inertElement)
|
|
11
|
+
return inertElement;
|
|
12
|
+
DOM = getDOM();
|
|
13
|
+
// Prefer using <template> element if supported.
|
|
14
|
+
let templateEl = DOM.createElement('template');
|
|
15
|
+
if ('content' in templateEl)
|
|
16
|
+
return templateEl;
|
|
17
|
+
let doc = DOM.createHtmlDocument();
|
|
18
|
+
inertElement = DOM.querySelector(doc, 'body');
|
|
19
|
+
if (inertElement == null) {
|
|
20
|
+
// usually there should be only one body element in the document, but IE doesn't have any, so we
|
|
21
|
+
// need to create one.
|
|
22
|
+
let html = DOM.createElement('html', doc);
|
|
23
|
+
inertElement = DOM.createElement('body', doc);
|
|
24
|
+
DOM.appendChild(html, inertElement);
|
|
25
|
+
DOM.appendChild(doc, html);
|
|
26
|
+
}
|
|
27
|
+
return inertElement;
|
|
28
|
+
}
|
|
29
|
+
function tagSet(tags) {
|
|
30
|
+
let res = {};
|
|
31
|
+
for (let t of tags.split(','))
|
|
32
|
+
res[t.toLowerCase()] = true;
|
|
33
|
+
return res;
|
|
34
|
+
}
|
|
35
|
+
function merge(...sets) {
|
|
36
|
+
let res = {};
|
|
37
|
+
for (let s of sets) {
|
|
38
|
+
for (let v in s) {
|
|
39
|
+
if (s.hasOwnProperty(v))
|
|
40
|
+
res[v] = true;
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
return res;
|
|
44
|
+
}
|
|
45
|
+
// Good source of info about elements and attributes
|
|
46
|
+
// http://dev.w3.org/html5/spec/Overview.html#semantics
|
|
47
|
+
// http://simon.html5.org/html-elements
|
|
48
|
+
// Safe Void Elements - HTML5
|
|
49
|
+
// http://dev.w3.org/html5/spec/Overview.html#void-elements
|
|
50
|
+
const VOID_ELEMENTS = tagSet('area,br,col,hr,img,wbr');
|
|
51
|
+
// Elements that you can, intentionally, leave open (and which close themselves)
|
|
52
|
+
// http://dev.w3.org/html5/spec/Overview.html#optional-tags
|
|
53
|
+
const OPTIONAL_END_TAG_BLOCK_ELEMENTS = tagSet('colgroup,dd,dt,li,p,tbody,td,tfoot,th,thead,tr');
|
|
54
|
+
const OPTIONAL_END_TAG_INLINE_ELEMENTS = tagSet('rp,rt');
|
|
55
|
+
const OPTIONAL_END_TAG_ELEMENTS = merge(OPTIONAL_END_TAG_INLINE_ELEMENTS, OPTIONAL_END_TAG_BLOCK_ELEMENTS);
|
|
56
|
+
// Safe Block Elements - HTML5
|
|
57
|
+
const BLOCK_ELEMENTS = merge(OPTIONAL_END_TAG_BLOCK_ELEMENTS, tagSet('address,article,' +
|
|
58
|
+
'aside,blockquote,caption,center,del,dir,div,dl,figure,figcaption,footer,h1,h2,h3,h4,h5,' +
|
|
59
|
+
'h6,header,hgroup,hr,ins,map,menu,nav,ol,pre,section,table,ul'));
|
|
60
|
+
// Inline Elements - HTML5
|
|
61
|
+
const INLINE_ELEMENTS = merge(OPTIONAL_END_TAG_INLINE_ELEMENTS, tagSet('a,abbr,acronym,b,' +
|
|
62
|
+
'bdi,bdo,big,br,cite,code,del,dfn,em,font,i,img,ins,kbd,label,map,mark,q,ruby,rp,rt,s,' +
|
|
63
|
+
'samp,small,span,strike,strong,sub,sup,time,tt,u,var'));
|
|
64
|
+
const VALID_ELEMENTS = merge(VOID_ELEMENTS, BLOCK_ELEMENTS, INLINE_ELEMENTS, OPTIONAL_END_TAG_ELEMENTS);
|
|
65
|
+
// Attributes that have href and hence need to be sanitized
|
|
66
|
+
const URI_ATTRS = tagSet('background,cite,href,longdesc,src,xlink:href');
|
|
67
|
+
const HTML_ATTRS = tagSet('abbr,align,alt,axis,bgcolor,border,cellpadding,cellspacing,class,clear,' +
|
|
68
|
+
'color,cols,colspan,compact,coords,dir,face,headers,height,hreflang,hspace,' +
|
|
69
|
+
'ismap,lang,language,nohref,nowrap,rel,rev,rows,rowspan,rules,' +
|
|
70
|
+
'scope,scrolling,shape,size,span,start,summary,tabindex,target,title,type,' +
|
|
71
|
+
'valign,value,vspace,width');
|
|
72
|
+
// NB: This currently conciously doesn't support SVG. SVG sanitization has had several security
|
|
73
|
+
// issues in the past, so it seems safer to leave it out if possible. If support for binding SVG via
|
|
74
|
+
// innerHTML is required, SVG attributes should be added here.
|
|
75
|
+
// NB: Sanitization does not allow <form> elements or other active elements (<button> etc). Those
|
|
76
|
+
// can be sanitized, but they increase security surface area without a legitimate use case, so they
|
|
77
|
+
// are left out here.
|
|
78
|
+
const VALID_ATTRS = merge(URI_ATTRS, HTML_ATTRS);
|
|
79
|
+
/**
|
|
80
|
+
* SanitizingHtmlSerializer serializes a DOM fragment, stripping out any unsafe elements and unsafe
|
|
81
|
+
* attributes.
|
|
82
|
+
*/
|
|
83
|
+
class SanitizingHtmlSerializer {
|
|
84
|
+
constructor() {
|
|
85
|
+
this.buf = [];
|
|
86
|
+
}
|
|
87
|
+
sanitizeChildren(el) {
|
|
88
|
+
// This cannot use a TreeWalker, as it has to run on Angular's various DOM adapters.
|
|
89
|
+
// However this code never accesses properties off of `document` before deleting its contents
|
|
90
|
+
// again, so it shouldn't be vulnerable to DOM clobbering.
|
|
91
|
+
let current = el.firstChild;
|
|
92
|
+
while (current) {
|
|
93
|
+
if (DOM.isElementNode(current)) {
|
|
94
|
+
this.startElement(current);
|
|
95
|
+
}
|
|
96
|
+
else if (DOM.isTextNode(current)) {
|
|
97
|
+
this.chars(DOM.nodeValue(current));
|
|
98
|
+
}
|
|
99
|
+
if (DOM.firstChild(current)) {
|
|
100
|
+
current = DOM.firstChild(current);
|
|
101
|
+
continue;
|
|
102
|
+
}
|
|
103
|
+
while (current) {
|
|
104
|
+
// Leaving the element. Walk up and to the right, closing tags as we go.
|
|
105
|
+
if (DOM.isElementNode(current)) {
|
|
106
|
+
this.endElement(DOM.nodeName(current).toLowerCase());
|
|
107
|
+
}
|
|
108
|
+
if (DOM.nextSibling(current)) {
|
|
109
|
+
current = DOM.nextSibling(current);
|
|
110
|
+
break;
|
|
111
|
+
}
|
|
112
|
+
current = DOM.parentElement(current);
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
return this.buf.join('');
|
|
116
|
+
}
|
|
117
|
+
startElement(element) {
|
|
118
|
+
let tagName = DOM.nodeName(element).toLowerCase();
|
|
119
|
+
tagName = tagName.toLowerCase();
|
|
120
|
+
if (VALID_ELEMENTS.hasOwnProperty(tagName)) {
|
|
121
|
+
this.buf.push('<');
|
|
122
|
+
this.buf.push(tagName);
|
|
123
|
+
DOM.attributeMap(element).forEach((value, attrName) => {
|
|
124
|
+
let lower = attrName.toLowerCase();
|
|
125
|
+
if (!VALID_ATTRS.hasOwnProperty(lower))
|
|
126
|
+
return;
|
|
127
|
+
// TODO(martinprobst): Special case image URIs for data:image/...
|
|
128
|
+
if (URI_ATTRS[lower])
|
|
129
|
+
value = sanitizeUrl(value);
|
|
130
|
+
this.buf.push(' ');
|
|
131
|
+
this.buf.push(attrName);
|
|
132
|
+
this.buf.push('="');
|
|
133
|
+
this.buf.push(encodeEntities(value));
|
|
134
|
+
this.buf.push('"');
|
|
135
|
+
});
|
|
136
|
+
this.buf.push('>');
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
endElement(tagName) {
|
|
140
|
+
tagName = tagName.toLowerCase();
|
|
141
|
+
if (VALID_ELEMENTS.hasOwnProperty(tagName) && !VOID_ELEMENTS.hasOwnProperty(tagName)) {
|
|
142
|
+
this.buf.push('</');
|
|
143
|
+
this.buf.push(tagName);
|
|
144
|
+
this.buf.push('>');
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
chars(chars /** TODO #9100 */) { this.buf.push(encodeEntities(chars)); }
|
|
148
|
+
}
|
|
149
|
+
// Regular Expressions for parsing tags and attributes
|
|
150
|
+
const SURROGATE_PAIR_REGEXP = /[\uD800-\uDBFF][\uDC00-\uDFFF]/g;
|
|
151
|
+
// ! to ~ is the ASCII range.
|
|
152
|
+
const NON_ALPHANUMERIC_REGEXP = /([^\#-~ |!])/g;
|
|
153
|
+
/**
|
|
154
|
+
* Escapes all potentially dangerous characters, so that the
|
|
155
|
+
* resulting string can be safely inserted into attribute or
|
|
156
|
+
* element text.
|
|
157
|
+
* @param value
|
|
158
|
+
* @returns {string} escaped text
|
|
159
|
+
*/
|
|
160
|
+
function encodeEntities(value /** TODO #9100 */) {
|
|
161
|
+
return value.replace(/&/g, '&')
|
|
162
|
+
.replace(SURROGATE_PAIR_REGEXP, function (match /** TODO #9100 */) {
|
|
163
|
+
let hi = match.charCodeAt(0);
|
|
164
|
+
let low = match.charCodeAt(1);
|
|
165
|
+
return '&#' + (((hi - 0xD800) * 0x400) + (low - 0xDC00) + 0x10000) + ';';
|
|
166
|
+
})
|
|
167
|
+
.replace(NON_ALPHANUMERIC_REGEXP, function (match /** TODO #9100 */) { return '&#' + match.charCodeAt(0) + ';'; })
|
|
168
|
+
.replace(/</g, '<')
|
|
169
|
+
.replace(/>/g, '>');
|
|
170
|
+
}
|
|
171
|
+
/**
|
|
172
|
+
* When IE9-11 comes across an unknown namespaced attribute e.g. 'xlink:foo' it adds 'xmlns:ns1'
|
|
173
|
+
* attribute to declare ns1 namespace and prefixes the attribute with 'ns1' (e.g. 'ns1:xlink:foo').
|
|
174
|
+
*
|
|
175
|
+
* This is undesirable since we don't want to allow any of these custom attributes. This method
|
|
176
|
+
* strips them all.
|
|
177
|
+
*/
|
|
178
|
+
function stripCustomNsAttrs(el) {
|
|
179
|
+
DOM.attributeMap(el).forEach((_, attrName) => {
|
|
180
|
+
if (attrName === 'xmlns:ns1' || attrName.indexOf('ns1:') === 0) {
|
|
181
|
+
DOM.removeAttribute(el, attrName);
|
|
182
|
+
}
|
|
183
|
+
});
|
|
184
|
+
for (let n of DOM.childNodesAsList(el)) {
|
|
185
|
+
if (DOM.isElementNode(n))
|
|
186
|
+
stripCustomNsAttrs(n);
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
/**
|
|
190
|
+
* Sanitizes the given unsafe, untrusted HTML fragment, and returns HTML text that is safe to add to
|
|
191
|
+
* the DOM in a browser environment.
|
|
192
|
+
*/
|
|
193
|
+
export function sanitizeHtml(unsafeHtml) {
|
|
194
|
+
try {
|
|
195
|
+
let containerEl = getInertElement();
|
|
196
|
+
// Make sure unsafeHtml is actually a string (TypeScript types are not enforced at runtime).
|
|
197
|
+
unsafeHtml = unsafeHtml ? String(unsafeHtml) : '';
|
|
198
|
+
// mXSS protection. Repeatedly parse the document to make sure it stabilizes, so that a browser
|
|
199
|
+
// trying to auto-correct incorrect HTML cannot cause formerly inert HTML to become dangerous.
|
|
200
|
+
let mXSSAttempts = 5;
|
|
201
|
+
let parsedHtml = unsafeHtml;
|
|
202
|
+
do {
|
|
203
|
+
if (mXSSAttempts === 0) {
|
|
204
|
+
throw new Error('Failed to sanitize html because the input is unstable');
|
|
205
|
+
}
|
|
206
|
+
mXSSAttempts--;
|
|
207
|
+
unsafeHtml = parsedHtml;
|
|
208
|
+
DOM.setInnerHTML(containerEl, unsafeHtml);
|
|
209
|
+
if (DOM.defaultDoc().documentMode) {
|
|
210
|
+
// strip custom-namespaced attributes on IE<=11
|
|
211
|
+
stripCustomNsAttrs(containerEl);
|
|
212
|
+
}
|
|
213
|
+
parsedHtml = DOM.getInnerHTML(containerEl);
|
|
214
|
+
} while (unsafeHtml !== parsedHtml);
|
|
215
|
+
let sanitizer = new SanitizingHtmlSerializer();
|
|
216
|
+
let safeHtml = sanitizer.sanitizeChildren(DOM.getTemplateContent(containerEl) || containerEl);
|
|
217
|
+
// Clear out the body element.
|
|
218
|
+
let parent = DOM.getTemplateContent(containerEl) || containerEl;
|
|
219
|
+
for (let child of DOM.childNodesAsList(parent)) {
|
|
220
|
+
DOM.removeChild(parent, child);
|
|
221
|
+
}
|
|
222
|
+
if (assertionsEnabled() && safeHtml !== unsafeHtml) {
|
|
223
|
+
DOM.log('WARNING: sanitizing HTML stripped some content.');
|
|
224
|
+
}
|
|
225
|
+
return safeHtml;
|
|
226
|
+
}
|
|
227
|
+
catch (e) {
|
|
228
|
+
// In case anything goes wrong, clear out inertElement to reset the entire DOM structure.
|
|
229
|
+
inertElement = null;
|
|
230
|
+
throw e;
|
|
231
|
+
}
|
|
232
|
+
}
|
|
233
|
+
//# sourceMappingURL=html_sanitizer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"html_sanitizer.js","sourceRoot":"","sources":["../../../../../../modules/@angular/platform-browser/src/security/html_sanitizer.ts"],"names":[],"mappings":"OAAO,EAAa,MAAM,EAAC,MAAM,oBAAoB;OAC9C,EAAC,iBAAiB,EAAC,MAAM,gBAAgB;OAEzC,EAAC,WAAW,EAAC,MAAM,iBAAiB;AAG3C,kGAAkG;AAClG,IAAI,YAAY,GAAgB,IAAI,CAAC;AACrC,2EAA2E;AAC3E,IAAI,GAAG,GAAe,IAAI,CAAC;AAE3B,mGAAmG;AACnG;IACE,EAAE,CAAC,CAAC,YAAY,CAAC;QAAC,MAAM,CAAC,YAAY,CAAC;IACtC,GAAG,GAAG,MAAM,EAAE,CAAC;IAEf,gDAAgD;IAChD,IAAI,UAAU,GAAG,GAAG,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;IAC/C,EAAE,CAAC,CAAC,SAAS,IAAI,UAAU,CAAC;QAAC,MAAM,CAAC,UAAU,CAAC;IAE/C,IAAI,GAAG,GAAG,GAAG,CAAC,kBAAkB,EAAE,CAAC;IACnC,YAAY,GAAG,GAAG,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC9C,EAAE,CAAC,CAAC,YAAY,IAAI,IAAI,CAAC,CAAC,CAAC;QACzB,gGAAgG;QAChG,sBAAsB;QACtB,IAAI,IAAI,GAAG,GAAG,CAAC,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC1C,YAAY,GAAG,GAAG,CAAC,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC9C,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;QACpC,GAAG,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC7B,CAAC;IACD,MAAM,CAAC,YAAY,CAAC;AACtB,CAAC;AAED,gBAAgB,IAAY;IAC1B,IAAI,GAAG,GAA2B,EAAE,CAAC;IACrC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,GAAG,IAAI,CAAC;IAC3D,MAAM,CAAC,GAAG,CAAC;AACb,CAAC;AAED,eAAe,GAAG,IAA8B;IAC9C,IAAI,GAAG,GAA2B,EAAE,CAAC;IACrC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;QACnB,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,EAAE,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;gBAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;QACzC,CAAC;IACH,CAAC;IACD,MAAM,CAAC,GAAG,CAAC;AACb,CAAC;AAED,oDAAoD;AACpD,uDAAuD;AACvD,uCAAuC;AAEvC,6BAA6B;AAC7B,2DAA2D;AAC3D,MAAM,aAAa,GAAG,MAAM,CAAC,wBAAwB,CAAC,CAAC;AAEvD,gFAAgF;AAChF,2DAA2D;AAC3D,MAAM,+BAA+B,GAAG,MAAM,CAAC,gDAAgD,CAAC,CAAC;AACjG,MAAM,gCAAgC,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;AACzD,MAAM,yBAAyB,GAC3B,KAAK,CAAC,gCAAgC,EAAE,+BAA+B,CAAC,CAAC;AAE7E,8BAA8B;AAC9B,MAAM,cAAc,GAAG,KAAK,CACxB,+BAA+B,EAC/B,MAAM,CACF,kBAAkB;IAClB,yFAAyF;IACzF,8DAA8D,CAAC,CAAC,CAAC;AAEzE,0BAA0B;AAC1B,MAAM,eAAe,GAAG,KAAK,CACzB,gCAAgC,EAChC,MAAM,CACF,mBAAmB;IACnB,uFAAuF;IACvF,qDAAqD,CAAC,CAAC,CAAC;AAEhE,MAAM,cAAc,GAChB,KAAK,CAAC,aAAa,EAAE,cAAc,EAAE,eAAe,EAAE,yBAAyB,CAAC,CAAC;AAErF,2DAA2D;AAC3D,MAAM,SAAS,GAAG,MAAM,CAAC,8CAA8C,CAAC,CAAC;AAEzE,MAAM,UAAU,GAAG,MAAM,CACrB,yEAAyE;IACzE,4EAA4E;IAC5E,+DAA+D;IAC/D,2EAA2E;IAC3E,2BAA2B,CAAC,CAAC;AAEjC,+FAA+F;AAC/F,oGAAoG;AACpG,8DAA8D;AAE9D,iGAAiG;AACjG,mGAAmG;AACnG,qBAAqB;AAErB,MAAM,WAAW,GAAG,KAAK,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;AAEjD;;;GAGG;AACH;IAAA;QACU,QAAG,GAAa,EAAE,CAAC;IA+D7B,CAAC;IA7DC,gBAAgB,CAAC,EAAW;QAC1B,oFAAoF;QACpF,6FAA6F;QAC7F,0DAA0D;QAC1D,IAAI,OAAO,GAAS,EAAE,CAAC,UAAU,CAAC;QAClC,OAAO,OAAO,EAAE,CAAC;YACf,EAAE,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBAC/B,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YAC7B,CAAC;YAAC,IAAI,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBACnC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;YACrC,CAAC;YACD,EAAE,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBAC5B,OAAO,GAAG,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBAClC,QAAQ,CAAC;YACX,CAAC;YACD,OAAO,OAAO,EAAE,CAAC;gBACf,wEAAwE;gBACxE,EAAE,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;oBAC/B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;gBACvD,CAAC;gBACD,EAAE,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;oBAC7B,OAAO,GAAG,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;oBACnC,KAAK,CAAC;gBACR,CAAC;gBACD,OAAO,GAAG,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3B,CAAC;IAEO,YAAY,CAAC,OAAY;QAC/B,IAAI,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QAClD,OAAO,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QAChC,EAAE,CAAC,CAAC,cAAc,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YAC3C,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACnB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACvB,GAAG,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,KAAa,EAAE,QAAgB;gBAChE,IAAI,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACnC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;oBAAC,MAAM,CAAC;gBAC/C,iEAAiE;gBACjE,EAAE,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;oBAAC,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;gBACjD,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACnB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACxB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;gBACrC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACrB,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAEO,UAAU,CAAC,OAAe;QAChC,OAAO,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QAChC,EAAE,CAAC,CAAC,cAAc,CAAC,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YACrF,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACvB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,KAAU,CAAC,iBAAiB,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AACvF,CAAC;AAED,sDAAsD;AACtD,MAAM,qBAAqB,GAAG,iCAAiC,CAAC;AAChE,6BAA6B;AAC7B,MAAM,uBAAuB,GAAG,eAAe,CAAC;AAEhD;;;;;;GAMG;AACH,wBAAwB,KAAU,CAAC,iBAAiB;IAClD,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SAC9B,OAAO,CACJ,qBAAqB,EACrB,UAAS,KAAU,CAAC,iBAAiB;QACnC,IAAI,EAAE,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,GAAG,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,GAAG,CAAC;IAC3E,CAAC,CAAC;SACL,OAAO,CACJ,uBAAuB,EACvB,UAAS,KAAU,CAAC,iBAAiB,IAAI,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;SACvF,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,4BAA4B,EAAO;IACjC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ;QACvC,EAAE,CAAC,CAAC,QAAQ,KAAK,WAAW,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC/D,GAAG,CAAC,eAAe,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QACpC,CAAC;IACH,CAAC,CAAC,CAAC;IACH,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACvC,EAAE,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;YAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,6BAA6B,UAAkB;IAC7C,IAAI,CAAC;QACH,IAAI,WAAW,GAAG,eAAe,EAAE,CAAC;QACpC,4FAA4F;QAC5F,UAAU,GAAG,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC;QAElD,+FAA+F;QAC/F,8FAA8F;QAC9F,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,IAAI,UAAU,GAAG,UAAU,CAAC;QAE5B,GAAG,CAAC;YACF,EAAE,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAC3E,CAAC;YACD,YAAY,EAAE,CAAC;YAEf,UAAU,GAAG,UAAU,CAAC;YACxB,GAAG,CAAC,YAAY,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;YAC1C,EAAE,CAAC,CAAE,GAAG,CAAC,UAAU,EAAU,CAAC,YAAY,CAAC,CAAC,CAAC;gBAC3C,+CAA+C;gBAC/C,kBAAkB,CAAC,WAAW,CAAC,CAAC;YAClC,CAAC;YACD,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QAC7C,CAAC,QAAQ,UAAU,KAAK,UAAU,EAAE;QAEpC,IAAI,SAAS,GAAG,IAAI,wBAAwB,EAAE,CAAC;QAC/C,IAAI,QAAQ,GAAG,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,kBAAkB,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC,CAAC;QAE9F,8BAA8B;QAC9B,IAAI,MAAM,GAAG,GAAG,CAAC,kBAAkB,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC;QAChE,GAAG,CAAC,CAAC,IAAI,KAAK,IAAI,GAAG,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAC/C,GAAG,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACjC,CAAC;QAED,EAAE,CAAC,CAAC,iBAAiB,EAAE,IAAI,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC;YACnD,GAAG,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,CAAC,QAAQ,CAAC;IAClB,CAAE;IAAA,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACX,yFAAyF;QACzF,YAAY,GAAG,IAAI,CAAC;QACpB,MAAM,CAAC,CAAC;IACV,CAAC;AACH,CAAC","sourcesContent":["import {DomAdapter, getDOM} from '../dom/dom_adapter';\nimport {assertionsEnabled} from '../facade/lang';\n\nimport {sanitizeUrl} from './url_sanitizer';\n\n\n/** A <body> element that can be safely used to parse untrusted HTML. Lazily initialized below. */\nlet inertElement: HTMLElement = null;\n/** Lazily initialized to make sure the DOM adapter gets set before use. */\nlet DOM: DomAdapter = null;\n\n/** Returns an HTML element that is guaranteed to not execute code when creating elements in it. */\nfunction getInertElement() {\n if (inertElement) return inertElement;\n DOM = getDOM();\n\n // Prefer using <template> element if supported.\n let templateEl = DOM.createElement('template');\n if ('content' in templateEl) return templateEl;\n\n let doc = DOM.createHtmlDocument();\n inertElement = DOM.querySelector(doc, 'body');\n if (inertElement == null) {\n // usually there should be only one body element in the document, but IE doesn't have any, so we\n // need to create one.\n let html = DOM.createElement('html', doc);\n inertElement = DOM.createElement('body', doc);\n DOM.appendChild(html, inertElement);\n DOM.appendChild(doc, html);\n }\n return inertElement;\n}\n\nfunction tagSet(tags: string): {[k: string]: boolean} {\n let res: {[k: string]: boolean} = {};\n for (let t of tags.split(',')) res[t.toLowerCase()] = true;\n return res;\n}\n\nfunction merge(...sets: {[k: string]: boolean}[]): {[k: string]: boolean} {\n let res: {[k: string]: boolean} = {};\n for (let s of sets) {\n for (let v in s) {\n if (s.hasOwnProperty(v)) res[v] = true;\n }\n }\n return res;\n}\n\n// Good source of info about elements and attributes\n// http://dev.w3.org/html5/spec/Overview.html#semantics\n// http://simon.html5.org/html-elements\n\n// Safe Void Elements - HTML5\n// http://dev.w3.org/html5/spec/Overview.html#void-elements\nconst VOID_ELEMENTS = tagSet('area,br,col,hr,img,wbr');\n\n// Elements that you can, intentionally, leave open (and which close themselves)\n// http://dev.w3.org/html5/spec/Overview.html#optional-tags\nconst OPTIONAL_END_TAG_BLOCK_ELEMENTS = tagSet('colgroup,dd,dt,li,p,tbody,td,tfoot,th,thead,tr');\nconst OPTIONAL_END_TAG_INLINE_ELEMENTS = tagSet('rp,rt');\nconst OPTIONAL_END_TAG_ELEMENTS =\n merge(OPTIONAL_END_TAG_INLINE_ELEMENTS, OPTIONAL_END_TAG_BLOCK_ELEMENTS);\n\n// Safe Block Elements - HTML5\nconst BLOCK_ELEMENTS = merge(\n OPTIONAL_END_TAG_BLOCK_ELEMENTS,\n tagSet(\n 'address,article,' +\n 'aside,blockquote,caption,center,del,dir,div,dl,figure,figcaption,footer,h1,h2,h3,h4,h5,' +\n 'h6,header,hgroup,hr,ins,map,menu,nav,ol,pre,section,table,ul'));\n\n// Inline Elements - HTML5\nconst INLINE_ELEMENTS = merge(\n OPTIONAL_END_TAG_INLINE_ELEMENTS,\n tagSet(\n 'a,abbr,acronym,b,' +\n 'bdi,bdo,big,br,cite,code,del,dfn,em,font,i,img,ins,kbd,label,map,mark,q,ruby,rp,rt,s,' +\n 'samp,small,span,strike,strong,sub,sup,time,tt,u,var'));\n\nconst VALID_ELEMENTS =\n merge(VOID_ELEMENTS, BLOCK_ELEMENTS, INLINE_ELEMENTS, OPTIONAL_END_TAG_ELEMENTS);\n\n// Attributes that have href and hence need to be sanitized\nconst URI_ATTRS = tagSet('background,cite,href,longdesc,src,xlink:href');\n\nconst HTML_ATTRS = tagSet(\n 'abbr,align,alt,axis,bgcolor,border,cellpadding,cellspacing,class,clear,' +\n 'color,cols,colspan,compact,coords,dir,face,headers,height,hreflang,hspace,' +\n 'ismap,lang,language,nohref,nowrap,rel,rev,rows,rowspan,rules,' +\n 'scope,scrolling,shape,size,span,start,summary,tabindex,target,title,type,' +\n 'valign,value,vspace,width');\n\n// NB: This currently conciously doesn't support SVG. SVG sanitization has had several security\n// issues in the past, so it seems safer to leave it out if possible. If support for binding SVG via\n// innerHTML is required, SVG attributes should be added here.\n\n// NB: Sanitization does not allow <form> elements or other active elements (<button> etc). Those\n// can be sanitized, but they increase security surface area without a legitimate use case, so they\n// are left out here.\n\nconst VALID_ATTRS = merge(URI_ATTRS, HTML_ATTRS);\n\n/**\n * SanitizingHtmlSerializer serializes a DOM fragment, stripping out any unsafe elements and unsafe\n * attributes.\n */\nclass SanitizingHtmlSerializer {\n private buf: string[] = [];\n\n sanitizeChildren(el: Element): string {\n // This cannot use a TreeWalker, as it has to run on Angular's various DOM adapters.\n // However this code never accesses properties off of `document` before deleting its contents\n // again, so it shouldn't be vulnerable to DOM clobbering.\n let current: Node = el.firstChild;\n while (current) {\n if (DOM.isElementNode(current)) {\n this.startElement(current);\n } else if (DOM.isTextNode(current)) {\n this.chars(DOM.nodeValue(current));\n }\n if (DOM.firstChild(current)) {\n current = DOM.firstChild(current);\n continue;\n }\n while (current) {\n // Leaving the element. Walk up and to the right, closing tags as we go.\n if (DOM.isElementNode(current)) {\n this.endElement(DOM.nodeName(current).toLowerCase());\n }\n if (DOM.nextSibling(current)) {\n current = DOM.nextSibling(current);\n break;\n }\n current = DOM.parentElement(current);\n }\n }\n return this.buf.join('');\n }\n\n private startElement(element: any) {\n let tagName = DOM.nodeName(element).toLowerCase();\n tagName = tagName.toLowerCase();\n if (VALID_ELEMENTS.hasOwnProperty(tagName)) {\n this.buf.push('<');\n this.buf.push(tagName);\n DOM.attributeMap(element).forEach((value: string, attrName: string) => {\n let lower = attrName.toLowerCase();\n if (!VALID_ATTRS.hasOwnProperty(lower)) return;\n // TODO(martinprobst): Special case image URIs for data:image/...\n if (URI_ATTRS[lower]) value = sanitizeUrl(value);\n this.buf.push(' ');\n this.buf.push(attrName);\n this.buf.push('=\"');\n this.buf.push(encodeEntities(value));\n this.buf.push('\"');\n });\n this.buf.push('>');\n }\n }\n\n private endElement(tagName: string) {\n tagName = tagName.toLowerCase();\n if (VALID_ELEMENTS.hasOwnProperty(tagName) && !VOID_ELEMENTS.hasOwnProperty(tagName)) {\n this.buf.push('</');\n this.buf.push(tagName);\n this.buf.push('>');\n }\n }\n\n private chars(chars: any /** TODO #9100 */) { this.buf.push(encodeEntities(chars)); }\n}\n\n// Regular Expressions for parsing tags and attributes\nconst SURROGATE_PAIR_REGEXP = /[\\uD800-\\uDBFF][\\uDC00-\\uDFFF]/g;\n// ! to ~ is the ASCII range.\nconst NON_ALPHANUMERIC_REGEXP = /([^\\#-~ |!])/g;\n\n/**\n * Escapes all potentially dangerous characters, so that the\n * resulting string can be safely inserted into attribute or\n * element text.\n * @param value\n * @returns {string} escaped text\n */\nfunction encodeEntities(value: any /** TODO #9100 */) {\n return value.replace(/&/g, '&')\n .replace(\n SURROGATE_PAIR_REGEXP,\n function(match: any /** TODO #9100 */) {\n let hi = match.charCodeAt(0);\n let low = match.charCodeAt(1);\n return '&#' + (((hi - 0xD800) * 0x400) + (low - 0xDC00) + 0x10000) + ';';\n })\n .replace(\n NON_ALPHANUMERIC_REGEXP,\n function(match: any /** TODO #9100 */) { return '&#' + match.charCodeAt(0) + ';'; })\n .replace(/</g, '<')\n .replace(/>/g, '>');\n}\n\n/**\n * When IE9-11 comes across an unknown namespaced attribute e.g. 'xlink:foo' it adds 'xmlns:ns1'\n * attribute to declare ns1 namespace and prefixes the attribute with 'ns1' (e.g. 'ns1:xlink:foo').\n *\n * This is undesirable since we don't want to allow any of these custom attributes. This method\n * strips them all.\n */\nfunction stripCustomNsAttrs(el: any) {\n DOM.attributeMap(el).forEach((_, attrName) => {\n if (attrName === 'xmlns:ns1' || attrName.indexOf('ns1:') === 0) {\n DOM.removeAttribute(el, attrName);\n }\n });\n for (let n of DOM.childNodesAsList(el)) {\n if (DOM.isElementNode(n)) stripCustomNsAttrs(n);\n }\n}\n\n/**\n * Sanitizes the given unsafe, untrusted HTML fragment, and returns HTML text that is safe to add to\n * the DOM in a browser environment.\n */\nexport function sanitizeHtml(unsafeHtml: string): string {\n try {\n let containerEl = getInertElement();\n // Make sure unsafeHtml is actually a string (TypeScript types are not enforced at runtime).\n unsafeHtml = unsafeHtml ? String(unsafeHtml) : '';\n\n // mXSS protection. Repeatedly parse the document to make sure it stabilizes, so that a browser\n // trying to auto-correct incorrect HTML cannot cause formerly inert HTML to become dangerous.\n let mXSSAttempts = 5;\n let parsedHtml = unsafeHtml;\n\n do {\n if (mXSSAttempts === 0) {\n throw new Error('Failed to sanitize html because the input is unstable');\n }\n mXSSAttempts--;\n\n unsafeHtml = parsedHtml;\n DOM.setInnerHTML(containerEl, unsafeHtml);\n if ((DOM.defaultDoc() as any).documentMode) {\n // strip custom-namespaced attributes on IE<=11\n stripCustomNsAttrs(containerEl);\n }\n parsedHtml = DOM.getInnerHTML(containerEl);\n } while (unsafeHtml !== parsedHtml);\n\n let sanitizer = new SanitizingHtmlSerializer();\n let safeHtml = sanitizer.sanitizeChildren(DOM.getTemplateContent(containerEl) || containerEl);\n\n // Clear out the body element.\n let parent = DOM.getTemplateContent(containerEl) || containerEl;\n for (let child of DOM.childNodesAsList(parent)) {\n DOM.removeChild(parent, child);\n }\n\n if (assertionsEnabled() && safeHtml !== unsafeHtml) {\n DOM.log('WARNING: sanitizing HTML stripped some content.');\n }\n\n return safeHtml;\n } catch (e) {\n // In case anything goes wrong, clear out inertElement to reset the entire DOM structure.\n inertElement = null;\n throw e;\n }\n}\n\ninterface DecoratorInvocation {\n type: Function;\n args?: any[];\n}\n"]}
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
import { getDOM } from '../dom/dom_adapter';
|
|
2
|
+
import { assertionsEnabled } from '../facade/lang';
|
|
3
|
+
import { sanitizeUrl } from './url_sanitizer';
|
|
4
|
+
/**
|
|
5
|
+
* Regular expression for safe style values.
|
|
6
|
+
*
|
|
7
|
+
* Quotes (" and ') are allowed, but a check must be done elsewhere to ensure they're balanced.
|
|
8
|
+
*
|
|
9
|
+
* ',' allows multiple values to be assigned to the same property (e.g. background-attachment or
|
|
10
|
+
* font-family) and hence could allow multiple values to get injected, but that should pose no risk
|
|
11
|
+
* of XSS.
|
|
12
|
+
*
|
|
13
|
+
* The function expression checks only for XSS safety, not for CSS validity.
|
|
14
|
+
*
|
|
15
|
+
* This regular expression was taken from the Closure sanitization library, and augmented for
|
|
16
|
+
* transformation values.
|
|
17
|
+
*/
|
|
18
|
+
const VALUES = '[-,."\'%_!# a-zA-Z0-9]+';
|
|
19
|
+
const TRANSFORMATION_FNS = '(?:matrix|translate|scale|rotate|skew|perspective)(?:X|Y|3d)?';
|
|
20
|
+
const COLOR_FNS = '(?:rgb|hsl)a?';
|
|
21
|
+
const FN_ARGS = '\\([-0-9.%, a-zA-Z]+\\)';
|
|
22
|
+
const SAFE_STYLE_VALUE = new RegExp(`^(${VALUES}|(?:${TRANSFORMATION_FNS}|${COLOR_FNS})${FN_ARGS})$`, 'g');
|
|
23
|
+
/**
|
|
24
|
+
* Matches a `url(...)` value with an arbitrary argument as long as it does
|
|
25
|
+
* not contain parentheses.
|
|
26
|
+
*
|
|
27
|
+
* The URL value still needs to be sanitized separately.
|
|
28
|
+
*
|
|
29
|
+
* `url(...)` values are a very common use case, e.g. for `background-image`. With carefully crafted
|
|
30
|
+
* CSS style rules, it is possible to construct an information leak with `url` values in CSS, e.g.
|
|
31
|
+
* by observing whether scroll bars are displayed, or character ranges used by a font face
|
|
32
|
+
* definition.
|
|
33
|
+
*
|
|
34
|
+
* Angular only allows binding CSS values (as opposed to entire CSS rules), so it is unlikely that
|
|
35
|
+
* binding a URL value without further cooperation from the page will cause an information leak, and
|
|
36
|
+
* if so, it is just a leak, not a full blown XSS vulnerability.
|
|
37
|
+
*
|
|
38
|
+
* Given the common use case, low likelihood of attack vector, and low impact of an attack, this
|
|
39
|
+
* code is permissive and allows URLs that sanitize otherwise.
|
|
40
|
+
*/
|
|
41
|
+
const URL_RE = /^url\(([^)]+)\)$/;
|
|
42
|
+
/**
|
|
43
|
+
* Checks that quotes (" and ') are properly balanced inside a string. Assumes
|
|
44
|
+
* that neither escape (\) nor any other character that could result in
|
|
45
|
+
* breaking out of a string parsing context are allowed;
|
|
46
|
+
* see http://www.w3.org/TR/css3-syntax/#string-token-diagram.
|
|
47
|
+
*
|
|
48
|
+
* This code was taken from the Closure sanitization library.
|
|
49
|
+
*/
|
|
50
|
+
function hasBalancedQuotes(value) {
|
|
51
|
+
let outsideSingle = true;
|
|
52
|
+
let outsideDouble = true;
|
|
53
|
+
for (let i = 0; i < value.length; i++) {
|
|
54
|
+
let c = value.charAt(i);
|
|
55
|
+
if (c === '\'' && outsideDouble) {
|
|
56
|
+
outsideSingle = !outsideSingle;
|
|
57
|
+
}
|
|
58
|
+
else if (c === '"' && outsideSingle) {
|
|
59
|
+
outsideDouble = !outsideDouble;
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
return outsideSingle && outsideDouble;
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* Sanitizes the given untrusted CSS style property value (i.e. not an entire object, just a single
|
|
66
|
+
* value) and returns a value that is safe to use in a browser environment.
|
|
67
|
+
*/
|
|
68
|
+
export function sanitizeStyle(value) {
|
|
69
|
+
value = String(value).trim(); // Make sure it's actually a string.
|
|
70
|
+
// Single url(...) values are supported, but only for URLs that sanitize cleanly. See above for
|
|
71
|
+
// reasoning behind this.
|
|
72
|
+
let urlMatch = URL_RE.exec(value);
|
|
73
|
+
if ((urlMatch && sanitizeUrl(urlMatch[1]) === urlMatch[1]) ||
|
|
74
|
+
value.match(SAFE_STYLE_VALUE) && hasBalancedQuotes(value)) {
|
|
75
|
+
return value; // Safe style values.
|
|
76
|
+
}
|
|
77
|
+
if (assertionsEnabled())
|
|
78
|
+
getDOM().log('WARNING: sanitizing unsafe style value ' + value);
|
|
79
|
+
return 'unsafe';
|
|
80
|
+
}
|
|
81
|
+
//# sourceMappingURL=style_sanitizer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"style_sanitizer.js","sourceRoot":"","sources":["../../../../../../modules/@angular/platform-browser/src/security/style_sanitizer.ts"],"names":[],"mappings":"OAAO,EAAC,MAAM,EAAC,MAAM,oBAAoB;OAClC,EAAC,iBAAiB,EAAC,MAAM,gBAAgB;OAEzC,EAAC,WAAW,EAAC,MAAM,iBAAiB;AAE3C;;;;;;;;;;;;;GAaG;AACH,MAAM,MAAM,GAAG,yBAAyB,CAAC;AACzC,MAAM,kBAAkB,GAAG,+DAA+D,CAAC;AAC3F,MAAM,SAAS,GAAG,eAAe,CAAC;AAClC,MAAM,OAAO,GAAG,yBAAyB,CAAC;AAC1C,MAAM,gBAAgB,GAClB,IAAI,MAAM,CAAC,KAAK,MAAM,OAAO,kBAAkB,IAAI,SAAS,IAAI,OAAO,IAAI,EAAE,GAAG,CAAC,CAAC;AAEtF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,GAAG,kBAAkB,CAAC;AAElC;;;;;;;GAOG;AACH,2BAA2B,KAAa;IACtC,IAAI,aAAa,GAAG,IAAI,CAAC;IACzB,IAAI,aAAa,GAAG,IAAI,CAAC;IACzB,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,aAAa,CAAC,CAAC,CAAC;YAChC,aAAa,GAAG,CAAC,aAAa,CAAC;QACjC,CAAC;QAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,aAAa,CAAC,CAAC,CAAC;YACtC,aAAa,GAAG,CAAC,aAAa,CAAC;QACjC,CAAC;IACH,CAAC;IACD,MAAM,CAAC,aAAa,IAAI,aAAa,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,8BAA8B,KAAa;IACzC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAE,oCAAoC;IAEnE,+FAA+F;IAC/F,yBAAyB;IACzB,IAAI,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClC,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC;QACtD,KAAK,CAAC,KAAK,CAAC,gBAAgB,CAAC,IAAI,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9D,MAAM,CAAC,KAAK,CAAC,CAAE,qBAAqB;IACtC,CAAC;IAED,EAAE,CAAC,CAAC,iBAAiB,EAAE,CAAC;QAAC,MAAM,EAAE,CAAC,GAAG,CAAC,yCAAyC,GAAG,KAAK,CAAC,CAAC;IAEzF,MAAM,CAAC,QAAQ,CAAC;AAClB,CAAC","sourcesContent":["import {getDOM} from '../dom/dom_adapter';\nimport {assertionsEnabled} from '../facade/lang';\n\nimport {sanitizeUrl} from './url_sanitizer';\n\n/**\n * Regular expression for safe style values.\n *\n * Quotes (\" and ') are allowed, but a check must be done elsewhere to ensure they're balanced.\n *\n * ',' allows multiple values to be assigned to the same property (e.g. background-attachment or\n * font-family) and hence could allow multiple values to get injected, but that should pose no risk\n * of XSS.\n *\n * The function expression checks only for XSS safety, not for CSS validity.\n *\n * This regular expression was taken from the Closure sanitization library, and augmented for\n * transformation values.\n */\nconst VALUES = '[-,.\"\\'%_!# a-zA-Z0-9]+';\nconst TRANSFORMATION_FNS = '(?:matrix|translate|scale|rotate|skew|perspective)(?:X|Y|3d)?';\nconst COLOR_FNS = '(?:rgb|hsl)a?';\nconst FN_ARGS = '\\\\([-0-9.%, a-zA-Z]+\\\\)';\nconst SAFE_STYLE_VALUE =\n new RegExp(`^(${VALUES}|(?:${TRANSFORMATION_FNS}|${COLOR_FNS})${FN_ARGS})$`, 'g');\n\n/**\n * Matches a `url(...)` value with an arbitrary argument as long as it does\n * not contain parentheses.\n *\n * The URL value still needs to be sanitized separately.\n *\n * `url(...)` values are a very common use case, e.g. for `background-image`. With carefully crafted\n * CSS style rules, it is possible to construct an information leak with `url` values in CSS, e.g.\n * by observing whether scroll bars are displayed, or character ranges used by a font face\n * definition.\n *\n * Angular only allows binding CSS values (as opposed to entire CSS rules), so it is unlikely that\n * binding a URL value without further cooperation from the page will cause an information leak, and\n * if so, it is just a leak, not a full blown XSS vulnerability.\n *\n * Given the common use case, low likelihood of attack vector, and low impact of an attack, this\n * code is permissive and allows URLs that sanitize otherwise.\n */\nconst URL_RE = /^url\\(([^)]+)\\)$/;\n\n/**\n * Checks that quotes (\" and ') are properly balanced inside a string. Assumes\n * that neither escape (\\) nor any other character that could result in\n * breaking out of a string parsing context are allowed;\n * see http://www.w3.org/TR/css3-syntax/#string-token-diagram.\n *\n * This code was taken from the Closure sanitization library.\n */\nfunction hasBalancedQuotes(value: string) {\n let outsideSingle = true;\n let outsideDouble = true;\n for (let i = 0; i < value.length; i++) {\n let c = value.charAt(i);\n if (c === '\\'' && outsideDouble) {\n outsideSingle = !outsideSingle;\n } else if (c === '\"' && outsideSingle) {\n outsideDouble = !outsideDouble;\n }\n }\n return outsideSingle && outsideDouble;\n}\n\n/**\n * Sanitizes the given untrusted CSS style property value (i.e. not an entire object, just a single\n * value) and returns a value that is safe to use in a browser environment.\n */\nexport function sanitizeStyle(value: string): string {\n value = String(value).trim(); // Make sure it's actually a string.\n\n // Single url(...) values are supported, but only for URLs that sanitize cleanly. See above for\n // reasoning behind this.\n let urlMatch = URL_RE.exec(value);\n if ((urlMatch && sanitizeUrl(urlMatch[1]) === urlMatch[1]) ||\n value.match(SAFE_STYLE_VALUE) && hasBalancedQuotes(value)) {\n return value; // Safe style values.\n }\n\n if (assertionsEnabled()) getDOM().log('WARNING: sanitizing unsafe style value ' + value);\n\n return 'unsafe';\n}\n\ninterface DecoratorInvocation {\n type: Function;\n args?: any[];\n}\n"]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare function sanitizeUrl(url: string): string;
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
import { getDOM } from '../dom/dom_adapter';
|
|
2
|
+
import { assertionsEnabled } from '../facade/lang';
|
|
3
|
+
/**
|
|
4
|
+
* A pattern that recognizes a commonly useful subset of URLs that are safe.
|
|
5
|
+
*
|
|
6
|
+
* This regular expression matches a subset of URLs that will not cause script
|
|
7
|
+
* execution if used in URL context within a HTML document. Specifically, this
|
|
8
|
+
* regular expression matches if (comment from here on and regex copied from
|
|
9
|
+
* Soy's EscapingConventions):
|
|
10
|
+
* (1) Either a protocol in a whitelist (http, https, mailto or ftp).
|
|
11
|
+
* (2) or no protocol. A protocol must be followed by a colon. The below
|
|
12
|
+
* allows that by allowing colons only after one of the characters [/?#].
|
|
13
|
+
* A colon after a hash (#) must be in the fragment.
|
|
14
|
+
* Otherwise, a colon after a (?) must be in a query.
|
|
15
|
+
* Otherwise, a colon after a single solidus (/) must be in a path.
|
|
16
|
+
* Otherwise, a colon after a double solidus (//) must be in the authority
|
|
17
|
+
* (before port).
|
|
18
|
+
*
|
|
19
|
+
* The pattern disallows &, used in HTML entity declarations before
|
|
20
|
+
* one of the characters in [/?#]. This disallows HTML entities used in the
|
|
21
|
+
* protocol name, which should never happen, e.g. "http" for "http".
|
|
22
|
+
* It also disallows HTML entities in the first path part of a relative path,
|
|
23
|
+
* e.g. "foo<bar/baz". Our existing escaping functions should not produce
|
|
24
|
+
* that. More importantly, it disallows masking of a colon,
|
|
25
|
+
* e.g. "javascript:...".
|
|
26
|
+
*
|
|
27
|
+
* This regular expression was taken from the Closure sanitization library.
|
|
28
|
+
*/
|
|
29
|
+
const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^&:/?#]*(?:[/?#]|$))/gi;
|
|
30
|
+
/** A pattern that matches safe data URLs. Only matches image and video types. */
|
|
31
|
+
const DATA_URL_PATTERN = /^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm));base64,[a-z0-9+\/]+=*$/i;
|
|
32
|
+
export function sanitizeUrl(url) {
|
|
33
|
+
url = String(url);
|
|
34
|
+
if (url.match(SAFE_URL_PATTERN) || url.match(DATA_URL_PATTERN))
|
|
35
|
+
return url;
|
|
36
|
+
if (assertionsEnabled())
|
|
37
|
+
getDOM().log('WARNING: sanitizing unsafe URL value ' + url);
|
|
38
|
+
return 'unsafe:' + url;
|
|
39
|
+
}
|
|
40
|
+
//# sourceMappingURL=url_sanitizer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"url_sanitizer.js","sourceRoot":"","sources":["../../../../../../modules/@angular/platform-browser/src/security/url_sanitizer.ts"],"names":[],"mappings":"OAAO,EAAC,MAAM,EAAC,MAAM,oBAAoB;OAClC,EAAC,iBAAiB,EAAC,MAAM,gBAAgB;AAEhD;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,gBAAgB,GAAG,6DAA6D,CAAC;AAEvF,iFAAiF;AACjF,MAAM,gBAAgB,GAClB,0GAA0G,CAAC;AAE/G,4BAA4B,GAAW;IACrC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAClB,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAAC,MAAM,CAAC,GAAG,CAAC;IAE3E,EAAE,CAAC,CAAC,iBAAiB,EAAE,CAAC;QAAC,MAAM,EAAE,CAAC,GAAG,CAAC,uCAAuC,GAAG,GAAG,CAAC,CAAC;IAErF,MAAM,CAAC,SAAS,GAAG,GAAG,CAAC;AACzB,CAAC","sourcesContent":["import {getDOM} from '../dom/dom_adapter';\nimport {assertionsEnabled} from '../facade/lang';\n\n/**\n * A pattern that recognizes a commonly useful subset of URLs that are safe.\n *\n * This regular expression matches a subset of URLs that will not cause script\n * execution if used in URL context within a HTML document. Specifically, this\n * regular expression matches if (comment from here on and regex copied from\n * Soy's EscapingConventions):\n * (1) Either a protocol in a whitelist (http, https, mailto or ftp).\n * (2) or no protocol. A protocol must be followed by a colon. The below\n * allows that by allowing colons only after one of the characters [/?#].\n * A colon after a hash (#) must be in the fragment.\n * Otherwise, a colon after a (?) must be in a query.\n * Otherwise, a colon after a single solidus (/) must be in a path.\n * Otherwise, a colon after a double solidus (//) must be in the authority\n * (before port).\n *\n * The pattern disallows &, used in HTML entity declarations before\n * one of the characters in [/?#]. This disallows HTML entities used in the\n * protocol name, which should never happen, e.g. \"http\" for \"http\".\n * It also disallows HTML entities in the first path part of a relative path,\n * e.g. \"foo<bar/baz\". Our existing escaping functions should not produce\n * that. More importantly, it disallows masking of a colon,\n * e.g. \"javascript:...\".\n *\n * This regular expression was taken from the Closure sanitization library.\n */\nconst SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^&:/?#]*(?:[/?#]|$))/gi;\n\n/** A pattern that matches safe data URLs. Only matches image and video types. */\nconst DATA_URL_PATTERN =\n /^data:(?:image\\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\\/(?:mpeg|mp4|ogg|webm));base64,[a-z0-9+\\/]+=*$/i;\n\nexport function sanitizeUrl(url: string): string {\n url = String(url);\n if (url.match(SAFE_URL_PATTERN) || url.match(DATA_URL_PATTERN)) return url;\n\n if (assertionsEnabled()) getDOM().log('WARNING: sanitizing unsafe URL value ' + url);\n\n return 'unsafe:' + url;\n}\n\ninterface DecoratorInvocation {\n type: Function;\n args?: any[];\n}\n"]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api.js","sourceRoot":"","sources":["../../../../../../../modules/@angular/platform-browser/src/web_workers/shared/api.ts"],"names":[],"mappings":"OAAO,EAAC,WAAW,EAAC,MAAM,eAAe;AAEzC,OAAO,MAAM,aAAa,GAAG,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC","sourcesContent":["import {OpaqueToken} from '@angular/core';\n\nexport const ON_WEB_WORKER = new OpaqueToken('WebWorker.onWebWorker');\n\ninterface DecoratorInvocation {\n type: Function;\n args?: any[];\n}\n"]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"__symbolic":"module","version":1,"metadata":{"ON_WEB_WORKER":{"__symbolic":"new","expression":{"__symbolic":"reference","module":"@angular/core","name":"OpaqueToken"},"arguments":["WebWorker.onWebWorker"]}}}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
import { Type } from '@angular/core';
|
|
2
|
+
import { MessageBus } from './message_bus';
|
|
3
|
+
import { Serializer } from './serializer';
|
|
4
|
+
/**
|
|
5
|
+
* @experimental
|
|
6
|
+
*/
|
|
7
|
+
export declare abstract class ClientMessageBrokerFactory {
|
|
8
|
+
/**
|
|
9
|
+
* Initializes the given channel and attaches a new {@link ClientMessageBroker} to it.
|
|
10
|
+
*/
|
|
11
|
+
abstract createMessageBroker(channel: string, runInZone?: boolean): ClientMessageBroker;
|
|
12
|
+
}
|
|
13
|
+
export declare class ClientMessageBrokerFactory_ extends ClientMessageBrokerFactory {
|
|
14
|
+
private _messageBus;
|
|
15
|
+
constructor(_messageBus: MessageBus, _serializer: Serializer);
|
|
16
|
+
/**
|
|
17
|
+
* Initializes the given channel and attaches a new {@link ClientMessageBroker} to it.
|
|
18
|
+
*/
|
|
19
|
+
createMessageBroker(channel: string, runInZone?: boolean): ClientMessageBroker;
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* @experimental
|
|
23
|
+
*/
|
|
24
|
+
export declare abstract class ClientMessageBroker {
|
|
25
|
+
abstract runOnService(args: UiArguments, returnType: Type): Promise<any>;
|
|
26
|
+
}
|
|
27
|
+
export declare class ClientMessageBroker_ extends ClientMessageBroker {
|
|
28
|
+
channel: any;
|
|
29
|
+
private _pending;
|
|
30
|
+
private _sink;
|
|
31
|
+
constructor(messageBus: MessageBus, _serializer: Serializer, channel: any);
|
|
32
|
+
private _generateMessageId(name);
|
|
33
|
+
runOnService(args: UiArguments, returnType: Type): Promise<any>;
|
|
34
|
+
private _handleMessage(message);
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* @experimental
|
|
38
|
+
*/
|
|
39
|
+
export declare class FnArg {
|
|
40
|
+
value: any;
|
|
41
|
+
type: Type;
|
|
42
|
+
constructor(value: any, type: Type);
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* @experimental
|
|
46
|
+
*/
|
|
47
|
+
export declare class UiArguments {
|
|
48
|
+
method: string;
|
|
49
|
+
args: FnArg[];
|
|
50
|
+
constructor(method: string, args?: FnArg[]);
|
|
51
|
+
}
|
|
@@ -0,0 +1,156 @@
|
|
|
1
|
+
import { Injectable } from '@angular/core';
|
|
2
|
+
import { ObservableWrapper, PromiseWrapper } from '../../facade/async';
|
|
3
|
+
import { StringMapWrapper } from '../../facade/collection';
|
|
4
|
+
import { DateWrapper, StringWrapper, isPresent, print, stringify } from '../../facade/lang';
|
|
5
|
+
import { MessageBus } from './message_bus';
|
|
6
|
+
import { Serializer } from './serializer';
|
|
7
|
+
/**
|
|
8
|
+
* @experimental
|
|
9
|
+
*/
|
|
10
|
+
export class ClientMessageBrokerFactory {
|
|
11
|
+
}
|
|
12
|
+
export class ClientMessageBrokerFactory_ extends ClientMessageBrokerFactory {
|
|
13
|
+
constructor(_messageBus, _serializer) {
|
|
14
|
+
super();
|
|
15
|
+
this._messageBus = _messageBus;
|
|
16
|
+
this._serializer = _serializer;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Initializes the given channel and attaches a new {@link ClientMessageBroker} to it.
|
|
20
|
+
*/
|
|
21
|
+
createMessageBroker(channel, runInZone = true) {
|
|
22
|
+
this._messageBus.initChannel(channel, runInZone);
|
|
23
|
+
return new ClientMessageBroker_(this._messageBus, this._serializer, channel);
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
/** @nocollapse */
|
|
27
|
+
ClientMessageBrokerFactory_.decorators = [
|
|
28
|
+
{ type: Injectable },
|
|
29
|
+
];
|
|
30
|
+
/** @nocollapse */
|
|
31
|
+
ClientMessageBrokerFactory_.ctorParameters = [
|
|
32
|
+
{ type: MessageBus, },
|
|
33
|
+
{ type: Serializer, },
|
|
34
|
+
];
|
|
35
|
+
/**
|
|
36
|
+
* @experimental
|
|
37
|
+
*/
|
|
38
|
+
export class ClientMessageBroker {
|
|
39
|
+
}
|
|
40
|
+
export class ClientMessageBroker_ extends ClientMessageBroker {
|
|
41
|
+
constructor(messageBus, _serializer, channel /** TODO #9100 */) {
|
|
42
|
+
super();
|
|
43
|
+
this.channel = channel;
|
|
44
|
+
this._pending = new Map();
|
|
45
|
+
this._sink = messageBus.to(channel);
|
|
46
|
+
this._serializer = _serializer;
|
|
47
|
+
var source = messageBus.from(channel);
|
|
48
|
+
ObservableWrapper.subscribe(source, (message) => this._handleMessage(message));
|
|
49
|
+
}
|
|
50
|
+
_generateMessageId(name) {
|
|
51
|
+
var time = stringify(DateWrapper.toMillis(DateWrapper.now()));
|
|
52
|
+
var iteration = 0;
|
|
53
|
+
var id = name + time + stringify(iteration);
|
|
54
|
+
while (isPresent(this._pending[id])) {
|
|
55
|
+
id = `${name}${time}${iteration}`;
|
|
56
|
+
iteration++;
|
|
57
|
+
}
|
|
58
|
+
return id;
|
|
59
|
+
}
|
|
60
|
+
runOnService(args, returnType) {
|
|
61
|
+
var fnArgs = [];
|
|
62
|
+
if (isPresent(args.args)) {
|
|
63
|
+
args.args.forEach(argument => {
|
|
64
|
+
if (argument.type != null) {
|
|
65
|
+
fnArgs.push(this._serializer.serialize(argument.value, argument.type));
|
|
66
|
+
}
|
|
67
|
+
else {
|
|
68
|
+
fnArgs.push(argument.value);
|
|
69
|
+
}
|
|
70
|
+
});
|
|
71
|
+
}
|
|
72
|
+
var promise;
|
|
73
|
+
var id = null;
|
|
74
|
+
if (returnType != null) {
|
|
75
|
+
var completer = PromiseWrapper.completer();
|
|
76
|
+
id = this._generateMessageId(args.method);
|
|
77
|
+
this._pending.set(id, completer);
|
|
78
|
+
PromiseWrapper.catchError(completer.promise, (err, stack) => {
|
|
79
|
+
print(err);
|
|
80
|
+
completer.reject(err, stack);
|
|
81
|
+
});
|
|
82
|
+
promise = PromiseWrapper.then(completer.promise, (value) => {
|
|
83
|
+
if (this._serializer == null) {
|
|
84
|
+
return value;
|
|
85
|
+
}
|
|
86
|
+
else {
|
|
87
|
+
return this._serializer.deserialize(value, returnType);
|
|
88
|
+
}
|
|
89
|
+
});
|
|
90
|
+
}
|
|
91
|
+
else {
|
|
92
|
+
promise = null;
|
|
93
|
+
}
|
|
94
|
+
// TODO(jteplitz602): Create a class for these messages so we don't keep using StringMap #3685
|
|
95
|
+
var message = { 'method': args.method, 'args': fnArgs };
|
|
96
|
+
if (id != null) {
|
|
97
|
+
message['id'] = id;
|
|
98
|
+
}
|
|
99
|
+
ObservableWrapper.callEmit(this._sink, message);
|
|
100
|
+
return promise;
|
|
101
|
+
}
|
|
102
|
+
_handleMessage(message) {
|
|
103
|
+
var data = new MessageData(message);
|
|
104
|
+
// TODO(jteplitz602): replace these strings with messaging constants #3685
|
|
105
|
+
if (StringWrapper.equals(data.type, 'result') || StringWrapper.equals(data.type, 'error')) {
|
|
106
|
+
var id = data.id;
|
|
107
|
+
if (this._pending.has(id)) {
|
|
108
|
+
if (StringWrapper.equals(data.type, 'result')) {
|
|
109
|
+
this._pending.get(id).resolve(data.value);
|
|
110
|
+
}
|
|
111
|
+
else {
|
|
112
|
+
this._pending.get(id).reject(data.value, null);
|
|
113
|
+
}
|
|
114
|
+
this._pending.delete(id);
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
class MessageData {
|
|
120
|
+
constructor(data) {
|
|
121
|
+
this.type = StringMapWrapper.get(data, 'type');
|
|
122
|
+
this.id = this._getValueIfPresent(data, 'id');
|
|
123
|
+
this.value = this._getValueIfPresent(data, 'value');
|
|
124
|
+
}
|
|
125
|
+
/**
|
|
126
|
+
* Returns the value from the StringMap if present. Otherwise returns null
|
|
127
|
+
* @internal
|
|
128
|
+
*/
|
|
129
|
+
_getValueIfPresent(data, key) {
|
|
130
|
+
if (StringMapWrapper.contains(data, key)) {
|
|
131
|
+
return StringMapWrapper.get(data, key);
|
|
132
|
+
}
|
|
133
|
+
else {
|
|
134
|
+
return null;
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
/**
|
|
139
|
+
* @experimental
|
|
140
|
+
*/
|
|
141
|
+
export class FnArg {
|
|
142
|
+
constructor(value /** TODO #9100 */, type) {
|
|
143
|
+
this.value = value;
|
|
144
|
+
this.type = type;
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
/**
|
|
148
|
+
* @experimental
|
|
149
|
+
*/
|
|
150
|
+
export class UiArguments {
|
|
151
|
+
constructor(method, args) {
|
|
152
|
+
this.method = method;
|
|
153
|
+
this.args = args;
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
//# sourceMappingURL=client_message_broker.js.map
|