v19.2.23
📦 angularView on GitHub →
🐛 17 fixes🔧 1 symbols
Summary
This release focuses heavily on security and sanitization improvements across several modules, including compiler, core, and platform-server, alongside various bug fixes in HTTP and service-worker modules.
🐛 Bug Fixes
- Added upper bounds for digitsInfo in common.
- Sanitized placeholder in common.
- Normalized tag names with custom namespaces in DomElementSchemaRegistry in compiler.
- Sanitized dynamic href and xlink:href bindings on SVG a elements in compiler.
- Stripped namespaced SVG script elements during template compilation in compiler.
- Rejected script element as a dynamic component host in core.
- Sanitized meta selectors in core.
- Supported prefix-insensitive DOM schema lookups and compile-time i18n attribute validation in core.
- Synchronized core sanitization schema with compiler.
- Wrapped i18n dynamic element property updates in active index states in core.
- Excluded withCredentials requests from transfer cache in http.
- Skipped TransferCache for cookie-bearing requests by default in http.
- Normalized path parsing in ServerPlatformLocation.
- Secured location and document initialization against SSRF and path hijack in platform-server.
- Preserved redirect policy on reconstructed asset requests in service-worker.
- Preserved explicit 'credentials: omit' in asset requests in service-worker.
- Preserved HTTP cache mode in asset group requests in service-worker.