/**
* @license Angular v19.2.13
* (c) 2010-2025 Google LLC. https://angular.io/
* License: MIT
*/
export { BrowserModule, bootstrapApplication, createApplication, platformBrowser, provideProtractorTestingSupport, BrowserDomAdapter as ɵBrowserDomAdapter, BrowserGetTestability as ɵBrowserGetTestability, DomEventsPlugin as ɵDomEventsPlugin, KeyEventsPlugin as ɵKeyEventsPlugin } from './browser-D-u-fknz.mjs';
import { ɵgetDOM as _getDOM, DOCUMENT } from '@angular/common';
export { ɵgetDOM } from '@angular/common';
import * as i0 from '@angular/core';
import { Inject, Injectable, ɵglobal as _global, ApplicationRef, InjectionToken, Injector, Optional, ɵConsole as _Console, NgModule, ɵRuntimeError as _RuntimeError, ɵXSS_SECURITY_URL as _XSS_SECURITY_URL, SecurityContext, ɵallowSanitizationBypassAndThrow as _allowSanitizationBypassAndThrow, ɵunwrapSafeValue as _unwrapSafeValue, ɵ_sanitizeUrl as __sanitizeUrl, ɵ_sanitizeHtml as __sanitizeHtml, ɵbypassSanitizationTrustHtml as _bypassSanitizationTrustHtml, ɵbypassSanitizationTrustStyle as _bypassSanitizationTrustStyle, ɵbypassSanitizationTrustScript as _bypassSanitizationTrustScript, ɵbypassSanitizationTrustUrl as _bypassSanitizationTrustUrl, ɵbypassSanitizationTrustResourceUrl as _bypassSanitizationTrustResourceUrl, forwardRef, makeEnvironmentProviders, ɵwithDomHydration as _withDomHydration, ɵwithEventReplay as _withEventReplay, ɵwithI18nSupport as _withI18nSupport, ɵwithIncrementalHydration as _withIncrementalHydration, ENVIRONMENT_INITIALIZER, inject, NgZone, ɵZONELESS_ENABLED as _ZONELESS_ENABLED, ɵformatRuntimeError as _formatRuntimeError, Version } from '@angular/core';
import { EVENT_MANAGER_PLUGINS, EventManagerPlugin } from './dom_renderer-DGKzginR.mjs';
export { EventManager, REMOVE_STYLES_ON_COMPONENT_DESTROY, DomRendererFactory2 as ɵDomRendererFactory2, SharedStylesHost as ɵSharedStylesHost } from './dom_renderer-DGKzginR.mjs';
import { ɵwithHttpTransferCache as _withHttpTransferCache } from '@angular/common/http';
/**
* A service for managing HTML `` tags.
*
* Properties of the `MetaDefinition` object match the attributes of the
* HTML `` tag. These tags define document metadata that is important for
* things like configuring a Content Security Policy, defining browser compatibility
* and security settings, setting HTTP Headers, defining rich content for social sharing,
* and Search Engine Optimization (SEO).
*
* To identify specific `` tags in a document, use an attribute selection
* string in the format `"tag_attribute='value string'"`.
* For example, an `attrSelector` value of `"name='description'"` matches a tag
* whose `name` attribute has the value `"description"`.
* Selectors are used with the `querySelector()` Document method,
* in the format `meta[{attrSelector}]`.
*
* @see [HTML meta tag](https://developer.mozilla.org/docs/Web/HTML/Element/meta)
* @see [Document.querySelector()](https://developer.mozilla.org/docs/Web/API/Document/querySelector)
*
*
* @publicApi
*/
class Meta {
_doc;
_dom;
constructor(_doc) {
this._doc = _doc;
this._dom = _getDOM();
}
/**
* Retrieves or creates a specific `` tag element in the current HTML document.
* In searching for an existing tag, Angular attempts to match the `name` or `property` attribute
* values in the provided tag definition, and verifies that all other attribute values are equal.
* If an existing element is found, it is returned and is not modified in any way.
* @param tag The definition of a `` element to match or create.
* @param forceCreation True to create a new element without checking whether one already exists.
* @returns The existing element with the same attributes and values if found,
* the new element if no match is found, or `null` if the tag parameter is not defined.
*/
addTag(tag, forceCreation = false) {
if (!tag)
return null;
return this._getOrCreateElement(tag, forceCreation);
}
/**
* Retrieves or creates a set of `` tag elements in the current HTML document.
* In searching for an existing tag, Angular attempts to match the `name` or `property` attribute
* values in the provided tag definition, and verifies that all other attribute values are equal.
* @param tags An array of tag definitions to match or create.
* @param forceCreation True to create new elements without checking whether they already exist.
* @returns The matching elements if found, or the new elements.
*/
addTags(tags, forceCreation = false) {
if (!tags)
return [];
return tags.reduce((result, tag) => {
if (tag) {
result.push(this._getOrCreateElement(tag, forceCreation));
}
return result;
}, []);
}
/**
* Retrieves a `` tag element in the current HTML document.
* @param attrSelector The tag attribute and value to match against, in the format
* `"tag_attribute='value string'"`.
* @returns The matching element, if any.
*/
getTag(attrSelector) {
if (!attrSelector)
return null;
return this._doc.querySelector(`meta[${attrSelector}]`) || null;
}
/**
* Retrieves a set of `` tag elements in the current HTML document.
* @param attrSelector The tag attribute and value to match against, in the format
* `"tag_attribute='value string'"`.
* @returns The matching elements, if any.
*/
getTags(attrSelector) {
if (!attrSelector)
return [];
const list /*NodeList*/ = this._doc.querySelectorAll(`meta[${attrSelector}]`);
return list ? [].slice.call(list) : [];
}
/**
* Modifies an existing `` tag element in the current HTML document.
* @param tag The tag description with which to replace the existing tag content.
* @param selector A tag attribute and value to match against, to identify
* an existing tag. A string in the format `"tag_attribute=`value string`"`.
* If not supplied, matches a tag with the same `name` or `property` attribute value as the
* replacement tag.
* @return The modified element.
*/
updateTag(tag, selector) {
if (!tag)
return null;
selector = selector || this._parseSelector(tag);
const meta = this.getTag(selector);
if (meta) {
return this._setMetaElementAttributes(tag, meta);
}
return this._getOrCreateElement(tag, true);
}
/**
* Removes an existing `` tag element from the current HTML document.
* @param attrSelector A tag attribute and value to match against, to identify
* an existing tag. A string in the format `"tag_attribute=`value string`"`.
*/
removeTag(attrSelector) {
this.removeTagElement(this.getTag(attrSelector));
}
/**
* Removes an existing `` tag element from the current HTML document.
* @param meta The tag definition to match against to identify an existing tag.
*/
removeTagElement(meta) {
if (meta) {
this._dom.remove(meta);
}
}
_getOrCreateElement(meta, forceCreation = false) {
if (!forceCreation) {
const selector = this._parseSelector(meta);
// It's allowed to have multiple elements with the same name so it's not enough to
// just check that element with the same name already present on the page. We also need to
// check if element has tag attributes
const elem = this.getTags(selector).filter((elem) => this._containsAttributes(meta, elem))[0];
if (elem !== undefined)
return elem;
}
const element = this._dom.createElement('meta');
this._setMetaElementAttributes(meta, element);
const head = this._doc.getElementsByTagName('head')[0];
head.appendChild(element);
return element;
}
_setMetaElementAttributes(tag, el) {
Object.keys(tag).forEach((prop) => el.setAttribute(this._getMetaKeyMap(prop), tag[prop]));
return el;
}
_parseSelector(tag) {
const attr = tag.name ? 'name' : 'property';
return `${attr}="${tag[attr]}"`;
}
_containsAttributes(tag, elem) {
return Object.keys(tag).every((key) => elem.getAttribute(this._getMetaKeyMap(key)) === tag[key]);
}
_getMetaKeyMap(prop) {
return META_KEYS_MAP[prop] || prop;
}
static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: Meta, deps: [{ token: DOCUMENT }], target: i0.ɵɵFactoryTarget.Injectable });
static ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: Meta, providedIn: 'root' });
}
i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: Meta, decorators: [{
type: Injectable,
args: [{ providedIn: 'root' }]
}], ctorParameters: () => [{ type: undefined, decorators: [{
type: Inject,
args: [DOCUMENT]
}] }] });
/**
* Mapping for MetaDefinition properties with their correct meta attribute names
*/
const META_KEYS_MAP = {
httpEquiv: 'http-equiv',
};
/**
* A service that can be used to get and set the title of a current HTML document.
*
* Since an Angular application can't be bootstrapped on the entire HTML document (`` tag)
* it is not possible to bind to the `text` property of the `HTMLTitleElement` elements
* (representing the `` tag). Instead, this service can be used to set and get the current
* title value.
*
* @publicApi
*/
class Title {
_doc;
constructor(_doc) {
this._doc = _doc;
}
/**
* Get the title of the current HTML document.
*/
getTitle() {
return this._doc.title;
}
/**
* Set the title of the current HTML document.
* @param newTitle
*/
setTitle(newTitle) {
this._doc.title = newTitle || '';
}
static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: Title, deps: [{ token: DOCUMENT }], target: i0.ɵɵFactoryTarget.Injectable });
static ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: Title, providedIn: 'root' });
}
i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: Title, decorators: [{
type: Injectable,
args: [{ providedIn: 'root' }]
}], ctorParameters: () => [{ type: undefined, decorators: [{
type: Inject,
args: [DOCUMENT]
}] }] });
/// <reference path="../../../goog.d.ts" />
/**
* Exports the value under a given `name` in the global property `ng`. For example `ng.probe` if
* `name` is `'probe'`.
* @param name Name under which it will be exported. Keep in mind this will be a property of the
* global `ng` object.
* @param value The value to export.
*/
function exportNgVar(name, value) {
if (typeof COMPILED === 'undefined' || !COMPILED) {
// Note: we can't export `ng` when using closure enhanced optimization as:
// - closure declares globals itself for minified names, which sometimes clobber our `ng` global
// - we can't declare a closure extern as the namespace `ng` is already used within Google
// for typings for angularJS (via `goog.provide('ng....')`).
const ng = (_global['ng'] = _global['ng'] || {});
ng[name] = value;
}
}
class ChangeDetectionPerfRecord {
msPerTick;
numTicks;
constructor(msPerTick, numTicks) {
this.msPerTick = msPerTick;
this.numTicks = numTicks;
}
}
/**
* Entry point for all Angular profiling-related debug tools. This object
* corresponds to the `ng.profiler` in the dev console.
*/
class AngularProfiler {
appRef;
constructor(ref) {
this.appRef = ref.injector.get(ApplicationRef);
}
// tslint:disable:no-console
/**
* Exercises change detection in a loop and then prints the average amount of
* time in milliseconds how long a single round of change detection takes for
* the current state of the UI. It runs a minimum of 5 rounds for a minimum
* of 500 milliseconds.
*
* Optionally, a user may pass a `config` parameter containing a map of
* options. Supported options are:
*
* `record` (boolean) - causes the profiler to record a CPU profile while
* it exercises the change detector. Example:
*
* ```ts
* ng.profiler.timeChangeDetection({record: true})
* ```
*/
timeChangeDetection(config) {
const record = config && config['record'];
const profileName = 'Change Detection';
// Profiler is not available in Android browsers without dev tools opened
if (record && 'profile' in console && typeof console.profile === 'function') {
console.profile(profileName);
}
const start = performance.now();
let numTicks = 0;
while (numTicks < 5 || performance.now() - start < 500) {
this.appRef.tick();
numTicks++;
}
const end = performance.now();
if (record && 'profileEnd' in console && typeof console.profileEnd === 'function') {
console.profileEnd(profileName);
}
const msPerTick = (end - start) / numTicks;
console.log(`ran ${numTicks} change detection cycles`);
console.log(`${msPerTick.toFixed(2)} ms per check`);
return new ChangeDetectionPerfRecord(msPerTick, numTicks);
}
}
const PROFILER_GLOBAL_NAME = 'profiler';
/**
* Enabled Angular debug tools that are accessible via your browser's
* developer console.
*
* Usage:
*
* 1. Open developer console (e.g. in Chrome Ctrl + Shift + j)
* 1. Type `ng.` (usually the console will show auto-complete suggestion)
* 1. Try the change detection profiler `ng.profiler.timeChangeDetection()`
* then hit Enter.
*
* @publicApi
*/
function enableDebugTools(ref) {
exportNgVar(PROFILER_GLOBAL_NAME, new AngularProfiler(ref));
return ref;
}
/**
* Disables Angular tools.
*
* @publicApi
*/
function disableDebugTools() {
exportNgVar(PROFILER_GLOBAL_NAME, null);
}
/**
* Predicates for use with {@link DebugElement}'s query functions.
*
* @publicApi
*/
class By {
/**
* Match all nodes.
*
* @usageNotes
* ### Example
*
* {@example platform-browser/dom/debug/ts/by/by.ts region='by_all'}
*/
static all() {
return () => true;
}
/**
* Match elements by the given CSS selector.
*
* @usageNotes
* ### Example
*
* {@example platform-browser/dom/debug/ts/by/by.ts region='by_css'}
*/
static css(selector) {
return (debugElement) => {
return debugElement.nativeElement != null
? elementMatches(debugElement.nativeElement, selector)
: false;
};
}
/**
* Match nodes that have the given directive present.
*
* @usageNotes
* ### Example
*
* {@example platform-browser/dom/debug/ts/by/by.ts region='by_directive'}
*/
static directive(type) {
return (debugNode) => debugNode.providerTokens.indexOf(type) !== -1;
}
}
function elementMatches(n, selector) {
if (_getDOM().isElementNode(n)) {
return ((n.matches && n.matches(selector)) ||
(n.msMatchesSelector && n.msMatchesSelector(selector)) ||
(n.webkitMatchesSelector && n.webkitMatchesSelector(selector)));
}
return false;
}
/// <reference types="hammerjs" />
/**
* Supported HammerJS recognizer event names.
*/
const EVENT_NAMES = {
// pan
'pan': true,
'panstart': true,
'panmove': true,
'panend': true,
'pancancel': true,
'panleft': true,
'panright': true,
'panup': true,
'pandown': true,
// pinch
'pinch': true,
'pinchstart': true,
'pinchmove': true,
'pinchend': true,
'pinchcancel': true,
'pinchin': true,
'pinchout': true,
// press
'press': true,
'pressup': true,
// rotate
'rotate': true,
'rotatestart': true,
'rotatemove': true,
'rotateend': true,
'rotatecancel': true,
// swipe
'swipe': true,
'swipeleft': true,
'swiperight': true,
'swipeup': true,
'swipedown': true,
// tap
'tap': true,
'doubletap': true,
};
/**
* DI token for providing [HammerJS](https://hammerjs.github.io/) support to Angular.
* @see {@link HammerGestureConfig}
*
* @ngModule HammerModule
* @publicApi
*/
const HAMMER_GESTURE_CONFIG = new InjectionToken(typeof ngDevMode === 'undefined' || ngDevMode ? 'HammerGestureConfig' : '');
/**
* Injection token used to provide a HammerLoader to Angular.
*
* @see {@link HammerLoader}
*
* @publicApi
*/
const HAMMER_LOADER = new InjectionToken(typeof ngDevMode === 'undefined' || ngDevMode ? 'HammerLoader' : '');
/**
* An injectable [HammerJS Manager](https://hammerjs.github.io/api/#hammermanager)
* for gesture recognition. Configures specific event recognition.
* @publicApi
*/
class HammerGestureConfig {
/**
* A set of supported event names for gestures to be used in Angular.
* Angular supports all built-in recognizers, as listed in
* [HammerJS documentation](https://hammerjs.github.io/).
*/
events = [];
/**
* Maps gesture event names to a set of configuration options
* that specify overrides to the default values for specific properties.
*
* The key is a supported event name to be configured,
* and the options object contains a set of properties, with override values
* to be applied to the named recognizer event.
* For example, to disable recognition of the rotate event, specify
* `{"rotate": {"enable": false}}`.
*
* Properties that are not present take the HammerJS default values.
* For information about which properties are supported for which events,
* and their allowed and default values, see
* [HammerJS documentation](https://hammerjs.github.io/).
*
*/
overrides = {};
/**
* Properties whose default values can be overridden for a given event.
* Different sets of properties apply to different events.
* For information about which properties are supported for which events,
* and their allowed and default values, see
* [HammerJS documentation](https://hammerjs.github.io/).
*/
options;
/**
* Creates a [HammerJS Manager](https://hammerjs.github.io/api/#hammermanager)
* and attaches it to a given HTML element.
* @param element The element that will recognize gestures.
* @returns A HammerJS event-manager object.
*/
buildHammer(element) {
const mc = new Hammer(element, this.options);
mc.get('pinch').set({ enable: true });
mc.get('rotate').set({ enable: true });
for (const eventName in this.overrides) {
mc.get(eventName).set(this.overrides[eventName]);
}
return mc;
}
static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: HammerGestureConfig, deps: [], target: i0.ɵɵFactoryTarget.Injectable });
static ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: HammerGestureConfig });
}
i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: HammerGestureConfig, decorators: [{
type: Injectable
}] });
/**
* Event plugin that adds Hammer support to an application.
*
* @ngModule HammerModule
*/
class HammerGesturesPlugin extends EventManagerPlugin {
_config;
_injector;
loader;
_loaderPromise = null;
constructor(doc, _config, _injector, loader) {
super(doc);
this._config = _config;
this._injector = _injector;
this.loader = loader;
}
supports(eventName) {
if (!EVENT_NAMES.hasOwnProperty(eventName.toLowerCase()) && !this.isCustomEvent(eventName)) {
return false;
}
if (!window.Hammer && !this.loader) {
if (typeof ngDevMode === 'undefined' || ngDevMode) {
// Get a `Console` through an injector to tree-shake the
// class when it is unused in production.
const _console = this._injector.get(_Console);
_console.warn(`The "${eventName}" event cannot be bound because Hammer.JS is not ` +
`loaded and no custom loader has been specified.`);
}
return false;
}
return true;
}
addEventListener(element, eventName, handler) {
const zone = this.manager.getZone();
eventName = eventName.toLowerCase();
// If Hammer is not present but a loader is specified, we defer adding the event listener
// until Hammer is loaded.
if (!window.Hammer && this.loader) {
this._loaderPromise = this._loaderPromise || zone.runOutsideAngular(() => this.loader());
// This `addEventListener` method returns a function to remove the added listener.
// Until Hammer is loaded, the returned function needs to *cancel* the registration rather
// than remove anything.
let cancelRegistration = false;
let deregister = () => {
cancelRegistration = true;
};
zone.runOutsideAngular(() => this._loaderPromise.then(() => {
// If Hammer isn't actually loaded when the custom loader resolves, give up.
if (!window.Hammer) {
if (typeof ngDevMode === 'undefined' || ngDevMode) {
const _console = this._injector.get(_Console);
_console.warn(`The custom HAMMER_LOADER completed, but Hammer.JS is not present.`);
}
deregister = () => { };
return;
}
if (!cancelRegistration) {
// Now that Hammer is loaded and the listener is being loaded for real,
// the deregistration function changes from canceling registration to
// removal.
deregister = this.addEventListener(element, eventName, handler);
}
}).catch(() => {
if (typeof ngDevMode === 'undefined' || ngDevMode) {
const _console = this._injector.get(_Console);
_console.warn(`The "${eventName}" event cannot be bound because the custom ` +
`Hammer.JS loader failed.`);
}
deregister = () => { };
}));
// Return a function that *executes* `deregister` (and not `deregister` itself) so that we
// can change the behavior of `deregister` once the listener is added. Using a closure in
// this way allows us to avoid any additional data structures to track listener removal.
return () => {
deregister();
};
}
return zone.runOutsideAngular(() => {
// Creating the manager bind events, must be done outside of angular
const mc = this._config.buildHammer(element);
const callback = function (eventObj) {
zone.runGuarded(function () {
handler(eventObj);
});
};
mc.on(eventName, callback);
return () => {
mc.off(eventName, callback);
// destroy mc to prevent memory leak
if (typeof mc.destroy === 'function') {
mc.destroy();
}
};
});
}
isCustomEvent(eventName) {
return this._config.events.indexOf(eventName) > -1;
}
static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: HammerGesturesPlugin, deps: [{ token: DOCUMENT }, { token: HAMMER_GESTURE_CONFIG }, { token: i0.Injector }, { token: HAMMER_LOADER, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
static ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: HammerGesturesPlugin });
}
i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: HammerGesturesPlugin, decorators: [{
type: Injectable
}], ctorParameters: () => [{ type: undefined, decorators: [{
type: Inject,
args: [DOCUMENT]
}] }, { type: HammerGestureConfig, decorators: [{
type: Inject,
args: [HAMMER_GESTURE_CONFIG]
}] }, { type: i0.Injector }, { type: undefined, decorators: [{
type: Optional
}, {
type: Inject,
args: [HAMMER_LOADER]
}] }] });
/**
* Adds support for HammerJS.
*
* Import this module at the root of your application so that Angular can work with
* HammerJS to detect gesture events.
*
* Note that applications still need to include the HammerJS script itself. This module
* simply sets up the coordination layer between HammerJS and Angular's `EventManager`.
*
* @publicApi
*/
class HammerModule {
static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: HammerModule, deps: [], target: i0.ɵɵFactoryTarget.NgModule });
static ɵmod = i0.ɵɵngDeclareNgModule({ minVersion: "14.0.0", version: "19.2.13", ngImport: i0, type: HammerModule });
static ɵinj = i0.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: HammerModule, providers: [
{
provide: EVENT_MANAGER_PLUGINS,
useClass: HammerGesturesPlugin,
multi: true,
deps: [DOCUMENT, HAMMER_GESTURE_CONFIG, Injector, [new Optional(), HAMMER_LOADER]],
},
{ provide: HAMMER_GESTURE_CONFIG, useClass: HammerGestureConfig },
] });
}
i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: HammerModule, decorators: [{
type: NgModule,
args: [{
providers: [
{
provide: EVENT_MANAGER_PLUGINS,
useClass: HammerGesturesPlugin,
multi: true,
deps: [DOCUMENT, HAMMER_GESTURE_CONFIG, Injector, [new Optional(), HAMMER_LOADER]],
},
{ provide: HAMMER_GESTURE_CONFIG, useClass: HammerGestureConfig },
],
}]
}] });
/**
* DomSanitizer helps preventing Cross Site Scripting Security bugs (XSS) by sanitizing
* values to be safe to use in the different DOM contexts.
*
* For example, when binding a URL in an `<a [href]="someValue">` hyperlink, `someValue` will be
* sanitized so that an attacker cannot inject e.g. a `javascript:` URL that would execute code on
* the website.
*
* In specific situations, it might be necessary to disable sanitization, for example if the
* application genuinely needs to produce a `javascript:` style link with a dynamic value in it.
* Users can bypass security by constructing a value with one of the `bypassSecurityTrust...`
* methods, and then binding to that value from the template.
*
* These situations should be very rare, and extraordinary care must be taken to avoid creating a
* Cross Site Scripting (XSS) security bug!
*
* When using `bypassSecurityTrust...`, make sure to call the method as early as possible and as
* close as possible to the source of the value, to make it easy to verify no security bug is
* created by its use.
*
* It is not required (and not recommended) to bypass security if the value is safe, e.g. a URL that
* does not start with a suspicious protocol, or an HTML snippet that does not contain dangerous
* code. The sanitizer leaves safe values intact.
*
* @security Calling any of the `bypassSecurityTrust...` APIs disables Angular's built-in
* sanitization for the value passed in. Carefully check and audit all values and code paths going
* into this call. Make sure any user data is appropriately escaped for this security context.
* For more detail, see the [Security Guide](https://g.co/ng/security).
*
* @publicApi
*/
class DomSanitizer {
static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: DomSanitizer, deps: [], target: i0.ɵɵFactoryTarget.Injectable });
static ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: DomSanitizer, providedIn: 'root', useExisting: i0.forwardRef(() => DomSanitizerImpl) });
}
i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: DomSanitizer, decorators: [{
type: Injectable,
args: [{ providedIn: 'root', useExisting: forwardRef(() => DomSanitizerImpl) }]
}] });
class DomSanitizerImpl extends DomSanitizer {
_doc;
constructor(_doc) {
super();
this._doc = _doc;
}
sanitize(ctx, value) {
if (value == null)
return null;
switch (ctx) {
case SecurityContext.NONE:
return value;
case SecurityContext.HTML:
if (_allowSanitizationBypassAndThrow(value, "HTML" /* BypassType.Html */)) {
return _unwrapSafeValue(value);
}
return __sanitizeHtml(this._doc, String(value)).toString();
case SecurityContext.STYLE:
if (_allowSanitizationBypassAndThrow(value, "Style" /* BypassType.Style */)) {
return _unwrapSafeValue(value);
}
return value;
case SecurityContext.SCRIPT:
if (_allowSanitizationBypassAndThrow(value, "Script" /* BypassType.Script */)) {
return _unwrapSafeValue(value);
}
throw new _RuntimeError(5200 /* RuntimeErrorCode.SANITIZATION_UNSAFE_SCRIPT */, (typeof ngDevMode === 'undefined' || ngDevMode) &&
'unsafe value used in a script context');
case SecurityContext.URL:
if (_allowSanitizationBypassAndThrow(value, "URL" /* BypassType.Url */)) {
return _unwrapSafeValue(value);
}
return __sanitizeUrl(String(value));
case SecurityContext.RESOURCE_URL:
if (_allowSanitizationBypassAndThrow(value, "ResourceURL" /* BypassType.ResourceUrl */)) {
return _unwrapSafeValue(value);
}
throw new _RuntimeError(5201 /* RuntimeErrorCode.SANITIZATION_UNSAFE_RESOURCE_URL */, (typeof ngDevMode === 'undefined' || ngDevMode) &&
`unsafe value used in a resource URL context (see ${_XSS_SECURITY_URL})`);
default:
throw new _RuntimeError(5202 /* RuntimeErrorCode.SANITIZATION_UNEXPECTED_CTX */, (typeof ngDevMode === 'undefined' || ngDevMode) &&
`Unexpected SecurityContext ${ctx} (see ${_XSS_SECURITY_URL})`);
}
}
bypassSecurityTrustHtml(value) {
return _bypassSanitizationTrustHtml(value);
}
bypassSecurityTrustStyle(value) {
return _bypassSanitizationTrustStyle(value);
}
bypassSecurityTrustScript(value) {
return _bypassSanitizationTrustScript(value);
}
bypassSecurityTrustUrl(value) {
return _bypassSanitizationTrustUrl(value);
}
bypassSecurityTrustResourceUrl(value) {
return _bypassSanitizationTrustResourceUrl(value);
}
static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: DomSanitizerImpl, deps: [{ token: DOCUMENT }], target: i0.ɵɵFactoryTarget.Injectable });
static ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: DomSanitizerImpl, providedIn: 'root' });
}
i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.13", ngImport: i0, type: DomSanitizerImpl, decorators: [{
type: Injectable,
args: [{ providedIn: 'root' }]
}], ctorParameters: () => [{ type: undefined, decorators: [{
type: Inject,
args: [DOCUMENT]
}] }] });
/**
* The list of features as an enum to uniquely type each `HydrationFeature`.
* @see {@link HydrationFeature}
*
* @publicApi
*/
var HydrationFeatureKind;
(function (HydrationFeatureKind) {
HydrationFeatureKind[HydrationFeatureKind["NoHttpTransferCache"] = 0] = "NoHttpTransferCache";
HydrationFeatureKind[HydrationFeatureKind["HttpTransferCacheOptions"] = 1] = "HttpTransferCacheOptions";
HydrationFeatureKind[HydrationFeatureKind["I18nSupport"] = 2] = "I18nSupport";
HydrationFeatureKind[HydrationFeatureKind["EventReplay"] = 3] = "EventReplay";
HydrationFeatureKind[HydrationFeatureKind["IncrementalHydration"] = 4] = "IncrementalHydration";
})(HydrationFeatureKind || (HydrationFeatureKind = {}));
/**
* Helper function to create an object that represents a Hydration feature.
*/
function hydrationFeature(ɵkind, ɵproviders = [], ɵoptions = {}) {
return { ɵkind, ɵproviders };
}
/**
* Disables HTTP transfer cache. Effectively causes HTTP requests to be performed twice: once on the
* server and other one on the browser.
*
* @publicApi
*/
function withNoHttpTransferCache() {
// This feature has no providers and acts as a flag that turns off
// HTTP transfer cache (which otherwise is turned on by default).
return hydrationFeature(HydrationFeatureKind.NoHttpTransferCache);
}
/**
* The function accepts an object, which allows to configure cache parameters,
* such as which headers should be included (no headers are included by default),
* whether POST requests should be cached or a callback function to determine if a
* particular request should be cached.
*
* @publicApi
*/
function withHttpTransferCacheOptions(options) {
// This feature has no providers and acts as a flag to pass options to the HTTP transfer cache.
return hydrationFeature(HydrationFeatureKind.HttpTransferCacheOptions, _withHttpTransferCache(options));
}
/**
* Enables support for hydrating i18n blocks.
*
* @developerPreview
* @publicApi
*/
function withI18nSupport() {
return hydrationFeature(HydrationFeatureKind.I18nSupport, _withI18nSupport());
}
/**
* Enables support for replaying user events (e.g. `click`s) that happened on a page
* before hydration logic has completed. Once an application is hydrated, all captured
* events are replayed and relevant event listeners are executed.
*
* @usageNotes
*
* Basic example of how you can enable event replay in your application when
* `bootstrapApplication` function is used:
* ```ts
* bootstrapApplication(AppComponent, {
* providers: [provideClientHydration(withEventReplay())]
* });
* ```
* @publicApi
* @see {@link provideClientHydration}
*/
function withEventReplay() {
return hydrationFeature(HydrationFeatureKind.EventReplay, _withEventReplay());
}
/**
* Enables support for incremental hydration using the `hydrate` trigger syntax.
*
* @usageNotes
*
* Basic example of how you can enable incremental hydration in your application when
* the `bootstrapApplication` function is used:
* ```ts
* bootstrapApplication(AppComponent, {
* providers: [provideClientHydration(withIncrementalHydration())]
* });
* ```
* @experimental
* @publicApi
* @see {@link provideClientHydration}
*/
function withIncrementalHydration() {
return hydrationFeature(HydrationFeatureKind.IncrementalHydration, _withIncrementalHydration());
}
/**
* Returns an `ENVIRONMENT_INITIALIZER` token setup with a function
* that verifies whether compatible ZoneJS was used in an application
* and logs a warning in a console if it's not the case.
*/
function provideZoneJsCompatibilityDetector() {
return [
{
provide: ENVIRONMENT_INITIALIZER,
useValue: () => {
const ngZone = inject(NgZone);
const isZoneless = inject(_ZONELESS_ENABLED);
// Checking `ngZone instanceof NgZone` would be insufficient here,
// because custom implementations might use NgZone as a base class.
if (!isZoneless && ngZone.constructor !== NgZone) {
const console = inject(_Console);
const message = _formatRuntimeError(-5e3 /* RuntimeErrorCode.UNSUPPORTED_ZONEJS_INSTANCE */, 'Angular detected that hydration was enabled for an application ' +
'that uses a custom or a noop Zone.js implementation. ' +
'This is not yet a fully supported configuration.');
console.warn(message);
}
},
multi: true,
},
];
}
/**
* Sets up providers necessary to enable hydration functionality for the application.
*
* By default, the function enables the recommended set of features for the optimal
* performance for most of the applications. It includes the following features:
*
* * Reconciling DOM hydration. Learn more about it [here](guide/hydration).
* * [`HttpClient`](api/common/http/HttpClient) response caching while running on the server and
* transferring this cache to the client to avoid extra HTTP requests. Learn more about data caching
* [here](guide/ssr#caching-data-when-using-httpclient).
*
* These functions allow you to disable some of the default features or enable new ones:
*
* * {@link withNoHttpTransferCache} to disable HTTP transfer cache
* * {@link withHttpTransferCacheOptions} to configure some HTTP transfer cache options
* * {@link withI18nSupport} to enable hydration support for i18n blocks
* * {@link withEventReplay} to enable support for replaying user events
*
* @usageNotes
*
* Basic example of how you can enable hydration in your application when
* `bootstrapApplication` function is used:
* ```ts
* bootstrapApplication(AppComponent, {
* providers: [provideClientHydration()]
* });
* ```
*
* Alternatively if you are using NgModules, you would add `provideClientHydration`
* to your root app module's provider list.
* ```ts
* @NgModule({
* declarations: [RootCmp],
* bootstrap: [RootCmp],
* providers: [provideClientHydration()],
* })
* export class AppModule {}
* ```
*
* @see {@link withNoHttpTransferCache}
* @see {@link withHttpTransferCacheOptions}
* @see {@link withI18nSupport}
* @see {@link withEventReplay}
*
* @param features Optional features to configure additional hydration behaviors.
* @returns A set of providers to enable hydration.
*
* @publicApi
*/
function provideClientHydration(...features) {
const providers = [];
const featuresKind = new Set();
for (const { ɵproviders, ɵkind } of features) {
featuresKind.add(ɵkind);
if (ɵproviders.length) {
providers.push(ɵproviders);
}
}
const hasHttpTransferCacheOptions = featuresKind.has(HydrationFeatureKind.HttpTransferCacheOptions);
if (typeof ngDevMode !== 'undefined' &&
ngDevMode &&
featuresKind.has(HydrationFeatureKind.NoHttpTransferCache) &&
hasHttpTransferCacheOptions) {
// TODO: Make this a runtime error
throw new Error('Configuration error: found both withHttpTransferCacheOptions() and withNoHttpTransferCache() in the same call to provideClientHydration(), which is a contradiction.');
}
return makeEnvironmentProviders([
typeof ngDevMode !== 'undefined' && ngDevMode ? provideZoneJsCompatibilityDetector() : [],
_withDomHydration(),
featuresKind.has(HydrationFeatureKind.NoHttpTransferCache) || hasHttpTransferCacheOptions
? []
: _withHttpTransferCache({}),
providers,
]);
}
/**
* @module
* @description
* Entry point for all public APIs of the platform-browser package.
*/
/**
* @publicApi
*/
const VERSION = new Version('19.2.13');
export { By, DomSanitizer, EVENT_MANAGER_PLUGINS, EventManagerPlugin, HAMMER_GESTURE_CONFIG, HAMMER_LOADER, HammerGestureConfig, HammerModule, HydrationFeatureKind, Meta, Title, VERSION, disableDebugTools, enableDebugTools, provideClientHydration, withEventReplay, withHttpTransferCacheOptions, withI18nSupport, withIncrementalHydration, withNoHttpTransferCache, DomSanitizerImpl as ɵDomSanitizerImpl, HammerGesturesPlugin as ɵHammerGesturesPlugin };
//# sourceMappingURL=platform-browser.mjs.map