-
Notifications
You must be signed in to change notification settings - Fork 27.1k
Comparing changes
Open a pull request
base repository: angular/angular.js
base: master
head repository: productsupcom/angular.js
compare: master
- 10 commits
- 8 files changed
- 1 contributor
Commits on Jul 13, 2026
-
Configuration menu - View commit details
-
Copy full SHA for 52cd9fd - Browse repository at this point
Copy the full SHA 52cd9fdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0ea107e - Browse repository at this point
Copy the full SHA 0ea107eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4ea4e81 - Browse repository at this point
Copy the full SHA 4ea4e81View commit details -
Configuration menu - View commit details
-
Copy full SHA for 793cd3d - Browse repository at this point
Copy the full SHA 793cd3dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 41f3483 - Browse repository at this point
Copy the full SHA 41f3483View commit details -
VM-471: fix CVE-2025-2336 img-src sanitization bypass for SVG <image>…
… in $sanitize
Configuration menu - View commit details
-
Copy full SHA for 3eeeb33 - Browse repository at this point
Copy the full SHA 3eeeb33View commit details -
VM-471: fix srcset/image sanitization + ReDoS in compile.js
- CVE-2024-8372: re-sanitize comma-smuggled srcset descriptor tail - CVE-2024-8373: sanitize source[srcset] (not only img[srcset]) on $set - CVE-2024-21490: bound srcPattern whitespace quantifiers (ReDoS) - CVE-2025-0716: treat SVG image[href/ngHref] as MEDIA_URL
Configuration menu - View commit details
-
Copy full SHA for 665a3c5 - Browse repository at this point
Copy the full SHA 665a3c5View commit details -
Merge pull request #2 from productsupcom/pup-1.8.3-security
VM-471: security patches for AngularJS 1.8.3 (self-maintained fork)
Configuration menu - View commit details
-
Copy full SHA for 29475ef - Browse repository at this point
Copy the full SHA 29475efView commit details
Commits on Jul 14, 2026
-
VM-471: fix CVE-2026-11998 SCE resource-URL matcher bypass
adjustMatcher wrapped a matcher's source as ^src$, so a source with a top-level alternation (a|b) parsed as (^a)|(b$) and left inner branches only partially anchored -> a URL merely ending with an allowed branch bypassed the trusted-resource-URL list. Wrap the source in a non-capturing group: ^(?:src)$ so the anchors bind to the whole pattern.
Configuration menu - View commit details
-
Copy full SHA for 55f3972 - Browse repository at this point
Copy the full SHA 55f3972View commit details -
Merge pull request #3 from productsupcom/pup-1.8.3-security
VM-471: fix CVE-2026-11998 (SCE resource-URL matcher bypass)
Configuration menu - View commit details
-
Copy full SHA for 67386c7 - Browse repository at this point
Copy the full SHA 67386c7View commit details
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff master...master