Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: angular/angular.js
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: productsupcom/angular.js
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 10 commits
  • 8 files changed
  • 1 contributor

Commits on Jul 13, 2026

  1. Configuration menu
    Copy the full SHA
    52cd9fd View commit details
    Browse the repository at this point in the history
  2. Configuration menu
    Copy the full SHA
    0ea107e View commit details
    Browse the repository at this point in the history
  3. Configuration menu
    Copy the full SHA
    4ea4e81 View commit details
    Browse the repository at this point in the history
  4. Configuration menu
    Copy the full SHA
    793cd3d View commit details
    Browse the repository at this point in the history
  5. Configuration menu
    Copy the full SHA
    41f3483 View commit details
    Browse the repository at this point in the history
  6. Configuration menu
    Copy the full SHA
    3eeeb33 View commit details
    Browse the repository at this point in the history
  7. VM-471: fix srcset/image sanitization + ReDoS in compile.js

    - CVE-2024-8372: re-sanitize comma-smuggled srcset descriptor tail
    - CVE-2024-8373: sanitize source[srcset] (not only img[srcset]) on $set
    - CVE-2024-21490: bound srcPattern whitespace quantifiers (ReDoS)
    - CVE-2025-0716: treat SVG image[href/ngHref] as MEDIA_URL
    fahedaljghinePUP committed Jul 13, 2026
    Configuration menu
    Copy the full SHA
    665a3c5 View commit details
    Browse the repository at this point in the history
  8. Merge pull request #2 from productsupcom/pup-1.8.3-security

    VM-471: security patches for AngularJS 1.8.3 (self-maintained fork)
    fahedaljghinePUP authored Jul 13, 2026
    Configuration menu
    Copy the full SHA
    29475ef View commit details
    Browse the repository at this point in the history

Commits on Jul 14, 2026

  1. VM-471: fix CVE-2026-11998 SCE resource-URL matcher bypass

    adjustMatcher wrapped a matcher's source as ^src$, so a source with a
    top-level alternation (a|b) parsed as (^a)|(b$) and left inner branches
    only partially anchored -> a URL merely ending with an allowed branch
    bypassed the trusted-resource-URL list. Wrap the source in a non-capturing
    group: ^(?:src)$ so the anchors bind to the whole pattern.
    fahedaljghinePUP committed Jul 14, 2026
    Configuration menu
    Copy the full SHA
    55f3972 View commit details
    Browse the repository at this point in the history
  2. Merge pull request #3 from productsupcom/pup-1.8.3-security

    VM-471: fix CVE-2026-11998 (SCE resource-URL matcher bypass)
    fahedaljghinePUP authored Jul 14, 2026
    Configuration menu
    Copy the full SHA
    67386c7 View commit details
    Browse the repository at this point in the history
Loading