feat: security implementation in Angular 2.

Summary:
This adds basic security hooks to Angular 2.

* `SecurityContext` is a private API between core, compiler, and
  platform-browser. `SecurityContext` communicates what context a value is used
  in across template parser, compiler, and sanitization at runtime.
* `SanitizationService` is the bare bones interface to sanitize values for a
  particular context.
* `SchemaElementRegistry.securityContext(tagName, attributeOrPropertyName)`
  determines the security context for an attribute or property (it turns out
  attributes and properties match for the purposes of sanitization).

Based on these hooks:

* `DomSchemaElementRegistry` decides what sanitization applies in a particular
  context.
* `DomSanitizationService` implements `SanitizationService` and adds *Safe
  Value*s, i.e. the ability to mark a value as safe and not requiring further
  sanitization.
* `url_sanitizer` and `style_sanitizer` sanitize URLs and Styles, respectively
  (surprise!).

`DomSanitizationService` is the default implementation bound for browser
applications, in the three contexts (browser rendering, web worker rendering,
server side rendering).

BREAKING CHANGES:
*** SECURITY WARNING ***
Angular 2 Release Candidates do not implement proper contextual escaping yet.
Make sure to correctly escape all values that go into the DOM.
*** SECURITY WARNING ***

Reviewers: IgorMinar

Differential Revision: https://reviews.angular.io/D103

modules/@angular/compiler/src/schema/dom_element_schema_registry.ts

@@ -1,4 +1,5 @@
 import {Injectable} from '@angular/core';
+import {SecurityContext} from '../../core_private';
 import {isPresent} from '../facade/lang';
 import {StringMapWrapper} from '../facade/collection';
 import {ElementSchemaRegistry} from './element_schema_registry';
@@ -207,10 +208,11 @@ var attrToPropMap: {[name: string]: string} = <any>{
 
 
 @Injectable()
-export class DomElementSchemaRegistry implements ElementSchemaRegistry {
+export class DomElementSchemaRegistry extends ElementSchemaRegistry {
   schema = <{[element: string]: {[property: string]: string}}>{};
 
   constructor() {
+    super();
     SCHEMA.forEach(encodedType => {
       var parts = encodedType.split('|');
       var properties = parts[1].split(',');
@@ -254,6 +256,24 @@ export class DomElementSchemaRegistry implements ElementSchemaRegistry {
     }
   }
 
+  /**
+   * securityContext returns the security context for the given property on the given DOM tag.
+   *
+   * Tag and property name are statically known and cannot change at runtime, i.e. it is not
+   * possible to bind a value into a changing attribute or tag name.
+   *
+   * The filtering is white list based. All attributes in the schema above are assumed to have the
+   * 'NONE' security context, i.e. that they are safe inert string values. Only specific well known
+   * attack vectors are assigned their appropriate context.
+   */
+  securityContext(tagName: string, propName: string): SecurityContext {
+    // TODO(martinprobst): Fill in missing properties.
+    if (propName === 'style') return SecurityContext.STYLE;
+    if (tagName === 'a' && propName === 'href') return SecurityContext.URL;
+    if (propName === 'innerHTML') return SecurityContext.HTML;
+    return SecurityContext.NONE;
+  }
+
   getMappedPropName(propName: string): string {
     var mappedPropName = StringMapWrapper.get(attrToPropMap, propName);
     return isPresent(mappedPropName) ? mappedPropName : propName;

modules/@angular/compiler/src/schema/element_schema_registry.ts

@@ -1,4 +1,5 @@
-export class ElementSchemaRegistry {
-  hasProperty(tagName: string, propName: string): boolean { return true; }
-  getMappedPropName(propName: string): string { return propName; }
+export abstract class ElementSchemaRegistry {
+  abstract hasProperty(tagName: string, propName: string): boolean;
+  abstract securityContext(tagName: string, propName: string): any;
+  abstract getMappedPropName(propName: string): string;
 }