fix(core): use appropriate inert document strategy for Firefox & Safari (#17019)

Both Firefox and Safari are vulnerable to XSS if we use an inert document created via `document.implementation.createHTMLDocument()`. Now we check for those vulnerabilities and then use a DOMParser or XHR strategy if needed. Further the platform-server has its own library for parsing HTML, so we sniff for that (by checking whether DOMParser exists) and fall back to the standard strategy. Thanks to @cure53 for the heads up on this issue. PR Close #17019
2017-08-31 22:05:18 +01:00
parent 3f5a3d6ea1
commit a751649c8d
4 changed files with 250 additions and 82 deletions
--- a/integration/_payload-limits.json
+++ b/integration/_payload-limits.json
@ -3,7 +3,7 @@
    "master": {
      "uncompressed": {
        "inline": 1447,
-        "main": 151639,
+        "main": 154185,
        "polyfills": 59179
      }
    }
@ -11,7 +11,7 @@
  "hello_world__closure": {
    "master": {
      "uncompressed": {
-        "bundle": 100661
+        "bundle": 101744
      }
    }
  },