Exciting news! XLTS.dev is now part of the HeroDevs never-ending support initiative. Same great product. Same great service. Read the announcement for more information!

XLTS for AngularJS v1.5.14 Released

Michael Prentice
Dec 3, 2021

Mar 5, 2024


Bug Fixes

  • $sanitize:
    • do not trigger CSP alert/report in Firefox and Chrome
    • sanitize xml:base attributes
    • use appropriate inert document strategy for Firefox and Safari
    • prevent clobbered elements from freezing the browser
  • Angular: avoid catastrophic backtracking in XHTML_TAG_REGEXP
  • jqLite: define jqLite.htmlPrefilter inline
  • angular.merge: do not merge proto property


Updated: March 5, 2024

The first high-severity CVE since AngularJS End of Life has been officially reported. For AngularJS Never-Ending Support (formerly XLTS) clients, we found this CVE last year and issued a fix immediately. For all others, as Google’s official AngularJS long-term support partner, we encourage you to either:

  1. Migrate off of AngularJS, or
  2. Contact HeroDevs about how you can keep your AngularJS environment secure, compliant, and compatible indefinitely.
Michael Prentice
Dec 3, 2021

Mar 5, 2024