exploitatively-ceasing

Bug Fixes

• textarea: avoid interpolating when going back/forward on IE
  • This fixes a Medium Severity XSS vulnerability (CVE-2022-25869).
  • This fix was cherry-picked from the v1.9.x branch
• input: prevent browsers from autofilling hidden inputs
  • Autofilling with previous values (which will then be $interpolated) could lead to XSS or errors
  • This fix was cherry-picked from the v1.8.x branch

New Features

• Angular: implement angular.version.vendor
  • This now holds the value "XLTS.dev" for ease of determining if a supported version of AngularJS is running in a given app