cargdev/angular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): allow empty CSS values. (#9675)

Browse Source
This commit is contained in:
Martin Probst
2016-06-28 11:45:02 -07:00
committed by GitHub
parent 5ee84fe0f6
commit 2d9d7f1310
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/@angular/platform-browser/src/security/style_sanitizer.ts
View File

@ -82,6 +82,7 @@ function hasBalancedQuotes(value: string) {
*/
export function sanitizeStyle(value: string): string {
value = String(value).trim(); // Make sure it's actually a string.
if (!value) return '';
// Single url(...) values are supported, but only for URLs that sanitize cleanly. See above for
// reasoning behind this.