feat(security): warn users when sanitizing in dev mode.

This should help developers to figure out what's going on when the sanitizer strips some input. Fixes #8522.
2016-05-09 16:46:31 +02:00
parent 9fbafba993
commit 3e68b7eb1f
6 changed files with 52 additions and 3 deletions
--- a/modules/@angular/platform-browser/src/security/style_sanitizer.ts
+++ b/modules/@angular/platform-browser/src/security/style_sanitizer.ts
@ -1,3 +1,6 @@
+import {getDOM} from '../dom/dom_adapter';
+import {assertionsEnabled} from '../../src/facade/lang';
+
 /**
 * Regular expression for safe style values.
 *
@ -44,5 +47,10 @@ function hasBalancedQuotes(value: string) {
 export function sanitizeStyle(value: string): string {
  value = String(value);  // Make sure it's actually a string.
  if (value.match(SAFE_STYLE_VALUE) && hasBalancedQuotes(value)) return value;
+
+  if (assertionsEnabled()) {
+    getDOM().log('WARNING: sanitizing unsafe style value ' + value);
+  }
+
  return 'unsafe';
 }