cargdev/angular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): warn users when sanitizing in dev mode.

Browse Source 
This should help developers to figure out what's going on when the sanitizer
strips some input.

Fixes #8522.
This commit is contained in:
Martin Probst
2016-05-09 16:46:31 +02:00
parent 9fbafba993
commit 3e68b7eb1f
6 changed files with 52 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/@angular/platform-browser/test/security/html_sanitizer_spec.ts
View File

@ -39,7 +39,7 @@ export function main() {
t.it('ignores non-element, non-attribute nodes', () => {
t.expect(sanitizeHtml('<!-- comments? -->no.')).toEqual('no.');
t.expect(sanitizeHtml('<?pi nodes?>no.')).toEqual('no.');
t.expect(logMsgs.join('\n')).toMatch(/HTML contents were removed during sanitization/);
t.expect(logMsgs.join('\n')).toMatch(/sanitizing HTML stripped some content/);
});
t.it('escapes entities', () => {
t.expect(sanitizeHtml('<p>Hello &lt; World</p>')).toEqual('<p>Hello &lt; World</p>');