cargdev/angular
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(platform-browser): Update types for TypeScript nullability support

Browse Source 
Closes #15898
This commit is contained in:
Miško Hevery
2017-03-24 09:59:41 -07:00
committed by Tobias Bosch
parent 01d93f3af8
commit 728c9d0632
52 changed files with 169 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
packages/platform-browser/src/security/dom_sanitization_service.ts
View File

@ -100,7 +100,9 @@ export abstract class DomSanitizer implements Sanitizer {
* by replacing URLs that have an unsafe protocol part (such as `javascript:`). The implementation
* is responsible to make sure that the value can definitely be safely used in the given context.
*/
abstract sanitize(context: SecurityContext, value: any): string;
abstract sanitize(context: SecurityContext, value: null): null;
abstract sanitize(context: SecurityContext, value: SafeValue|string): string;
abstract sanitize(context: SecurityContext, value: SafeValue|string|null): string|null;
/**
* Bypass security and trust the given value to be safe HTML. Only use this when the bound HTML
@ -152,7 +154,10 @@ export abstract class DomSanitizer implements Sanitizer {
export class DomSanitizerImpl extends DomSanitizer {
constructor(@Inject(DOCUMENT) private _doc: any) { super(); }
sanitize(ctx: SecurityContext, value: any): string {
sanitize(context: SecurityContext, value: null): null;
sanitize(context: SecurityContext, value: SafeValue|string): string;
sanitize(context: SecurityContext, value: SafeValue|string|null): string|null;
sanitize(ctx: SecurityContext, value: any): string|null {
if (value == null) return null;
switch (ctx) {
case SecurityContext.NONE:

14
packages/platform-browser/src/security/html_sanitizer.ts
View File

@ -13,9 +13,9 @@ import {DomAdapter, getDOM} from '../dom/dom_adapter';
import {sanitizeSrcset, sanitizeUrl} from './url_sanitizer';
/** A <body> element that can be safely used to parse untrusted HTML. Lazily initialized below. */
let inertElement: HTMLElement = null;
let inertElement: HTMLElement|null = null;
/** Lazily initialized to make sure the DOM adapter gets set before use. */
let DOM: DomAdapter = null;
let DOM: DomAdapter = null !;
/** Returns an HTML element that is guaranteed to not execute code when creating elements in it. */
function getInertElement() {
@ -126,18 +126,18 @@ class SanitizingHtmlSerializer {
// This cannot use a TreeWalker, as it has to run on Angular's various DOM adapters.
// However this code never accesses properties off of `document` before deleting its contents
// again, so it shouldn't be vulnerable to DOM clobbering.
let current: Node = el.firstChild;
let current: Node = el.firstChild !;
while (current) {
if (DOM.isElementNode(current)) {
this.startElement(current as Element);
} else if (DOM.isTextNode(current)) {
this.chars(DOM.nodeValue(current));
this.chars(DOM.nodeValue(current) !);
} else {
// Strip non-element, non-text nodes.
this.sanitizedSomething = true;
}
if (DOM.firstChild(current)) {
current = DOM.firstChild(current);
current = DOM.firstChild(current) !;
continue;
}
while (current) {
@ -146,14 +146,14 @@ class SanitizingHtmlSerializer {
this.endElement(current as Element);
}
let next = checkClobberedElement(current, DOM.nextSibling(current));
let next = checkClobberedElement(current, DOM.nextSibling(current) !);
if (next) {
current = next;
break;
}
current = checkClobberedElement(current, DOM.parentElement(current));
current = checkClobberedElement(current, DOM.parentElement(current) !);
}
}
return this.buf.join('');