cargdev/angular
1
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): add tests for style sanitisation.

Browse Source
This commit is contained in:
Martin Probst
2016-05-03 18:41:07 -07:00
parent 99c0d503d7
commit 7b6c4d5acc
2 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
modules/@angular/platform-browser/src/security/style_sanitizer.ts
View File

@ -37,7 +37,12 @@ function hasBalancedQuotes(value: string) {
return outsideSingle && outsideDouble;
}
/**
* Sanitizes the given untrusted CSS style property value (i.e. not an entire object, just a single
* value) and returns a value that is safe to use in a browser environment.
*/
export function sanitizeStyle(value: string): string {
if (String(value).match(SAFE_STYLE_VALUE) && hasBalancedQuotes(value)) return value;
value = String(value); // Make sure it's actually a string.
if (value.match(SAFE_STYLE_VALUE) && hasBalancedQuotes(value)) return value;
return 'unsafe';
}