cargdev/angular
1
0
Fork 0
Code Issues 18 Pull Requests Actions Packages Projects Releases Wiki Activity

docs(security): point users to docs when sanitization fails. (#9680)

Browse Source
This commit is contained in:
Martin Probst
2016-06-28 18:13:46 -07:00
committed by GitHub
parent e2116c53f3
commit 810c722413
4 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
modules/@angular/platform-browser/src/security/dom_sanitization_service.ts
View File

@ -175,15 +175,18 @@ export class DomSanitizationServiceImpl extends DomSanitizationService {
return value.changingThisBreaksApplicationSecurity;
}
this.checkNotSafeValue(value, 'ResourceURL');
throw new Error('unsafe value used in a resource URL context');
throw new Error(
'unsafe value used in a resource URL context (see http://g.co/ng/security#xss)');
default:
throw new Error(`Unexpected SecurityContext ${ctx}`);
throw new Error(`Unexpected SecurityContext ${ctx} (see http://g.co/ng/security#xss)`);
}
}
private checkNotSafeValue(value: any, expectedType: string) {
if (value instanceof SafeValueImpl) {
throw new Error(`Required a safe ${expectedType}, got a ${value.getTypeName()}`);
throw new Error(
`Required a safe ${expectedType}, got a ${value.getTypeName()} ` +
`(see http://g.co/ng/security#xss)`);
}
}
@ -204,7 +207,8 @@ abstract class SafeValueImpl implements SafeValue {
abstract getTypeName(): string;
toString() {
return `SafeValue must use [property]=binding: ${this.changingThisBreaksApplicationSecurity}`;
return `SafeValue must use [property]=binding: ${this.changingThisBreaksApplicationSecurity}` +
` (see http://g.co/ng/security#xss)`;
}
}