cargdev/angular
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(core): add missing ARIA attributes to html sanitizer (#29685)

Browse Source 
Allow ARIA attributes from the WAI-ARIA 1.1 spec which were stripped by the htmlSanitizer.

Closes #26815

PR Close #29685
This commit is contained in:
Martin Mädler
2019-04-03 16:08:45 +02:00
committed by Andrew Kushnir
parent 957f594d7c
commit 909557d5f8
3 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
packages/core/test/sanitization/html_sanitizer_spec.ts
View File

@ -52,6 +52,15 @@ import {_sanitizeHtml} from '../../src/sanitization/html_sanitizer';
.toEqual('<main><summary>Works</summary></main>');
});
it('supports ARIA attributes', () => {
expect(_sanitizeHtml(defaultDoc, '<h1 role="presentation" aria-haspopup="true">Test</h1>'))
.toEqual('<h1 role="presentation" aria-haspopup="true">Test</h1>');
expect(_sanitizeHtml(defaultDoc, '<i aria-label="Info">Info</i>'))
.toEqual('<i aria-label="Info">Info</i>');
expect(_sanitizeHtml(defaultDoc, '<img src="pteranodon.jpg" aria-details="details">'))
.toEqual('<img src="pteranodon.jpg" aria-details="details">');
});
it('sanitizes srcset attributes', () => {
expect(_sanitizeHtml(defaultDoc, '<img srcset="/foo.png 400px, javascript:evil() 23px">'))
.toEqual('<img srcset="/foo.png 400px, unsafe:javascript:evil() 23px">');