cargdev/angular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(platform-server): don't reflect innerHTML property to attibute (#24213)

Browse Source 
Fixes #19278.

innerHTML is conservatively marked as an attribute for security purpose so that it's sanitized when set. However this same mapping is used by the server renderer to decide whether the `innerHTML` property needs to be reflected to the `innerhtml` attribute. The fix is to just skip the property to attribute reflection for `innerHTML`.

PR Close #24213
This commit is contained in:
Vikram Subramanian
2018-05-30 21:34:09 -07:00
committed by Victor Berchet
parent 43e3073687
commit c17098dae6
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/platform-server/test/integration_spec.ts
View File

@ -587,7 +587,7 @@ class EscapedTransferStoreModule {
renderModule(HTMLTypesModule, {document: doc}).then(output => {
expect(output).toBe(
'<html><head></head><body><app ng-version="0.0.0-PLACEHOLDER">' +
'<div innerhtml="<b>foo</b> bar"><b>foo</b> bar</div></app></body></html>');
'<div><b>foo</b> bar</div></app></body></html>');
called = true;
});
}));