cargdev/angular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,546 Commits 56 Branches 477 Tags
d18694a1c37f99c176617d38f03d654cfb6ad8e6
Commit Graph

5 Commits

Author SHA1 Message Date
Martin Probst
5e12a95789 test(security): test case for quoted URL values. 
Test case that fixes #8701. This is already supported with the latest sanitizer
changes, but it's good to have an explicit test case.
 2016-05-26 09:39:23 -07:00
Martin Probst
15ae710d22 feat(security): allow url(...) style values. 
Allows sanitized URLs for CSS properties. These can be abused for information
leakage, but only if the CSS rules are already set up to allow for it. That is,
an attacker cannot cause information leakage without controlling the style rules
present, or a very particular setup.

Fixes #8514.
 2016-05-17 11:23:31 +02:00
Martin Probst
8b1b427195 feat(security): support transform CSS functions for sanitization. 
Fixes part of #8514.
 2016-05-14 13:25:45 +02:00
Martin Probst
3e68b7eb1f feat(security): warn users when sanitizing in dev mode. 
This should help developers to figure out what's going on when the sanitizer
strips some input.

Fixes #8522.
 2016-05-09 16:46:31 +02:00
Martin Probst
7b6c4d5acc feat(security): add tests for style sanitisation. 2016-05-09 16:00:24 +02:00