cargdev/angular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
angular/packages/core/src/util
History
Bjarki 49197d12a0 feat(core): create a Trusted Types policy for bypass conversions (#39218) 
When an application uses a custom sanitizer or one of the
bypassSecurityTrust functions, Angular has no way of knowing whether
they are implemented in a secure way. (It doesn't even know if they're
introduced by the application or by a shady third-party dependency.)
Thus using Angular's main Trusted Types policy to bless values coming
from these two sources would undermine the security that Trusted Types
brings.

Instead, introduce a Trusted Types policy called angular#unsafe-bypass
specifically for blessing values from these sources. This allows an
application to enforce Trusted Types even if their application uses a
custom sanitizer or the bypassSecurityTrust functions, knowing that
compromises to either of these two sources may lead to arbitrary script
execution. In the future Angular will provide a way to implement
custom sanitizers in a manner that makes better use of Trusted Types.

PR Close #39218
2020-10-16 08:13:52 -07:00
..
security
feat(core): create a Trusted Types policy for bypass conversions (#39218)
2020-10-16 08:13:52 -07:00
array_utils.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
assert.ts
fix(core): Store the currently selected ICU in LView (#38345)
2020-08-10 12:41:17 -07:00
BUILD.bazel
Revert "refactor: use isObservable provided by rxjs 6.1+ (#27668)"
2019-11-27 13:00:59 -08:00
char_code.ts
fix(core): error if CSS custom property in host binding has number in name (#38432)
2020-08-13 10:35:07 -07:00
closure.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
comparison.ts
refactor(core): remove looseIdentical in favor of built-in Object.is (#37191)
2020-06-01 17:19:17 -04:00
decorators.ts
docs(core): fix typo in decorators.ts relating to the use of Object.defineProperty. (#37369)
2020-06-01 17:18:08 -04:00
empty.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
errors.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
global.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
is_dev_mode.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
iterable.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
lang.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
microtask.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
named_array_type.ts
fix(core): use Trusted Types policy in named_array_type (#39209)
2020-10-14 09:33:48 -07:00
ng_dev_mode.ts
fix(core): guard reading of global ngDevMode for undefined. (#36055)
2020-10-16 08:12:22 -07:00
ng_i18n_closure_mode.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
ng_jit_mode.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
ng_reflect.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
noop.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
property.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
raf.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
stringify.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00
symbol.ts
build: update license headers to reference Google LLC (#37205)
2020-05-26 14:26:58 -04:00