History

Andrew Kushnir c3aa24c3f9 fix(ivy): sanitization for Host Bindings (#27939 )

This commit adds sanitization for `elementProperty` and `elementAttribute` instructions used in `hostBindings` function, similar to what we already have in the `template` function. Main difference is the fact that for some attributes (like "href" and "src") we can't define which SecurityContext they belong to (URL vs RESOURCE_URL) in Compiler, since information in Directive selector may not be enough to calculate it. In order to resolve the problem, Compiler injects slightly different sanitization function which detects proper Security Context at runtime.

PR Close #27939

2019-01-08 17:17:04 -08:00

bypass.ts

fix(ivy): TestBed.get(Compiler) throws "Error: Runtime compiler is not loaded" (#27223 )

2018-11-27 13:42:23 -08:00

html_sanitizer.ts

feat(ivy): support for i18n & ICU expressions (#27101 )

2018-11-14 16:22:01 -08:00

inert_body.ts

refactor: remove redundant error in catch (#25478 )

2019-01-04 15:42:19 -08:00

readme.md

refactor(core): move sanitization into core (#22540 )

2018-03-07 18:24:06 -08:00

sanitization.ts

fix(ivy): sanitization for Host Bindings (#27939 )

2019-01-08 17:17:04 -08:00

security.ts

docs: update core to use @publicApi tags (#26595 )

2018-10-19 14:35:53 -07:00

style_sanitizer.ts

feat(ivy): add ngcc ivy switch (#25238 )

2018-08-16 13:51:42 -07:00

url_sanitizer.ts

feat(ivy): add ngcc ivy switch (#25238 )

2018-08-16 13:51:42 -07:00

readme.md

Sanitization

This folder contains sanitization related code.

History

It used to be that sanitization related code used to be in @angular/platform-browser since it is platform related. While this is true, in practice the compiler schema is permanently tied to the DOM and hence the fact that sanitizer could in theory be replaced is not used in practice.

In order to better support tree shaking we need to be able to refer to the sanitization functions from the Ivy code. For this reason the code has been moved into the @angular/core.