39e426cde3
BREAKING CHANGE: The public API for `DebugNode` was accidentally too broad. This change removes 1. Public constructor. Since `DebugNode` is a way for Angular to communicate information on to the developer there is no reason why the developer should ever need to Instantiate the `DebugNode` 2. We are also removing `removeChild`, `addChild`, `insertBefore`, and `insertChildAfter`. All of these methods are used by Angular to constructor the correct `DebugNode` tree. There is no reason why the developer should ever be constructing a `DebugNode` tree And these methods should have never been made public. 3. All properties have been change to `readonly` since `DebugNode` is used by Angular to communicate to developer and there is no reason why these APIs should be writable. While technically breaking change we don’t expect anyone to be effected by this change. PR Close #27223
144 lines
5.4 KiB
TypeScript
144 lines
5.4 KiB
TypeScript
/**
|
|
* @license
|
|
* Copyright Google Inc. All Rights Reserved.
|
|
*
|
|
* Use of this source code is governed by an MIT-style license that can be
|
|
* found in the LICENSE file at https://angular.io/license
|
|
*/
|
|
|
|
const BRAND = '__SANITIZER_TRUSTED_BRAND__';
|
|
|
|
export const enum BypassType {
|
|
Url = 'Url',
|
|
Html = 'Html',
|
|
ResourceUrl = 'ResourceUrl',
|
|
Script = 'Script',
|
|
Style = 'Style',
|
|
}
|
|
|
|
/**
|
|
* A branded trusted string used with sanitization.
|
|
*
|
|
* See: {@link TrustedHtmlString}, {@link TrustedResourceUrlString}, {@link TrustedScriptString},
|
|
* {@link TrustedStyleString}, {@link TrustedUrlString}
|
|
*/
|
|
export interface TrustedString extends String { [BRAND]: BypassType; }
|
|
|
|
/**
|
|
* A branded trusted string used with sanitization of `html` strings.
|
|
*
|
|
* See: {@link bypassSanitizationTrustHtml} and {@link htmlSanitizer}.
|
|
*/
|
|
export interface TrustedHtmlString extends TrustedString { [BRAND]: BypassType.Html; }
|
|
|
|
/**
|
|
* A branded trusted string used with sanitization of `style` strings.
|
|
*
|
|
* See: {@link bypassSanitizationTrustStyle} and {@link styleSanitizer}.
|
|
*/
|
|
export interface TrustedStyleString extends TrustedString { [BRAND]: BypassType.Style; }
|
|
|
|
/**
|
|
* A branded trusted string used with sanitization of `url` strings.
|
|
*
|
|
* See: {@link bypassSanitizationTrustScript} and {@link scriptSanitizer}.
|
|
*/
|
|
export interface TrustedScriptString extends TrustedString { [BRAND]: BypassType.Script; }
|
|
|
|
/**
|
|
* A branded trusted string used with sanitization of `url` strings.
|
|
*
|
|
* See: {@link bypassSanitizationTrustUrl} and {@link urlSanitizer}.
|
|
*/
|
|
export interface TrustedUrlString extends TrustedString { [BRAND]: BypassType.Url; }
|
|
|
|
/**
|
|
* A branded trusted string used with sanitization of `resourceUrl` strings.
|
|
*
|
|
* See: {@link bypassSanitizationTrustResourceUrl} and {@link resourceUrlSanitizer}.
|
|
*/
|
|
export interface TrustedResourceUrlString extends TrustedString { [BRAND]: BypassType.ResourceUrl; }
|
|
|
|
export function allowSanitizationBypass(value: any, type: BypassType): boolean {
|
|
return (value instanceof String && (value as TrustedStyleString)[BRAND] === type);
|
|
}
|
|
|
|
/**
|
|
* Mark `html` string as trusted.
|
|
*
|
|
* This function wraps the trusted string in `String` and brands it in a way which makes it
|
|
* recognizable to {@link htmlSanitizer} to be trusted implicitly.
|
|
*
|
|
* @param trustedHtml `html` string which needs to be implicitly trusted.
|
|
* @returns a `html` `String` which has been branded to be implicitly trusted.
|
|
*/
|
|
export function bypassSanitizationTrustHtml(trustedHtml: string): TrustedHtmlString {
|
|
return bypassSanitizationTrustString(trustedHtml, BypassType.Html);
|
|
}
|
|
/**
|
|
* Mark `style` string as trusted.
|
|
*
|
|
* This function wraps the trusted string in `String` and brands it in a way which makes it
|
|
* recognizable to {@link styleSanitizer} to be trusted implicitly.
|
|
*
|
|
* @param trustedStyle `style` string which needs to be implicitly trusted.
|
|
* @returns a `style` `String` which has been branded to be implicitly trusted.
|
|
*/
|
|
export function bypassSanitizationTrustStyle(trustedStyle: string): TrustedStyleString {
|
|
return bypassSanitizationTrustString(trustedStyle, BypassType.Style);
|
|
}
|
|
/**
|
|
* Mark `script` string as trusted.
|
|
*
|
|
* This function wraps the trusted string in `String` and brands it in a way which makes it
|
|
* recognizable to {@link scriptSanitizer} to be trusted implicitly.
|
|
*
|
|
* @param trustedScript `script` string which needs to be implicitly trusted.
|
|
* @returns a `script` `String` which has been branded to be implicitly trusted.
|
|
*/
|
|
export function bypassSanitizationTrustScript(trustedScript: string): TrustedScriptString {
|
|
return bypassSanitizationTrustString(trustedScript, BypassType.Script);
|
|
}
|
|
/**
|
|
* Mark `url` string as trusted.
|
|
*
|
|
* This function wraps the trusted string in `String` and brands it in a way which makes it
|
|
* recognizable to {@link urlSanitizer} to be trusted implicitly.
|
|
*
|
|
* @param trustedUrl `url` string which needs to be implicitly trusted.
|
|
* @returns a `url` `String` which has been branded to be implicitly trusted.
|
|
*/
|
|
export function bypassSanitizationTrustUrl(trustedUrl: string): TrustedUrlString {
|
|
return bypassSanitizationTrustString(trustedUrl, BypassType.Url);
|
|
}
|
|
/**
|
|
* Mark `url` string as trusted.
|
|
*
|
|
* This function wraps the trusted string in `String` and brands it in a way which makes it
|
|
* recognizable to {@link resourceUrlSanitizer} to be trusted implicitly.
|
|
*
|
|
* @param trustedResourceUrl `url` string which needs to be implicitly trusted.
|
|
* @returns a `url` `String` which has been branded to be implicitly trusted.
|
|
*/
|
|
export function bypassSanitizationTrustResourceUrl(trustedResourceUrl: string):
|
|
TrustedResourceUrlString {
|
|
return bypassSanitizationTrustString(trustedResourceUrl, BypassType.ResourceUrl);
|
|
}
|
|
|
|
|
|
function bypassSanitizationTrustString(
|
|
trustedString: string, mode: BypassType.Html): TrustedHtmlString;
|
|
function bypassSanitizationTrustString(
|
|
trustedString: string, mode: BypassType.Style): TrustedStyleString;
|
|
function bypassSanitizationTrustString(
|
|
trustedString: string, mode: BypassType.Script): TrustedScriptString;
|
|
function bypassSanitizationTrustString(
|
|
trustedString: string, mode: BypassType.Url): TrustedUrlString;
|
|
function bypassSanitizationTrustString(
|
|
trustedString: string, mode: BypassType.ResourceUrl): TrustedResourceUrlString;
|
|
function bypassSanitizationTrustString(trustedString: string, mode: BypassType): TrustedString {
|
|
const trusted = new String(trustedString) as TrustedString;
|
|
trusted[BRAND] = mode;
|
|
return trusted;
|
|
}
|