cargdev/angular
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ef8b95abaea5909230b69f740d2ff331f8a2f5d4
angular/packages/core/src/sanitization
History
Igor Minar 61cc7a3437 fix(core): allow css custom variables/properties in the style sanitizer (#33841) 
This change enables "var(--my-var)" to pass through the style sanitizer.

After consulation with our security team, allowing these doesn't create
new attack vectors, so the sanitizer doesn't need to strip them.

Fixes parts of #23485 related to the sanitizer, other use cases discussed
there related to binding have been addressed via other changes to the
class and style handling in the runtime.

Closes #23485

PR Close #33841
2019-11-20 14:48:00 -08:00
..
bypass.ts
fix(ivy): ExpressionChangedAfterItHasBeenCheckedError for SafeValue (#33749)
2019-11-15 10:44:23 -08:00
html_sanitizer.ts
feat(core): add missing ARIA attributes to html sanitizer (#29685)
2019-04-25 12:30:55 -07:00
inert_body.ts
refactor: remove redundant error in catch (#25478)
2019-01-04 15:42:19 -08:00
readme.md
refactor(core): move sanitization into core (#22540)
2018-03-07 18:24:06 -08:00
sanitization.ts
fix(ivy): ensure that the correct document is available (#33712)
2019-11-11 14:01:05 -08:00
sanitizer.ts
refactor(core): rename ngInjectableDef to ɵprov (#33151)
2019-10-16 16:36:19 -04:00
security.ts
perf(core): make sanitization tree-shakable in Ivy mode (#31934)
2019-08-15 10:30:12 -07:00
style_sanitizer.ts
fix(core): allow css custom variables/properties in the style sanitizer (#33841)
2019-11-20 14:48:00 -08:00
url_sanitizer.ts
refactor(core): update docs (#29600)
2019-04-02 10:28:23 -07:00

readme.md

Sanitization

This folder contains sanitization related code.

History

It used to be that sanitization related code used to be in @angular/platform-browser since it is platform related. While this is true, in practice the compiler schema is permanently tied to the DOM and hence the fact that sanitizer could in theory be replaced is not used in practice.

In order to better support tree shaking we need to be able to refer to the sanitization functions from the Ivy code. For this reason the code has been moved into the @angular/core.