fix(platform-server): don't reflect innerHTML property to attibute (#24213)
Fixes #19278. innerHTML is conservatively marked as an attribute for security purpose so that it's sanitized when set. However this same mapping is used by the server renderer to decide whether the `innerHTML` property needs to be reflected to the `innerhtml` attribute. The fix is to just skip the property to attribute reflection for `innerHTML`. PR Close #24213
This commit is contained in:
parent
ec57133b61
commit
6a663a4073
|
@ -154,9 +154,11 @@ class DefaultServerRenderer2 implements Renderer2 {
|
|||
checkNoSyntheticProp(name, 'property');
|
||||
getDOM().setProperty(el, name, value);
|
||||
// Mirror property values for known HTML element properties in the attributes.
|
||||
// Skip `innerhtml` which is conservatively marked as an attribute for security
|
||||
// purposes but is not actually an attribute.
|
||||
const tagName = (el.tagName as string).toLowerCase();
|
||||
if (value != null && (typeof value === 'number' || typeof value == 'string') &&
|
||||
this.schema.hasElement(tagName, EMPTY_ARRAY) &&
|
||||
name.toLowerCase() !== 'innerhtml' && this.schema.hasElement(tagName, EMPTY_ARRAY) &&
|
||||
this.schema.hasProperty(tagName, name, EMPTY_ARRAY) &&
|
||||
this._isSafeToReflectProperty(tagName, name)) {
|
||||
this.setAttribute(el, name, value.toString());
|
||||
|
|
|
@ -587,7 +587,7 @@ class EscapedTransferStoreModule {
|
|||
renderModule(HTMLTypesModule, {document: doc}).then(output => {
|
||||
expect(output).toBe(
|
||||
'<html><head></head><body><app ng-version="0.0.0-PLACEHOLDER">' +
|
||||
'<div innerhtml="<b>foo</b> bar"><b>foo</b> bar</div></app></body></html>');
|
||||
'<div><b>foo</b> bar</div></app></body></html>');
|
||||
called = true;
|
||||
});
|
||||
}));
|
||||
|
|
Loading…
Reference in New Issue