fix(platform-server): don't reflect innerHTML property to attibute (#24213)

Fixes #19278.

innerHTML is conservatively marked as an attribute for security purpose so that it's sanitized when set. However this same mapping is used by the server renderer to decide whether the `innerHTML` property needs to be reflected to the `innerhtml` attribute. The fix is to just skip the property to attribute reflection for `innerHTML`.

PR Close #24213
This commit is contained in:
Vikram Subramanian 2018-05-30 21:34:09 -07:00 committed by Victor Berchet
parent ec57133b61
commit 6a663a4073
2 changed files with 4 additions and 2 deletions

View File

@ -154,9 +154,11 @@ class DefaultServerRenderer2 implements Renderer2 {
checkNoSyntheticProp(name, 'property');
getDOM().setProperty(el, name, value);
// Mirror property values for known HTML element properties in the attributes.
// Skip `innerhtml` which is conservatively marked as an attribute for security
// purposes but is not actually an attribute.
const tagName = (el.tagName as string).toLowerCase();
if (value != null && (typeof value === 'number' || typeof value == 'string') &&
this.schema.hasElement(tagName, EMPTY_ARRAY) &&
name.toLowerCase() !== 'innerhtml' && this.schema.hasElement(tagName, EMPTY_ARRAY) &&
this.schema.hasProperty(tagName, name, EMPTY_ARRAY) &&
this._isSafeToReflectProperty(tagName, name)) {
this.setAttribute(el, name, value.toString());

View File

@ -587,7 +587,7 @@ class EscapedTransferStoreModule {
renderModule(HTMLTypesModule, {document: doc}).then(output => {
expect(output).toBe(
'<html><head></head><body><app ng-version="0.0.0-PLACEHOLDER">' +
'<div innerhtml="<b>foo</b> bar"><b>foo</b> bar</div></app></body></html>');
'<div><b>foo</b> bar</div></app></body></html>');
called = true;
});
}));