refactor: rename SanitizationService to Sanitizer and DomSanitizationService to DomSanitizer (#11085)
BREAKING CHANGE: Previously inconsistently named APIs SanitizationService and DomSanitizationService were renamed to Sanitizer and DomSanitizer
This commit is contained in:
parent
b867764b0d
commit
811962b2bb
|
@ -37,4 +37,4 @@ export * from './src/animation/metadata';
|
|||
export {AnimationTransitionEvent} from './src/animation/animation_transition_event';
|
||||
export {AnimationPlayer} from './src/animation/animation_player';
|
||||
|
||||
export {SanitizationService, SecurityContext} from './src/security';
|
||||
export {Sanitizer, SecurityContext} from './src/security';
|
||||
|
|
|
@ -15,18 +15,18 @@ import {BaseException} from '../facade/exceptions';
|
|||
import {isBlank, isPresent, looseIdentical} from '../facade/lang';
|
||||
import {ViewEncapsulation} from '../metadata/view';
|
||||
import {RenderComponentType, Renderer, RootRenderer} from '../render/api';
|
||||
import {SanitizationService} from '../security';
|
||||
import {Sanitizer} from '../security';
|
||||
import {AppElement} from './element';
|
||||
import {ExpressionChangedAfterItHasBeenCheckedException} from './exceptions';
|
||||
|
||||
@Injectable()
|
||||
export class ViewUtils {
|
||||
sanitizer: SanitizationService;
|
||||
sanitizer: Sanitizer;
|
||||
private _nextCompTypeId: number = 0;
|
||||
|
||||
constructor(
|
||||
private _renderer: RootRenderer, @Inject(APP_ID) private _appId: string,
|
||||
sanitizer: SanitizationService) {
|
||||
sanitizer: Sanitizer) {
|
||||
this.sanitizer = sanitizer;
|
||||
}
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
* like `innerHTML` that could cause Cross Site Scripting (XSS) security bugs when improperly
|
||||
* handled.
|
||||
*
|
||||
* See DomSanitizationService for more details on security in Angular applications.
|
||||
* See DomSanitizer for more details on security in Angular applications.
|
||||
*
|
||||
* @stable
|
||||
*/
|
||||
|
@ -25,10 +25,10 @@ export enum SecurityContext {
|
|||
}
|
||||
|
||||
/**
|
||||
* SanitizationService is used by the views to sanitize potentially dangerous values.
|
||||
* Sanitizer is used by the views to sanitize potentially dangerous values.
|
||||
*
|
||||
* @stable
|
||||
*/
|
||||
export abstract class SanitizationService {
|
||||
export abstract class Sanitizer {
|
||||
abstract sanitize(context: SecurityContext, value: string): string;
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ import {Component} from '@angular/core/src/metadata';
|
|||
import {TestBed, getTestBed} from '@angular/core/testing';
|
||||
import {afterEach, beforeEach, beforeEachProviders, ddescribe, describe, expect, inject, it} from '@angular/core/testing/testing_internal';
|
||||
import {getDOM} from '@angular/platform-browser/src/dom/dom_adapter';
|
||||
import {DomSanitizationService} from '@angular/platform-browser/src/security/dom_sanitization_service';
|
||||
import {DomSanitizer} from '@angular/platform-browser/src/security/dom_sanitization_service';
|
||||
|
||||
export function main() {
|
||||
describe('jit', () => { declareTests({useJit: true}); });
|
||||
|
@ -59,7 +59,7 @@ function declareTests({useJit}: {useJit: boolean}) {
|
|||
const template = `<a [href]="ctxProp">Link Title</a>`;
|
||||
TestBed.overrideComponent(SecuredComponent, {set: {template}});
|
||||
const fixture = TestBed.createComponent(SecuredComponent);
|
||||
const sanitizer: DomSanitizationService = getTestBed().get(DomSanitizationService);
|
||||
const sanitizer: DomSanitizer = getTestBed().get(DomSanitizer);
|
||||
|
||||
let e = fixture.debugElement.children[0].nativeElement;
|
||||
let ci = fixture.debugElement.componentInstance;
|
||||
|
@ -73,7 +73,7 @@ function declareTests({useJit}: {useJit: boolean}) {
|
|||
const template = `<a [href]="ctxProp">Link Title</a>`;
|
||||
TestBed.overrideComponent(SecuredComponent, {set: {template}});
|
||||
const fixture = TestBed.createComponent(SecuredComponent);
|
||||
const sanitizer: DomSanitizationService = getTestBed().get(DomSanitizationService);
|
||||
const sanitizer: DomSanitizer = getTestBed().get(DomSanitizer);
|
||||
|
||||
let trusted = sanitizer.bypassSecurityTrustScript('javascript:alert(1)');
|
||||
let ci = fixture.debugElement.componentInstance;
|
||||
|
@ -85,7 +85,7 @@ function declareTests({useJit}: {useJit: boolean}) {
|
|||
const template = `<a href="/foo/{{ctxProp}}">Link Title</a>`;
|
||||
TestBed.overrideComponent(SecuredComponent, {set: {template}});
|
||||
const fixture = TestBed.createComponent(SecuredComponent);
|
||||
const sanitizer: DomSanitizationService = getTestBed().get(DomSanitizationService);
|
||||
const sanitizer: DomSanitizer = getTestBed().get(DomSanitizer);
|
||||
|
||||
let e = fixture.debugElement.children[0].nativeElement;
|
||||
let trusted = sanitizer.bypassSecurityTrustUrl('bar/baz');
|
||||
|
|
|
@ -15,7 +15,7 @@ export {By} from './src/dom/debug/by';
|
|||
export {DOCUMENT} from './src/dom/dom_tokens';
|
||||
export {EVENT_MANAGER_PLUGINS, EventManager} from './src/dom/events/event_manager';
|
||||
export {HAMMER_GESTURE_CONFIG, HammerGestureConfig} from './src/dom/events/hammer_gestures';
|
||||
export {DomSanitizationService, SafeHtml, SafeResourceUrl, SafeScript, SafeStyle, SafeUrl} from './src/security/dom_sanitization_service';
|
||||
export {DomSanitizer, SafeHtml, SafeResourceUrl, SafeScript, SafeStyle, SafeUrl} from './src/security/dom_sanitization_service';
|
||||
// Web Workers
|
||||
export {ClientMessageBroker, ClientMessageBrokerFactory, FnArg, UiArguments} from './src/web_workers/shared/client_message_broker';
|
||||
export {PRIMITIVE} from './src/web_workers/shared/serializer';
|
||||
|
@ -28,4 +28,4 @@ export {WORKER_UI_LOCATION_PROVIDERS} from './src/web_workers/ui/location_provid
|
|||
export {NgProbeToken} from './src/dom/debug/ng_probe';
|
||||
export {platformWorkerUi, WebWorkerInstance, WORKER_SCRIPT, WORKER_UI_STARTABLE_MESSAGING_SERVICE} from './src/worker_render';
|
||||
export {platformWorkerApp, WorkerAppModule} from './src/worker_app';
|
||||
export * from './private_export';
|
||||
export * from './private_export';
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
*/
|
||||
|
||||
import {CommonModule, PlatformLocation} from '@angular/common';
|
||||
import {ApplicationModule, BaseException, ClassProvider, ExceptionHandler, ExistingProvider, FactoryProvider, NgModule, Optional, PLATFORM_INITIALIZER, PlatformRef, Provider, RootRenderer, SanitizationService, SkipSelf, Testability, TypeProvider, ValueProvider, createPlatformFactory, platformCore} from '@angular/core';
|
||||
import {ApplicationModule, BaseException, ClassProvider, ExceptionHandler, ExistingProvider, FactoryProvider, NgModule, Optional, PLATFORM_INITIALIZER, PlatformRef, Provider, RootRenderer, Sanitizer, SkipSelf, Testability, TypeProvider, ValueProvider, createPlatformFactory, platformCore} from '@angular/core';
|
||||
|
||||
import {wtfInit} from '../core_private';
|
||||
import {AnimationDriver} from '../src/dom/animation_driver';
|
||||
|
@ -25,7 +25,7 @@ import {EVENT_MANAGER_PLUGINS, EventManager} from './dom/events/event_manager';
|
|||
import {HAMMER_GESTURE_CONFIG, HammerGestureConfig, HammerGesturesPlugin} from './dom/events/hammer_gestures';
|
||||
import {KeyEventsPlugin} from './dom/events/key_events';
|
||||
import {DomSharedStylesHost, SharedStylesHost} from './dom/shared_styles_host';
|
||||
import {DomSanitizationService, DomSanitizationServiceImpl} from './security/dom_sanitization_service';
|
||||
import {DomSanitizer, DomSanitizerImpl} from './security/dom_sanitization_service';
|
||||
|
||||
export const INTERNAL_BROWSER_PLATFORM_PROVIDERS: Provider[] = [
|
||||
{provide: PLATFORM_INITIALIZER, useValue: initDomAdapter, multi: true},
|
||||
|
@ -39,8 +39,8 @@ export const INTERNAL_BROWSER_PLATFORM_PROVIDERS: Provider[] = [
|
|||
* @experimental
|
||||
*/
|
||||
export const BROWSER_SANITIZATION_PROVIDERS: Array<any> = [
|
||||
{provide: SanitizationService, useExisting: DomSanitizationService},
|
||||
{provide: DomSanitizationService, useClass: DomSanitizationServiceImpl},
|
||||
{provide: Sanitizer, useExisting: DomSanitizer},
|
||||
{provide: DomSanitizer, useClass: DomSanitizerImpl},
|
||||
];
|
||||
|
||||
/**
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
* found in the LICENSE file at https://angular.io/license
|
||||
*/
|
||||
|
||||
import {Injectable, SanitizationService, SecurityContext} from '@angular/core';
|
||||
import {Injectable, Sanitizer, SecurityContext} from '@angular/core';
|
||||
|
||||
import {sanitizeHtml} from './html_sanitizer';
|
||||
import {sanitizeStyle} from './style_sanitizer';
|
||||
|
@ -58,7 +58,7 @@ export interface SafeUrl extends SafeValue {}
|
|||
export interface SafeResourceUrl extends SafeValue {}
|
||||
|
||||
/**
|
||||
* DomSanitizationService helps preventing Cross Site Scripting Security bugs (XSS) by sanitizing
|
||||
* DomSanitizer helps preventing Cross Site Scripting Security bugs (XSS) by sanitizing
|
||||
* values to be safe to use in the different DOM contexts.
|
||||
*
|
||||
* For example, when binding a URL in an `<a [href]="someValue">` hyperlink, `someValue` will be
|
||||
|
@ -88,7 +88,7 @@ export interface SafeResourceUrl extends SafeValue {}
|
|||
*
|
||||
* @stable
|
||||
*/
|
||||
export abstract class DomSanitizationService implements SanitizationService {
|
||||
export abstract class DomSanitizer implements Sanitizer {
|
||||
/**
|
||||
* Sanitizes a value for use in the given SecurityContext.
|
||||
*
|
||||
|
@ -146,7 +146,7 @@ export abstract class DomSanitizationService implements SanitizationService {
|
|||
|
||||
|
||||
@Injectable()
|
||||
export class DomSanitizationServiceImpl extends DomSanitizationService {
|
||||
export class DomSanitizerImpl extends DomSanitizer {
|
||||
sanitize(ctx: SecurityContext, value: any): string {
|
||||
if (value == null) return null;
|
||||
switch (ctx) {
|
||||
|
|
|
@ -9,12 +9,12 @@
|
|||
import {SecurityContext} from '@angular/core';
|
||||
import * as t from '@angular/core/testing/testing_internal';
|
||||
|
||||
import {DomSanitizationServiceImpl} from '../../src/security/dom_sanitization_service';
|
||||
import {DomSanitizerImpl} from '../../src/security/dom_sanitization_service';
|
||||
|
||||
export function main() {
|
||||
t.describe('DOM Sanitization Service', () => {
|
||||
t.it('accepts resource URL values for resource contexts', () => {
|
||||
const svc = new DomSanitizationServiceImpl();
|
||||
const svc = new DomSanitizerImpl();
|
||||
const resourceUrl = svc.bypassSecurityTrustResourceUrl('http://hello/world');
|
||||
t.expect(svc.sanitize(SecurityContext.URL, resourceUrl)).toBe('http://hello/world');
|
||||
});
|
||||
|
|
|
@ -1092,7 +1092,7 @@ export declare abstract class RootRenderer {
|
|||
}
|
||||
|
||||
/** @stable */
|
||||
export declare abstract class SanitizationService {
|
||||
export declare abstract class Sanitizer {
|
||||
abstract sanitize(context: SecurityContext, value: string): string;
|
||||
}
|
||||
|
||||
|
|
|
@ -48,7 +48,7 @@ export declare function disableDebugTools(): void;
|
|||
export declare const DOCUMENT: OpaqueToken;
|
||||
|
||||
/** @stable */
|
||||
export declare abstract class DomSanitizationService implements SanitizationService {
|
||||
export declare abstract class DomSanitizer implements Sanitizer {
|
||||
abstract bypassSecurityTrustHtml(value: string): SafeHtml;
|
||||
abstract bypassSecurityTrustResourceUrl(value: string): SafeResourceUrl;
|
||||
abstract bypassSecurityTrustScript(value: string): SafeScript;
|
||||
|
|
Loading…
Reference in New Issue