Martin Probst
2d9d7f1310
fix(security): allow empty CSS values. ( #9675 )
2016-06-28 11:45:02 -07:00
ScottSWu
ae75e3640a
chore(lint): Added license headers to most TypeScript files
...
Relates to #9380
2016-06-23 09:47:54 -07:00
Martin Probst
5e12a95789
test(security): test case for quoted URL values.
...
Test case that fixes #8701 . This is already supported with the latest sanitizer
changes, but it's good to have an explicit test case.
2016-05-26 09:39:23 -07:00
Martin Probst
15ae710d22
feat(security): allow url(...) style values.
...
Allows sanitized URLs for CSS properties. These can be abused for information
leakage, but only if the CSS rules are already set up to allow for it. That is,
an attacker cannot cause information leakage without controlling the style rules
present, or a very particular setup.
Fixes #8514 .
2016-05-17 11:23:31 +02:00
Martin Probst
8b1b427195
feat(security): support transform CSS functions for sanitization.
...
Fixes part of #8514 .
2016-05-14 13:25:45 +02:00
Martin Probst
3e68b7eb1f
feat(security): warn users when sanitizing in dev mode.
...
This should help developers to figure out what's going on when the sanitizer
strips some input.
Fixes #8522 .
2016-05-09 16:46:31 +02:00
Martin Probst
7b6c4d5acc
feat(security): add tests for style sanitisation.
2016-05-09 16:00:24 +02:00
