honeymoose
/
angular-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4,435 Commits 5 Branches 1 Tag 210 MiB
Commit Graph

4 Commits

Author SHA1 Message Date
Martin Probst 15ae710d22 feat(security): allow url(...) style values. 
Allows sanitized URLs for CSS properties. These can be abused for information
leakage, but only if the CSS rules are already set up to allow for it. That is,
an attacker cannot cause information leakage without controlling the style rules
present, or a very particular setup.

Fixes #8514.
 2016-05-17 11:23:31 +02:00
Martin Probst 8b1b427195 feat(security): support transform CSS functions for sanitization. 
Fixes part of #8514.
 2016-05-14 13:25:45 +02:00
Martin Probst 3e68b7eb1f feat(security): warn users when sanitizing in dev mode. 
This should help developers to figure out what's going on when the sanitizer
strips some input.

Fixes #8522.
 2016-05-09 16:46:31 +02:00
Martin Probst 7b6c4d5acc feat(security): add tests for style sanitisation. 2016-05-09 16:00:24 +02:00