040b101842
This addresses several oversights in assigning security contexts to DOM schema elements found by our security reviewers (thanks!). This also adds some more precise unit tests for the interaction between (Dom)ElementSchemaRegistry and the TemplateParser, and extracts the security specific parts into dom_security_schema.ts. Comparison of (potentially) dangerous property names is done case insensitive, to avoid issues like formAction vs formaction. Part of issue #8511. |
||
---|---|---|
.. | ||
dom_element_schema_registry_spec.ts | ||
schema_extractor.dart | ||
schema_extractor.ts |