6a9d7e5969
The trustConstantHtml and trustConstantResourceUrl functions are only meant to be passed constant strings extracted from Angular application templates, as passing other strings or variables could introduce XSS vulnerabilities. To better protect these APIs, turn them into template tags. This makes it possible to assert that the associated template literals do not contain any interpolation, and thus must be constant. Also add tests for the change to prevent regression. PR Close #40082 |
||
|---|---|---|
| .. | ||
| html_sanitizer_spec.ts | ||
| sanitization_spec.ts | ||
| url_sanitizer_spec.ts | ||