honeymoose/angular-cn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
angular-cn/packages/core/src/sanitization
History
George Kalpakas 262ba67525 fix(core): traverse and sanitize content of unsafe elements (#28804) 
In the past, the sanitizer would remove unsafe elements, but still
traverse and sanitize (and potentially preserve) their content. This was
problematic in the case of `<style></style>` tags, whose content would
be converted to HTML text nodes.

In order to fix this, the sanitizer's behavior was changed in #25879 to
ignore the content of _all_ unsafe elements. While this fixed the
problem with `<style></style>` tags, it unnecessarily removed the
contents for _any_ unsafe element. This was an unneeded breaking change.

This commit partially restores the old sanitizer behavior (namely
traversing content of unsafe elements), but introduces a list of
elements whose content should not be traversed if the elements
themselves are considered unsafe. Currently, this list contains `style`,
`script` and `template`.

Related to #25879 and #26007.

Fixes #28427

PR Close #28804
2019-02-26 13:32:09 -08:00
..
bypass.ts
fix(ivy): TestBed.get(Compiler) throws "Error: Runtime compiler is not loaded" (#27223)
2018-11-27 13:42:23 -08:00
html_sanitizer.ts
fix(core): traverse and sanitize content of unsafe elements (#28804)
2019-02-26 13:32:09 -08:00
inert_body.ts
refactor: remove redundant error in catch (#25478)
2019-01-04 15:42:19 -08:00
readme.md
refactor(core): move sanitization into core (#22540)
2018-03-07 18:24:06 -08:00
sanitization.ts
refactor(ivy): split util functions into different files (#28382)
2019-02-22 13:17:30 -08:00
security.ts
docs: update core to use @publicApi tags (#26595)
2018-10-19 14:35:53 -07:00
style_sanitizer.ts
build: extract interface and util sub compilation from core (#28028)
2019-01-10 16:31:44 -08:00
url_sanitizer.ts
build: extract interface and util sub compilation from core (#28028)
2019-01-10 16:31:44 -08:00

readme.md

Sanitization

This folder contains sanitization related code.

History

It used to be that sanitization related code used to be in @angular/platform-browser since it is platform related. While this is true, in practice the compiler schema is permanently tied to the DOM and hence the fact that sanitizer could in theory be replaced is not used in practice.

In order to better support tree shaking we need to be able to refer to the sanitization functions from the Ivy code. For this reason the code has been moved into the @angular/core.