angular-cn/packages/core/test/sanitization
George Kalpakas 262ba67525 fix(core): traverse and sanitize content of unsafe elements (#28804)
In the past, the sanitizer would remove unsafe elements, but still
traverse and sanitize (and potentially preserve) their content. This was
problematic in the case of `<style></style>` tags, whose content would
be converted to HTML text nodes.

In order to fix this, the sanitizer's behavior was changed in #25879 to
ignore the content of _all_ unsafe elements. While this fixed the
problem with `<style></style>` tags, it unnecessarily removed the
contents for _any_ unsafe element. This was an unneeded breaking change.

This commit partially restores the old sanitizer behavior (namely
traversing content of unsafe elements), but introduces a list of
elements whose content should not be traversed if the elements
themselves are considered unsafe. Currently, this list contains `style`,
`script` and `template`.

Related to #25879 and #26007.

Fixes #28427

PR Close #28804
2019-02-26 13:32:09 -08:00
..
html_sanitizer_spec.ts fix(core): traverse and sanitize content of unsafe elements (#28804) 2019-02-26 13:32:09 -08:00
sanatization_spec.ts refactor(ivy): simplify differentiation of LView, `RNode`, `LView`, `LContainer`, `StylingContext` (#28947) 2019-02-26 02:01:07 +00:00
style_sanitizer_spec.ts feat(ivy): provide sanitization methods which can be tree shaken (#22540) 2018-03-07 18:24:07 -08:00
url_sanitizer_spec.ts feat(ivy): provide sanitization methods which can be tree shaken (#22540) 2018-03-07 18:24:07 -08:00