honeymoose
/
angular-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
angular-cn/packages/core/test/sanitization
History
Igor Minar 55748dbc55 fix(core): allow css custom variables/properties in the style sanitizer (#33841) 
This change enables "var(--my-var)" to pass through the style sanitizer.

After consulation with our security team, allowing these doesn't create
new attack vectors, so the sanitizer doesn't need to strip them.

Fixes parts of #23485 related to the sanitizer, other use cases discussed
there related to binding have been addressed via other changes to the
class and style handling in the runtime.

Closes #23485

PR Close #33841
 		2019-11-20 14:47:59 -08:00
..
html_sanitizer_spec.ts feat(core): add missing ARIA attributes to html sanitizer (#29685) 2019-04-25 12:30:55 -07:00
sanitization_spec.ts test: rename mispelled `sanitization_spec.ts` file (#33712) 2019-11-11 14:01:04 -08:00
style_sanitizer_spec.ts fix(core): allow css custom variables/properties in the style sanitizer (#33841) 2019-11-20 14:47:59 -08:00
url_sanitizer_spec.ts feat(ivy): provide sanitization methods which can be tree shaken (#22540) 2018-03-07 18:24:07 -08:00