6e18d2dacc
Angular treats constant values of attributes and properties in templates as secure. This means that these values are not sanitized, and are instead passed directly to the corresponding setAttribute or setProperty function. In cases where the given attribute or property is security-sensitive, this causes a Trusted Types violation. To address this, functions for promoting constant strings to each of the three Trusted Types are introduced to Angular's private codegen API. The compiler is updated to wrap constant strings with calls to these functions as appropriate when constructing the `consts` array. This is only done for security-sensitive attributes and properties, as classified by Angular's dom_security_schema. PR Close #39211 |
||
|---|---|---|
| .. | ||
| design | ||
| src | ||
| test | ||
| testing | ||
| BUILD.bazel | ||
| compiler.ts | ||
| index.ts | ||
| package.json | ||
| public_api.ts | ||