diff --git a/packages/compiler/src/render3/r3_identifiers.ts b/packages/compiler/src/render3/r3_identifiers.ts index 375f0fd4d0..22daaeb91c 100644 --- a/packages/compiler/src/render3/r3_identifiers.ts +++ b/packages/compiler/src/render3/r3_identifiers.ts @@ -321,8 +321,6 @@ export class Identifiers { static sanitizeUrlOrResourceUrl: o.ExternalReference = {name: 'ɵɵsanitizeUrlOrResourceUrl', moduleName: CORE}; static trustConstantHtml: o.ExternalReference = {name: 'ɵɵtrustConstantHtml', moduleName: CORE}; - static trustConstantScript: - o.ExternalReference = {name: 'ɵɵtrustConstantScript', moduleName: CORE}; static trustConstantResourceUrl: o.ExternalReference = {name: 'ɵɵtrustConstantResourceUrl', moduleName: CORE}; } diff --git a/packages/compiler/src/render3/view/template.ts b/packages/compiler/src/render3/view/template.ts index 743e1f5b75..a8deb2dab2 100644 --- a/packages/compiler/src/render3/view/template.ts +++ b/packages/compiler/src/render3/view/template.ts @@ -2156,8 +2156,7 @@ function trustedConstAttribute(tagName: string, attr: t.TextAttribute): o.Expres switch (elementRegistry.securityContext(tagName, attr.name, /* isAttribute */ true)) { case core.SecurityContext.HTML: return o.importExpr(R3.trustConstantHtml).callFn([value], attr.valueSpan); - case core.SecurityContext.SCRIPT: - return o.importExpr(R3.trustConstantScript).callFn([value], attr.valueSpan); + // NB: no SecurityContext.SCRIPT here, as the corresponding tags are stripped by the compiler. case core.SecurityContext.RESOURCE_URL: return o.importExpr(R3.trustConstantResourceUrl).callFn([value], attr.valueSpan); default: diff --git a/packages/core/src/core_render3_private_export.ts b/packages/core/src/core_render3_private_export.ts index 8c01e0540f..30ccf1bb7e 100644 --- a/packages/core/src/core_render3_private_export.ts +++ b/packages/core/src/core_render3_private_export.ts @@ -296,7 +296,6 @@ export { ɵɵsanitizeUrlOrResourceUrl, ɵɵtrustConstantHtml, ɵɵtrustConstantResourceUrl, - ɵɵtrustConstantScript, } from './sanitization/sanitization'; export { noSideEffects as ɵnoSideEffects, diff --git a/packages/core/src/render3/jit/environment.ts b/packages/core/src/render3/jit/environment.ts index 6d4e4edd06..fced9d7c56 100644 --- a/packages/core/src/render3/jit/environment.ts +++ b/packages/core/src/render3/jit/environment.ts @@ -168,7 +168,6 @@ export const angularCoreEnv: {[name: string]: Function} = 'ɵɵsanitizeUrl': sanitization.ɵɵsanitizeUrl, 'ɵɵsanitizeUrlOrResourceUrl': sanitization.ɵɵsanitizeUrlOrResourceUrl, 'ɵɵtrustConstantHtml': sanitization.ɵɵtrustConstantHtml, - 'ɵɵtrustConstantScript': sanitization.ɵɵtrustConstantScript, 'ɵɵtrustConstantResourceUrl': sanitization.ɵɵtrustConstantResourceUrl, 'ɵɵngDeclareDirective': partial.ɵɵngDeclareDirective, diff --git a/packages/core/src/sanitization/sanitization.ts b/packages/core/src/sanitization/sanitization.ts index 89634b7f7e..f8050d39cf 100644 --- a/packages/core/src/sanitization/sanitization.ts +++ b/packages/core/src/sanitization/sanitization.ts @@ -11,7 +11,7 @@ import {SANITIZER} from '../render3/interfaces/view'; import {getLView} from '../render3/state'; import {renderStringify} from '../render3/util/stringify_utils'; import {TrustedHTML, TrustedScript, TrustedScriptURL} from '../util/security/trusted_type_defs'; -import {trustedHTMLFromString, trustedScriptFromString, trustedScriptURLFromString} from '../util/security/trusted_types'; +import {trustedHTMLFromString, trustedScriptURLFromString} from '../util/security/trusted_types'; import {trustedHTMLFromStringBypass, trustedScriptFromStringBypass, trustedScriptURLFromStringBypass} from '../util/security/trusted_types_bypass'; import {allowSanitizationBypassAndThrow, BypassType, unwrapSafeValue} from './bypass'; @@ -159,21 +159,6 @@ export function ɵɵtrustConstantHtml(html: string): TrustedHTML|string { return trustedHTMLFromString(html); } -/** - * Promotes the given constant string to a TrustedScript. - * @param script constant string containing a trusted script. - * @returns TrustedScript wrapping `script`. - * - * @security This is a security-sensitive function and should only be used to - * convert constant values of attributes and properties found in - * application-provided Angular templates to TrustedScript. - * - * @codeGenApi - */ -export function ɵɵtrustConstantScript(script: string): TrustedScript|string { - return trustedScriptFromString(script); -} - /** * Promotes the given constant string to a TrustedScriptURL. * @param url constant string containing a trusted script URL.