diff --git a/modules/@angular/platform-browser/src/security/style_sanitizer.ts b/modules/@angular/platform-browser/src/security/style_sanitizer.ts index 688e20e98c..78258c9200 100644 --- a/modules/@angular/platform-browser/src/security/style_sanitizer.ts +++ b/modules/@angular/platform-browser/src/security/style_sanitizer.ts @@ -82,6 +82,7 @@ function hasBalancedQuotes(value: string) { */ export function sanitizeStyle(value: string): string { value = String(value).trim(); // Make sure it's actually a string. + if (!value) return ''; // Single url(...) values are supported, but only for URLs that sanitize cleanly. See above for // reasoning behind this. diff --git a/modules/@angular/platform-browser/test/security/style_sanitizer_spec.ts b/modules/@angular/platform-browser/test/security/style_sanitizer_spec.ts index 67bed84e96..7bec4047d0 100644 --- a/modules/@angular/platform-browser/test/security/style_sanitizer_spec.ts +++ b/modules/@angular/platform-browser/test/security/style_sanitizer_spec.ts @@ -26,6 +26,7 @@ export function main() { function expectSanitize(v: string) { return t.expect(sanitizeStyle(v)); } t.it('sanitizes values', () => { + expectSanitize('').toEqual(''); expectSanitize('abc').toEqual('abc'); expectSanitize('50px').toEqual('50px'); expectSanitize('rgb(255, 0, 0)').toEqual('rgb(255, 0, 0)');