From 4916870dff60e627baba59fcb6d30eb4045324d8 Mon Sep 17 00:00:00 2001
From: Bjarki <bjarki@google.com>
Date: Wed, 18 Nov 2020 16:50:07 +0000
Subject: [PATCH] fix(compiler): only promote Trusted Types to constants when
 necessary (#39554)

Previously all constant values of security-sensitive attributes and
properties were promoted to Trusted Types. While this is not inherently
bad, it is also not optimal.

Use the newly added Trusted Types schema to restrict promotion to
constants that are in a Trusted Types-relevant context.

PR Close #39554
---
 .../compiler/src/render3/view/template.ts     | 23 +++++++++++--------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/packages/compiler/src/render3/view/template.ts b/packages/compiler/src/render3/view/template.ts
index 22b69343fb..743e1f5b75 100644
--- a/packages/compiler/src/render3/view/template.ts
+++ b/packages/compiler/src/render3/view/template.ts
@@ -24,6 +24,7 @@ import {mapLiteral} from '../../output/map_util';
 import * as o from '../../output/output_ast';
 import {ParseError, ParseSourceSpan} from '../../parse_util';
 import {DomElementSchemaRegistry} from '../../schema/dom_element_schema_registry';
+import {isTrustedTypesSink} from '../../schema/trusted_types_sinks';
 import {CssSelector, SelectorMatcher} from '../../selector';
 import {BindingParser} from '../../template_parser/binding_parser';
 import {error, partitionArray} from '../../util';
@@ -2151,15 +2152,19 @@ export function resolveSanitizationFn(context: core.SecurityContext, isAttribute
 
 function trustedConstAttribute(tagName: string, attr: t.TextAttribute): o.Expression {
   const value = asLiteral(attr.value);
-  switch (elementRegistry.securityContext(tagName, attr.name, /* isAttribute */ true)) {
-    case core.SecurityContext.HTML:
-      return o.importExpr(R3.trustConstantHtml).callFn([value], attr.valueSpan);
-    case core.SecurityContext.SCRIPT:
-      return o.importExpr(R3.trustConstantScript).callFn([value], attr.valueSpan);
-    case core.SecurityContext.RESOURCE_URL:
-      return o.importExpr(R3.trustConstantResourceUrl).callFn([value], attr.valueSpan);
-    default:
-      return value;
+  if (isTrustedTypesSink(tagName, attr.name)) {
+    switch (elementRegistry.securityContext(tagName, attr.name, /* isAttribute */ true)) {
+      case core.SecurityContext.HTML:
+        return o.importExpr(R3.trustConstantHtml).callFn([value], attr.valueSpan);
+      case core.SecurityContext.SCRIPT:
+        return o.importExpr(R3.trustConstantScript).callFn([value], attr.valueSpan);
+      case core.SecurityContext.RESOURCE_URL:
+        return o.importExpr(R3.trustConstantResourceUrl).callFn([value], attr.valueSpan);
+      default:
+        return value;
+    }
+  } else {
+    return value;
   }
 }