feat(security): add tests for style sanitisation.

modules/@angular/platform-browser/src/security/style_sanitizer.ts

@@ -37,7 +37,12 @@ function hasBalancedQuotes(value: string) {
   return outsideSingle && outsideDouble;
 }
 
+/**
+ * Sanitizes the given untrusted CSS style property value (i.e. not an entire object, just a single
+ * value) and returns a value that is safe to use in a browser environment.
+ */
 export function sanitizeStyle(value: string): string {
-  if (String(value).match(SAFE_STYLE_VALUE) && hasBalancedQuotes(value)) return value;
+  value = String(value);  // Make sure it's actually a string.
+  if (value.match(SAFE_STYLE_VALUE) && hasBalancedQuotes(value)) return value;
   return 'unsafe';
 }

modules/@angular/platform-browser/test/security/style_sanitizer_spec.ts

@@ -0,0 +1,13 @@
+import * as t from '@angular/core/testing/testing_internal';
+import {sanitizeStyle} from '../../src/security/style_sanitizer';
+
+export function main() {
+  t.describe('Style sanitizer', () => {
+    t.it('sanitizes values', () => {
+      t.expect(sanitizeStyle('abc')).toEqual('abc');
+      t.expect(sanitizeStyle('expression(haha)')).toEqual('unsafe');
+      // Unbalanced quotes.
+      t.expect(sanitizeStyle('"value" "')).toEqual('unsafe');
+    });
+  });
+}