iSharkFly-Docs
/
angular-docs-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs(security): point users to docs when sanitization fails. (#9680)

This commit is contained in:
Martin Probst 2016-06-28 18:13:46 -07:00 committed by GitHub
parent e2116c53f3
commit 810c722413
4 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
modules/@angular/platform-browser/src/security/dom_sanitization_service.ts
View File

@ -175,15 +175,18 @@ export class DomSanitizationServiceImpl extends DomSanitizationService {
return value.changingThisBreaksApplicationSecurity; return value.changingThisBreaksApplicationSecurity;
} }
this.checkNotSafeValue(value, 'ResourceURL'); this.checkNotSafeValue(value, 'ResourceURL');
throw new Error('unsafe value used in a resource URL context'); throw new Error(
'unsafe value used in a resource URL context (see http://g.co/ng/security#xss)');
default: default:
throw new Error(`Unexpected SecurityContext ${ctx}`); throw new Error(`Unexpected SecurityContext ${ctx} (see http://g.co/ng/security#xss)`);
} }
} }
private checkNotSafeValue(value: any, expectedType: string) { private checkNotSafeValue(value: any, expectedType: string) {
if (value instanceof SafeValueImpl) { if (value instanceof SafeValueImpl) {
throw new Error(`Required a safe ${expectedType}, got a ${value.getTypeName()}`); throw new Error(
`Required a safe ${expectedType}, got a ${value.getTypeName()} ` +
`(see http://g.co/ng/security#xss)`);
} }
} }
@ -204,7 +207,8 @@ abstract class SafeValueImpl implements SafeValue {
abstract getTypeName(): string; abstract getTypeName(): string;
toString() { toString() {
return `SafeValue must use [property]=binding: ${this.changingThisBreaksApplicationSecurity}`; return `SafeValue must use [property]=binding: ${this.changingThisBreaksApplicationSecurity}` +
` (see http://g.co/ng/security#xss)`;
} }
} }

2
modules/@angular/platform-browser/src/security/html_sanitizer.ts
View File

@ -271,7 +271,7 @@ export function sanitizeHtml(unsafeHtmlInput: string): string {
} }
if (isDevMode() && safeHtml !== unsafeHtmlInput) { if (isDevMode() && safeHtml !== unsafeHtmlInput) {
DOM.log('WARNING: sanitizing HTML stripped some content.'); DOM.log('WARNING: sanitizing HTML stripped some content (see http://g.co/ng/security#xss).');
} }
return safeHtml; return safeHtml;

5
modules/@angular/platform-browser/src/security/style_sanitizer.ts
View File

@ -92,7 +92,10 @@ export function sanitizeStyle(value: string): string {
return value; // Safe style values. return value; // Safe style values.
} }
if (isDevMode()) getDOM().log('WARNING: sanitizing unsafe style value ' + value); if (isDevMode()) {
getDOM().log(
`WARNING: sanitizing unsafe style value ${value} (see http://g.co/ng/security#xss).`);
}
return 'unsafe'; return 'unsafe';
} }

4
modules/@angular/platform-browser/src/security/url_sanitizer.ts
View File

@ -50,7 +50,9 @@ export function sanitizeUrl(url: string): string {
url = String(url); url = String(url);
if (url.match(SAFE_URL_PATTERN) || url.match(DATA_URL_PATTERN)) return url; if (url.match(SAFE_URL_PATTERN) || url.match(DATA_URL_PATTERN)) return url;
if (isDevMode()) getDOM().log('WARNING: sanitizing unsafe URL value ' + url); if (isDevMode()) {
getDOM().log(`WARNING: sanitizing unsafe URL value ${url} (see http://g.co/ng/security#xss)`);
}
return 'unsafe:' + url; return 'unsafe:' + url;
} }