iSharkFly-Docs/angular-docs-cn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

perf(core): use ngDevMode to tree-shake warnings (#39959)

Browse Source 
This commit adds `ngDevMode` guard to show sanitization warnings only
in dev mode (similar to how things work in other parts of Ivy runtime code).
The `ngDevMode` flag helps to tree-shake these warnings from production builds
(in dev mode everything will work as it works right now) to decrease production bundle size.

PR Close #39959
This commit is contained in:
arturovt 2020-12-03 23:04:03 +02:00 committed by Misko Hevery
parent 28a0bcb424
commit 8b0cccca45
3 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
goldens/size-tracking/integration-payloads.json
View File

@ -39,7 +39,7 @@
"master": { "master": {
"uncompressed": { "uncompressed": {
"runtime-es2015": 2285, "runtime-es2015": 2285,
"main-es2015": 242455, "main-es2015": 241837,
"polyfills-es2015": 36709, "polyfills-es2015": 36709,
"5-es2015": 745 "5-es2015": 745
} }

3
packages/core/src/sanitization/html_sanitizer.ts
View File

@ -6,7 +6,6 @@
* found in the LICENSE file at https://angular.io/license * found in the LICENSE file at https://angular.io/license
*/ */
import {isDevMode} from '../util/is_dev_mode';
import {TrustedHTML} from '../util/security/trusted_type_defs'; import {TrustedHTML} from '../util/security/trusted_type_defs';
import {trustedHTMLFromString} from '../util/security/trusted_types'; import {trustedHTMLFromString} from '../util/security/trusted_types';
import {getInertBodyHelper, InertBodyHelper} from './inert_body'; import {getInertBodyHelper, InertBodyHelper} from './inert_body';
@ -271,7 +270,7 @@ export function _sanitizeHtml(defaultDoc: any, unsafeHtmlInput: string): Trusted
const sanitizer = new SanitizingHtmlSerializer(); const sanitizer = new SanitizingHtmlSerializer();
const safeHtml = sanitizer.sanitizeChildren( const safeHtml = sanitizer.sanitizeChildren(
getTemplateContent(inertBodyElement!) as Element || inertBodyElement); getTemplateContent(inertBodyElement!) as Element || inertBodyElement);
if (isDevMode() && sanitizer.sanitizedSomething) { if ((typeof ngDevMode === 'undefined' || ngDevMode) && sanitizer.sanitizedSomething) {
console.warn( console.warn(
'WARNING: sanitizing HTML stripped some content, see https://g.co/ng/security#xss'); 'WARNING: sanitizing HTML stripped some content, see https://g.co/ng/security#xss');
} }

3
packages/core/src/sanitization/url_sanitizer.ts
View File

@ -6,7 +6,6 @@
* found in the LICENSE file at https://angular.io/license * found in the LICENSE file at https://angular.io/license
*/ */
import {isDevMode} from '../util/is_dev_mode';
/** /**
* A pattern that recognizes a commonly useful subset of URLs that are safe. * A pattern that recognizes a commonly useful subset of URLs that are safe.
@ -47,7 +46,7 @@ export function _sanitizeUrl(url: string): string {
url = String(url); url = String(url);
if (url.match(SAFE_URL_PATTERN) || url.match(DATA_URL_PATTERN)) return url; if (url.match(SAFE_URL_PATTERN) || url.match(DATA_URL_PATTERN)) return url;
if (isDevMode()) { if (typeof ngDevMode === 'undefined' || ngDevMode) {
console.warn(`WARNING: sanitizing unsafe URL value ${url} (see https://g.co/ng/security#xss)`); console.warn(`WARNING: sanitizing unsafe URL value ${url} (see https://g.co/ng/security#xss)`);
} }