Commit Graph

31 Commits

Author SHA1 Message Date
YuCheng Hu 895f2fe818 针对新的版本提交没有提交的代码 2021-04-03 09:52:53 -04:00
Marcono1234 3e1e5a15ba docs: update links to use HTTPS as protocol (#39718)
PR Close #39718
2020-11-20 12:52:16 -08:00
Bjarki 81aa119739 fix(core): convert legacy-sanitized values to Trusted Types (#39218)
Use the bypass-specific Trusted Types policy for automatically upgrade
any values from custom sanitizers or the bypassSecurityTrust functions
to a Trusted Type. Update tests to reflect the new behavior.

PR Close #39218
2020-10-16 08:13:52 -07:00
Bjarki 9ec2bad4dc refactor(core): make HTML sanitizer return TrustedHTML (#39218)
Make Angular's HTML sanitizer return a TrustedHTML, as its output is
trusted not to cause XSS vulnerabilities when used in a context where a
browser may parse and evaluate HTML. Also update tests to reflect the
new behaviour.

PR Close #39218
2020-10-16 08:13:52 -07:00
Misko Hevery 812615bb99 refactor(core): Ensure that `previousOrParentTNode` always belongs to current `TView`. (#38707)
`previousOrParentTNode` stores current `TNode`. Due to inconsistent
implementation the value stored would sometimes belong to the current
`TView` and sometimes to the parent. We have extra logic which accounts
for it. A better solution is to just ensure that `previousOrParentTNode`
always belongs to current `TNode`. This simplifies the mental model
and cleans up some code.

PR Close #38707
2020-09-28 16:15:58 -04:00
Bjarki f245c6bb15 fix(core): remove closing body tag from inert DOM builder (#38454)
Fix a bug in the HTML sanitizer where an unclosed iframe tag would
result in an escaped closing body tag as the output:

_sanitizeHtml(document, '<iframe>') => '&lt;/body&gt;'

This closing body tag comes from the DOMParserHelper where the HTML to be
sanitized is wrapped with surrounding body tags. When an opening iframe
tag is parsed by DOMParser, which DOMParserHelper uses, everything up
until its matching closing tag is consumed as a text node. In the above
example this includes the appended closing body tag.

By removing the explicit closing body tag from the DOMParserHelper and
relying on the body tag being closed implicitly at the end, the above
example is sanitized as expected:

_sanitizeHtml(document, '<iframe>') => ''

PR Close #38454
2020-08-19 14:18:44 -07:00
Harri Lehtola c509243af5 fix(core): determine required DOMParser feature availability (#36578) (#36578)
Verify that HTML parsing is supported in addition to DOMParser existence.
This maybe wasn't as important before when DOMParser was used just as a
fallback on Firefox, but now that DOMParser is the default choice, we need
to be more accurate.

PR Close #36578
2020-06-26 14:54:09 -07:00
Joey Perrott d1ea1f4c7f build: update license headers to reference Google LLC (#37205)
Update the license headers throughout the repository to reference Google LLC
rather than Google Inc, for the required license headers.

PR Close #37205
2020-05-26 14:26:58 -04:00
Matias Niemelä 420b9be1c1 refactor: disable sanitization for [style] and [style.prop] bindings (#35621)
This patch is the first of many commits to disable sanitization for
[stlye.prop] and [style] bindings in Angular.

Historically, style-based sanitization has only been required for old
IE browsers (IE6 and IE7). Since Angular does not support these old
browsers at all, there is no reason for the framework to support
style-based sanitization.

PR Close #35621
2020-05-06 15:00:22 -07:00
Joey Perrott 698b0288be build: reformat repo to new clang@1.4.0 (#36613)
PR Close #36613
2020-04-14 12:08:36 -07:00
Igor Minar 55748dbc55 fix(core): allow css custom variables/properties in the style sanitizer (#33841)
This change enables "var(--my-var)" to pass through the style sanitizer.

After consulation with our security team, allowing these doesn't create
new attack vectors, so the sanitizer doesn't need to strip them.

Fixes parts of #23485 related to the sanitizer, other use cases discussed
there related to binding have been addressed via other changes to the
class and style handling in the runtime.

Closes #23485

PR Close #33841
2019-11-20 14:47:59 -08:00
Igor Minar 6a5475f65b style(core): improve readability of style_sanizer(_spec).ts (#33841)
PR Close #33841
2019-11-20 14:47:59 -08:00
Pete Bacon Darwin c303371b26 test: rename mispelled `sanitization_spec.ts` file (#33712)
PR Close #33712
2019-11-11 14:01:04 -08:00
Miško Hevery 09a2bb839f refactor(ivy): Intruduce LFrame to store global instruction information (#33178)
`LFrame` stores information specifice to the current `LView` As the code
enters and leaves `LView`s we use `enterView()` and `leaveView()`
respectively to build a a stack of `LFrame`s. This allows us to easily
restore the previous `LView` instruction state.

PR Close #33178
2019-10-24 14:42:15 -07:00
Miško Hevery 2e4d17f3a9 perf(core): make sanitization tree-shakable in Ivy mode (#31934)
In VE the `Sanitizer` is always available in `BrowserModule` because the VE retrieves it using injection.

In Ivy the injection is optional and we have instructions instead of component definition arrays. The implication of this is that in Ivy the instructions can pull in the sanitizer only when they are working with a property which is known to be unsafe. Because the Injection is optional this works even if no Sanitizer is present. So in Ivy we first use the sanitizer which is pulled in by the instruction, unless one is available through the `Injector` then we use that one instead.

This PR does few things:
1) It makes `Sanitizer` optional in Ivy.
2) It makes `DomSanitizer` tree shakable.
3) It aligns the semantics of Ivy `Sanitizer` with that of the Ivy sanitization rules.
4) It refactors `DomSanitizer` to use same functions as Ivy sanitization for consistency.

PR Close #31934
2019-08-15 10:30:12 -07:00
Ben Lesh d7eaae6f22 refactor(ivy): Move instructions back to ɵɵ (#30546)
There is an encoding issue with using delta `Δ`, where the browser will attempt to detect the file encoding if the character set is not explicitly declared on a `<script/>` tag, and Chrome will find the `Δ` character and decide it is window-1252 encoding, which misinterprets the `Δ` character to be some other character that is not a valid JS identifier character

So back to the frog eyes we go.

```
    __
   /ɵɵ\
  ( -- ) - I am ineffable. I am forever.
 _/    \_
/  \  /  \
==  ==  ==
```

PR Close #30546
2019-05-20 16:37:47 -07:00
Ben Lesh cf86ed7b29 refactor(ivy): migrate ɵɵ prefix back to Δ (#30362)
Now that issues are resolved with Closure compiler, we can move back to our desired prefix of `Δ`.

PR Close #30362
2019-05-14 16:52:15 -07:00
Alex Rickabaugh dbb150a9bd Revert "fix(core): CSS sanitizer now allows parens in file names (#30322)" (#30463)
This reverts commit 728db88280.

We're reverting this commit for now, until it can be subjected to a more
thorough security review.

PR Close #30463
2019-05-14 14:49:39 -07:00
Ben Lesh 728db88280 fix(core): CSS sanitizer now allows parens in file names (#30322)
Resolves an issue where images that were created with a name like `'foo (1).png'` would not pass CSS url sanitization.

PR Close #30322
2019-05-08 14:22:43 -07:00
Martin Mädler 909557d5f8 feat(core): add missing ARIA attributes to html sanitizer (#29685)
Allow ARIA attributes from the WAI-ARIA 1.1 spec which were stripped by the htmlSanitizer.

Closes #26815

PR Close #29685
2019-04-25 12:30:55 -07:00
Alex Rickabaugh b0578061ce refactor(ivy): use ɵɵ instead of Δ for now (#29850)
The `Δ` caused issue with other infrastructure, and we are temporarily
changing it to `ɵɵ`.

This commit also patches ts_api_guardian_test and AIO to understand `ɵɵ`.

PR Close #29850
2019-04-11 16:27:56 -07:00
Ben Lesh 138ca5a246 refactor(ivy): prefix all generated instructions (#29692)
- Updates all instructions to be prefixed with the Greek delta symbol

PR Close #29692
2019-04-10 12:11:40 -07:00
George Kalpakas 262ba67525 fix(core): traverse and sanitize content of unsafe elements (#28804)
In the past, the sanitizer would remove unsafe elements, but still
traverse and sanitize (and potentially preserve) their content. This was
problematic in the case of `<style></style>` tags, whose content would
be converted to HTML text nodes.

In order to fix this, the sanitizer's behavior was changed in #25879 to
ignore the content of _all_ unsafe elements. While this fixed the
problem with `<style></style>` tags, it unnecessarily removed the
contents for _any_ unsafe element. This was an unneeded breaking change.

This commit partially restores the old sanitizer behavior (namely
traversing content of unsafe elements), but introduces a list of
elements whose content should not be traversed if the elements
themselves are considered unsafe. Currently, this list contains `style`,
`script` and `template`.

Related to #25879 and #26007.

Fixes #28427

PR Close #28804
2019-02-26 13:32:09 -08:00
Misko Hevery 3cb497c6ac refactor(ivy): simplify differentiation of LView, `RNode`, `LView`, `LContainer`, `StylingContext` (#28947)
For efficiency reasons we often put several different data types (`RNode`, `LView`, `LContainer`,
`StylingContext`) in same location in `LView`. This is because we don't want to pre-allocate
space
for it because the storage is sparse. This file contains utilities for dealing with such data
types.
How do we know what is stored at a given location in `LView`.
- `Array.isArray(value) === false` => `RNode` (The normal storage value)
- `Array.isArray(value) === true` => than the `value[0]` represents the wrapped value.
  - `typeof value[TYPE] === 'object'` => `LView`
     - This happens when we have a component at a given location
  - `typeof value[TYPE] === 'number'` => `StylingContext`
     - This happens when we have style/class binding at a given location.
  - `typeof value[TYPE] === true` => `LContainer`
     - This happens when we have `LContainer` binding at a given location.
NOTE: it is assumed that `Array.isArray` and `typeof` operations are very efficient.

PR Close #28947
2019-02-26 02:01:07 +00:00
Ben Lesh ba6aa93aa3 refactor(ivy): LContainer now stored in LView[PARENT] (#28382)
- Removes CONTAINER_INDEX
- LView[PARENT] now contains LContainer when necessary
- Removes now unused arguments to methods after refactor

PR Close #28382
2019-02-22 13:17:30 -08:00
Andrew Kushnir c3aa24c3f9 fix(ivy): sanitization for Host Bindings (#27939)
This commit adds sanitization for `elementProperty` and `elementAttribute` instructions used in `hostBindings` function, similar to what we already have in the `template` function. Main difference is the fact that for some attributes (like "href" and "src") we can't define which SecurityContext they belong to (URL vs RESOURCE_URL) in Compiler, since information in Directive selector may not be enough to calculate it. In order to resolve the problem, Compiler injects slightly different sanitization function which detects proper Security Context at runtime.

PR Close #27939
2019-01-08 17:17:04 -08:00
Misko Hevery 816ec0b1c3 refactor(ivy): treate LView as the primary global state (#27282)
- rename `LViewData` to `LView` (to be consistent with `TView`)
- Remove `getRenderer`, `getRendererFactory`, `getTview`, `getCurrentQueries`,

PR Close #27282
2018-11-29 21:26:15 -08:00
Shino Kurian d5cbcef0ea fix(core): ignore comment nodes under unsafe elements (#25879)
Comment nodes that are child nodes of unsafe elements are identified as text nodes. This results in the comment node being returned as an encoded string.
Add a check to ignore such comment nodes.

PR Close #25879
2018-10-25 11:20:19 -07:00
Matias Niemelä 169e9dd2c8 feat(ivy): bridge compile instructions to include sanitization helpers (#24938)
PR Close #24938
2018-07-23 08:49:52 -07:00
Miško Hevery 6d1367d297 feat(ivy): provide sanitization methods which can be tree shaken (#22540)
By providing a top level sanitization methods (rather than service) the
compiler can generate calls into the methods only when needed. This makes
the methods tree shakable.

PR Close #22540
2018-03-07 18:24:07 -08:00
Miško Hevery 538f1d980f refactor(core): move sanitization into core (#22540)
This is in preparation of having Ivy have sanitization inline.

PR Close #22540
2018-03-07 18:24:06 -08:00