Elgato_dark/angular
1
0
Fork 0
mirror of https://github.com/angular/angular synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge 13ccce9fe4 into d8c871ef80

Browse source
This commit is contained in:
Matthieu Riegler 2026-05-22 12:11:38 -05:00 committed by GitHub
commit 8fc6fe0346
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 45 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
packages/core/test/render3/integration_spec.ts
View file

@ -18,8 +18,8 @@ import {TestBed} from '../../testing';
import {getLContext, readPatchedData} from '../../src/render3/context_discovery';
import {CONTEXT, HEADER_OFFSET} from '../../src/render3/interfaces/view';
import {Sanitizer} from '../../src/sanitization/sanitizer';
import {SecurityContext} from '../../src/sanitization/dom_security_schema';
import {Sanitizer} from '../../src/sanitization/sanitizer';
describe('element discovery', () => {
it('should only monkey-patch immediate child nodes in a component', () => {
@ -691,6 +691,50 @@ describe('sanitization', () => {
const fixture = TestBed.createComponent(TestComp);
expect(() => fixture.detectChanges()).not.toThrow();
});
it('should throw on uppercase iframe element', () => {
@Directive({
selector: '[unsafeUrlHostBindingDir]',
host: {
'[attr.src]': '"http://src-dir-value"',
},
})
class UnsafeUrlHostBindingDir {}
@Component({
imports: [UnsafeUrlHostBindingDir],
template: ` <IFRAME unsafeUrlHostBindingDir></IFRAME>`,
changeDetection: ChangeDetectionStrategy.Eager,
})
class SimpleComp {}
const fixture = TestBed.createComponent(SimpleComp);
expect(() => fixture.detectChanges()).toThrowError(
/NG0904: unsafe value used in a resource URL/,
);
});
it('should throw on uppercase SRC attribute on iframe element', () => {
@Directive({
selector: '[unsafeUrlHostBindingDir]',
host: {
'[attr.SRC]': '"http://src-dir-value"',
},
})
class UnsafeUrlHostBindingDir {}
@Component({
imports: [UnsafeUrlHostBindingDir],
template: ` <iframe unsafeUrlHostBindingDir></iframe>`,
changeDetection: ChangeDetectionStrategy.Eager,
})
class SimpleComp {}
const fixture = TestBed.createComponent(SimpleComp);
expect(() => fixture.detectChanges()).toThrowError(
/NG0904: unsafe value used in a resource URL/,
);
});
});
class LocalSanitizedValue {