Revert "refactor(core): Add ngDevMode guards and new sanitization error codes"

This reverts commit 4e7e38c591.

(cherry picked from commit 1765ebe79b)
This commit is contained in:
Kristiyan Kostadinov 2026-01-02 10:53:33 +01:00
parent d370c4ba44
commit f8b6a3fed1
5 changed files with 7 additions and 29 deletions

View file

@ -58,10 +58,6 @@ export const enum RuntimeErrorCode {
// (undocumented)
HOST_DIRECTIVE_UNRESOLVABLE = 307,
// (undocumented)
HTML_SANITIZATION_CLOBBERED = 921,
// (undocumented)
HTML_SANITIZATION_UNSTABLE = 920,
// (undocumented)
HYDRATION_MISSING_NODE = -502,
// (undocumented)
HYDRATION_MISSING_SIBLINGS = -501,
@ -176,8 +172,6 @@ export const enum RuntimeErrorCode {
// (undocumented)
RUNTIME_DEPS_ORPHAN_COMPONENT = 981,
// (undocumented)
SANITIZATION_BYPASS_TYPE_MISMATCH = 922,
// (undocumented)
SIGNAL_WRITE_FROM_ILLEGAL_CONTEXT = 600,
// (undocumented)
TEMPLATE_STRUCTURE_ERROR = 305,

View file

@ -135,9 +135,6 @@ export const enum RuntimeErrorCode {
NO_COMPONENT_FACTORY_FOUND = 917,
EXTERNAL_RESOURCE_LOADING_FAILED = 918,
DEF_TYPE_UNDEFINED = -919,
HTML_SANITIZATION_UNSTABLE = 920,
HTML_SANITIZATION_CLOBBERED = 921,
SANITIZATION_BYPASS_TYPE_MISMATCH = 922,
// Signal integration errors
REQUIRED_INPUT_NO_VALUE = -950,

View file

@ -7,7 +7,6 @@
*/
import {XSS_SECURITY_URL} from '../error_details_base_url';
import {RuntimeError, RuntimeErrorCode} from '../errors';
export const enum BypassType {
Url = 'URL',
@ -129,10 +128,7 @@ export function allowSanitizationBypassAndThrow(value: any, type: BypassType): b
if (actualType != null && actualType !== type) {
// Allow ResourceURLs in URL contexts, they are strictly more trusted.
if (actualType === BypassType.ResourceUrl && type === BypassType.Url) return true;
throw new RuntimeError(
RuntimeErrorCode.SANITIZATION_BYPASS_TYPE_MISMATCH,
ngDevMode && `Required a safe ${type}, got a ${actualType} (see ${XSS_SECURITY_URL})`,
);
throw new Error(`Required a safe ${type}, got a ${actualType} (see ${XSS_SECURITY_URL})`);
}
return actualType === type;
}

View file

@ -7,7 +7,6 @@
*/
import {XSS_SECURITY_URL} from '../error_details_base_url';
import {RuntimeError, RuntimeErrorCode} from '../errors';
import {TrustedHTML} from '../util/security/trusted_type_defs';
import {trustedHTMLFromString} from '../util/security/trusted_types';
@ -263,10 +262,8 @@ export function getNodeName(node: Node): string {
}
function clobberedElementError(node: Node) {
return new RuntimeError(
RuntimeErrorCode.HTML_SANITIZATION_CLOBBERED,
ngDevMode &&
`Failed to sanitize html because the element is clobbered: ${(node as Element).outerHTML}`,
return new Error(
`Failed to sanitize html because the element is clobbered: ${(node as Element).outerHTML}`,
);
}
@ -317,10 +314,7 @@ export function _sanitizeHtml(defaultDoc: any, unsafeHtmlInput: string): Trusted
do {
if (mXSSAttempts === 0) {
throw new RuntimeError(
RuntimeErrorCode.HTML_SANITIZATION_UNSTABLE,
ngDevMode && 'Failed to sanitize html because the input is unstable',
);
throw new Error('Failed to sanitize html because the input is unstable');
}
mXSSAttempts--;

View file

@ -254,12 +254,9 @@ describe('HTML sanitizer', () => {
// depending on a platform.
if (isBrowser) {
// Running in a real browser
expect(nextSibling).toThrowError(
/Failed to sanitize html because the element is clobbered: <input name="nextSibling" form="a">/,
);
expect(firstChild).toThrowError(
/Failed to sanitize html because the element is clobbered: <object form="a" id="firstChild"><\/object>/,
);
const errorMsg = 'Failed to sanitize html because the element is clobbered: ';
expect(nextSibling).toThrowError(`${errorMsg}<input name="nextSibling" form="a">`);
expect(firstChild).toThrowError(`${errorMsg}<object form="a" id="firstChild"></object>`);
} else {
// Running in Node, using Domino DOM emulation
expect(nextSibling()).toBe('A');