From f8b6a3fed15db49e751d44e68b2dee9225aa4dda Mon Sep 17 00:00:00 2001 From: Kristiyan Kostadinov Date: Fri, 2 Jan 2026 10:53:33 +0100 Subject: [PATCH] Revert "refactor(core): Add `ngDevMode` guards and new sanitization error codes" This reverts commit 4e7e38c591e320f317503acf3249fd890d94aef3. (cherry picked from commit 1765ebe79b404615e16fe0baa474ba8786d8ddca) --- goldens/public-api/core/errors.api.md | 6 ------ packages/core/src/errors.ts | 3 --- packages/core/src/sanitization/bypass.ts | 6 +----- packages/core/src/sanitization/html_sanitizer.ts | 12 +++--------- .../core/test/sanitization/html_sanitizer_spec.ts | 9 +++------ 5 files changed, 7 insertions(+), 29 deletions(-) diff --git a/goldens/public-api/core/errors.api.md b/goldens/public-api/core/errors.api.md index c344beb6cb8..56bb883d919 100644 --- a/goldens/public-api/core/errors.api.md +++ b/goldens/public-api/core/errors.api.md @@ -58,10 +58,6 @@ export const enum RuntimeErrorCode { // (undocumented) HOST_DIRECTIVE_UNRESOLVABLE = 307, // (undocumented) - HTML_SANITIZATION_CLOBBERED = 921, - // (undocumented) - HTML_SANITIZATION_UNSTABLE = 920, - // (undocumented) HYDRATION_MISSING_NODE = -502, // (undocumented) HYDRATION_MISSING_SIBLINGS = -501, @@ -176,8 +172,6 @@ export const enum RuntimeErrorCode { // (undocumented) RUNTIME_DEPS_ORPHAN_COMPONENT = 981, // (undocumented) - SANITIZATION_BYPASS_TYPE_MISMATCH = 922, - // (undocumented) SIGNAL_WRITE_FROM_ILLEGAL_CONTEXT = 600, // (undocumented) TEMPLATE_STRUCTURE_ERROR = 305, diff --git a/packages/core/src/errors.ts b/packages/core/src/errors.ts index 5e1130ab360..3cba1178a71 100644 --- a/packages/core/src/errors.ts +++ b/packages/core/src/errors.ts @@ -135,9 +135,6 @@ export const enum RuntimeErrorCode { NO_COMPONENT_FACTORY_FOUND = 917, EXTERNAL_RESOURCE_LOADING_FAILED = 918, DEF_TYPE_UNDEFINED = -919, - HTML_SANITIZATION_UNSTABLE = 920, - HTML_SANITIZATION_CLOBBERED = 921, - SANITIZATION_BYPASS_TYPE_MISMATCH = 922, // Signal integration errors REQUIRED_INPUT_NO_VALUE = -950, diff --git a/packages/core/src/sanitization/bypass.ts b/packages/core/src/sanitization/bypass.ts index e8e689de0e3..0926d9e9c7f 100644 --- a/packages/core/src/sanitization/bypass.ts +++ b/packages/core/src/sanitization/bypass.ts @@ -7,7 +7,6 @@ */ import {XSS_SECURITY_URL} from '../error_details_base_url'; -import {RuntimeError, RuntimeErrorCode} from '../errors'; export const enum BypassType { Url = 'URL', @@ -129,10 +128,7 @@ export function allowSanitizationBypassAndThrow(value: any, type: BypassType): b if (actualType != null && actualType !== type) { // Allow ResourceURLs in URL contexts, they are strictly more trusted. if (actualType === BypassType.ResourceUrl && type === BypassType.Url) return true; - throw new RuntimeError( - RuntimeErrorCode.SANITIZATION_BYPASS_TYPE_MISMATCH, - ngDevMode && `Required a safe ${type}, got a ${actualType} (see ${XSS_SECURITY_URL})`, - ); + throw new Error(`Required a safe ${type}, got a ${actualType} (see ${XSS_SECURITY_URL})`); } return actualType === type; } diff --git a/packages/core/src/sanitization/html_sanitizer.ts b/packages/core/src/sanitization/html_sanitizer.ts index 26c3de73765..e2f5a72bedb 100644 --- a/packages/core/src/sanitization/html_sanitizer.ts +++ b/packages/core/src/sanitization/html_sanitizer.ts @@ -7,7 +7,6 @@ */ import {XSS_SECURITY_URL} from '../error_details_base_url'; -import {RuntimeError, RuntimeErrorCode} from '../errors'; import {TrustedHTML} from '../util/security/trusted_type_defs'; import {trustedHTMLFromString} from '../util/security/trusted_types'; @@ -263,10 +262,8 @@ export function getNodeName(node: Node): string { } function clobberedElementError(node: Node) { - return new RuntimeError( - RuntimeErrorCode.HTML_SANITIZATION_CLOBBERED, - ngDevMode && - `Failed to sanitize html because the element is clobbered: ${(node as Element).outerHTML}`, + return new Error( + `Failed to sanitize html because the element is clobbered: ${(node as Element).outerHTML}`, ); } @@ -317,10 +314,7 @@ export function _sanitizeHtml(defaultDoc: any, unsafeHtmlInput: string): Trusted do { if (mXSSAttempts === 0) { - throw new RuntimeError( - RuntimeErrorCode.HTML_SANITIZATION_UNSTABLE, - ngDevMode && 'Failed to sanitize html because the input is unstable', - ); + throw new Error('Failed to sanitize html because the input is unstable'); } mXSSAttempts--; diff --git a/packages/core/test/sanitization/html_sanitizer_spec.ts b/packages/core/test/sanitization/html_sanitizer_spec.ts index 108a465d395..4a729b4cc54 100644 --- a/packages/core/test/sanitization/html_sanitizer_spec.ts +++ b/packages/core/test/sanitization/html_sanitizer_spec.ts @@ -254,12 +254,9 @@ describe('HTML sanitizer', () => { // depending on a platform. if (isBrowser) { // Running in a real browser - expect(nextSibling).toThrowError( - /Failed to sanitize html because the element is clobbered: /, - ); - expect(firstChild).toThrowError( - /Failed to sanitize html because the element is clobbered: <\/object>/, - ); + const errorMsg = 'Failed to sanitize html because the element is clobbered: '; + expect(nextSibling).toThrowError(`${errorMsg}`); + expect(firstChild).toThrowError(`${errorMsg}`); } else { // Running in Node, using Domino DOM emulation expect(nextSibling()).toBe('A');