angular/packages/core/test/render3
Doug Parker 747548721d fix(core): block creation of sensitive URI attributes from ICU messages
Translators are not allowed to write HTML which creates URI attributes. I opted to ban any values going into an attribute at all, to prevent even links to malicious content, rather than just sanitizing URIs.

I also converted this blocklist into an allowlist. Now, we only allowing setting known attributes (while sanitizing URI attributes). This significantly reduces risk of missing a vulnerable attribute and does not require an exhaustive list of all potential attributes.

BREAKING CHANGE: Angular now only applies known attributes from HTML in translated ICU content. Unknown attributes are dropped and not rendered.

(cherry picked from commit 03da204b6d)
2026-02-25 08:22:43 -08:00
..
i18n fix(core): block creation of sensitive URI attributes from ICU messages 2026-02-25 08:22:43 -08:00
instructions refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
interfaces refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
ivy build: migrate all ts_library in packages/core/test (#61571) 2025-05-21 16:04:42 +00:00
jit build: migrate all ts_library in packages/core/test (#61571) 2025-05-21 16:04:42 +00:00
styling_next refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
util refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
BUILD.bazel build: migrate all ts_library in packages/core/test (#61571) 2025-05-21 16:04:42 +00:00
change_detection_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
component_ref_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
deps_tracker_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
di_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
es2015-tsconfig.json fix(core): destroy hooks not set up for useClass provider using forwardRef (#44281) 2021-11-30 11:56:05 -05:00
global_utils_spec.ts feat(core): add utility for resolving defer block information to ng global (#59184) 2024-12-16 10:26:43 -08:00
i18n_debug_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
imported_renderer2.ts build: migrate all ts_library in packages/core/test (#61571) 2025-05-21 16:04:42 +00:00
instructions_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
integration_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
is_shape_of.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
is_shape_of_spec.ts refactor: update license text to point to angular.dev (#57901) 2024-09-24 15:33:00 +02:00
jit_environment_spec.ts build: migrate all ts_library in packages/core/test (#61571) 2025-05-21 16:04:42 +00:00
list_reconciliation_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
load_domino.ts build: migrate all ts_library in packages/core/test (#61571) 2025-05-21 16:04:42 +00:00
matchers.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
matchers_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
metadata_spec.ts refactor: update license text to point to angular.dev (#57901) 2024-09-24 15:33:00 +02:00
microtask_effect_spec.ts refactor: update license text to point to angular.dev (#57901) 2024-09-24 15:33:00 +02:00
multi_map_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
node_selector_matcher_spec.ts refactor(core): simplify attributes extraction logic for ComponentRef (#59678) 2025-01-27 13:15:21 +01:00
providers_helper.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
providers_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
query_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
reactive_safety_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00
reactivity_spec.ts build: migrate all ts_library in packages/core/test (#61571) 2025-05-21 16:04:42 +00:00
testing_spec.ts refactor: update license text to point to angular.dev (#57901) 2024-09-24 15:33:00 +02:00
utils.ts docs: set syntax highlighting of code examples MD code blocks (#59026) 2024-12-04 17:30:28 +01:00
view_fixture.ts build: migrate all ts_library in packages/core/test (#61571) 2025-05-21 16:04:42 +00:00
view_utils_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) (#60556) 2025-03-26 07:05:23 -07:00