mirror of
https://github.com/angular/angular
synced 2026-05-24 09:28:37 +00:00
d04ddd73df
SVG animation elements (`animate` and `set`) can be used to animate sensitive attributes like `href` or `xlink:href`. Binding to these animation attributes (like `to`, `from`, or `values`) with a sensitive target creates an XSS vector. This change mitigates this risk by: 1. Classifying `to`, `from`, and `values` on `<animate>` and `<set>` elements as `ATTRIBUTE_NO_BINDING` in the DOM security schema to prevent standard dynamic bindings. 2. Adding runtime validations in `ɵɵvalidateAttribute` to verify that `attributeName` is not a sensitive attribute (such as `href` or `xlink:href`) when processed by a set of `SECURITY_SENSITIVE_ATTRIBUTE_NAMES`. If it is, a runtime error `UNSAFE_ATTRIBUTE_BINDING` is thrown. 3. Adding regression tests in `integration_spec.ts` to ensure unsafe bindings throw an error while safe ones pass correctly. PR Close #67797 |
||
|---|---|---|
| .. | ||
| expression_parser | ||
| i18n | ||
| ml_parser | ||
| output | ||
| render3 | ||
| schema | ||
| selector | ||
| shadow_css | ||
| BUILD.bazel | ||
| compiler_facade_interface_spec.ts | ||
| integration_spec.ts | ||
| style_url_resolver_spec.ts | ||
| util_spec.ts | ||