Elgato_dark/angular
1
0
Fork 0
mirror of https://github.com/angular/angular synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
angular/packages/compiler-cli
History
Alan Agius a9bcffdbc7 fix(core): disallow event attribute bindings in host bindings unconditionally (#68468) 
Moves the event attribute validation check outside of `ngDevMode` in the `elementAttributeInternal` instruction to ensure that bindings to event attributes like `on*` are always blocked at runtime.

Previously, this check was only performed when `ngDevMode` was `true`, which could allow attacker-controlled CMS data to be bound to event attributes in production mode, causing browser-executed XSS.

Fixes #68419

PR Close #68468
2026-05-06 14:43:10 -07:00
..
linker Revert "refactor(compiler): Remove the interpolation config (#64071)" (#64110) 2025-09-26 15:16:54 -04:00
private build: format md files 2025-11-06 10:10:22 -08:00
src fix(core): disallow event attribute bindings in host bindings unconditionally (#68468) 2026-05-06 14:43:10 -07:00
test fix(core): sanitize sensitive attributes on SVG script elements 2026-01-06 15:54:47 -05:00
BUILD.bazel build: rename defaults2.bzl to defaults.bzl (#63384) 2025-08-25 15:45:46 -07:00
esbuild.config.js build: use esbuild from aspect rules (#62568) 2025-07-10 13:45:15 -07:00
index.ts refactor(compiler-cli): export type used by migrations (#61697) 2025-05-30 09:50:58 -04:00
package.json build: update all non-major dependencies (#63129) 2025-08-14 22:08:30 +02:00
tsconfig-test.json build: prepare for compiler-cli to be using ts_project (#61181) 2025-05-09 15:59:46 +00:00
tsconfig.json build: prepare for compiler-cli to be using ts_project (#61181) 2025-05-09 15:59:46 +00:00