Elgato_dark/angular
1
0
Fork 0
mirror of https://github.com/angular/angular synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
angular/packages/core
History
Doug Parker 7d58b798c6 fix(core): block creation of sensitive URI attributes from ICU messages 
Translators are not allowed to write HTML which creates URI attributes. I opted to ban any values going into an attribute at all, to prevent even links to malicious content, rather than just sanitizing URIs.

I also converted this blocklist into an allowlist. Now, we only allowing setting known attributes (while sanitizing URI attributes). This significantly reduces risk of missing a vulnerable attribute and does not require an exhaustive list of all potential attributes.

BREAKING CHANGE: Angular now only applies known attributes from HTML in translated ICU content. Unknown attributes are dropped and not rendered.

(cherry picked from commit 306f367899)
2026-02-24 18:50:41 +00:00
..
global build: rename defaults2.bzl to defaults.bzl (#63383) 2025-08-25 15:45:01 -07:00
primitives refactor(core): remove outdated TODO comments 2026-02-23 18:19:57 +00:00
resources fix(core): Remove note to skip arrow functions in best practices 2026-01-20 10:42:42 -08:00
rxjs-interop refactor(core): Support Error like object for on resource errors. 2025-12-10 08:18:17 -08:00
schematics feat(compiler): Exhaustive checks for switch blocks 2026-02-17 10:25:31 -08:00
src fix(core): block creation of sensitive URI attributes from ICU messages 2026-02-24 18:50:41 +00:00
test fix(core): block creation of sensitive URI attributes from ICU messages 2026-02-24 18:50:41 +00:00
testing docs: rewrite testing docs 2026-01-05 19:38:23 -05:00
BUILD.bazel refactor(core): export profile event as enum and move profile_types.ts and framework to shared devtools folder 2025-11-19 15:22:49 -08:00
index.ts refactor: update packages/core:{core,src} to ts_project (#61275) 2025-05-14 12:01:51 +00:00
package.json build: bump core zone.js version 2025-11-19 13:22:14 -08:00
PACKAGE.md build: format md files 2025-11-06 10:03:05 -08:00
public_api.ts refactor: update license text to point to angular.dev (#57901) 2024-09-24 15:33:00 +02:00
tsconfig-build.json build: migrate more targets of @angular/core to ts_project (#61370) 2025-05-16 11:02:07 +00:00
tsconfig-test.json build: migrate more targets of @angular/core to ts_project (#61370) 2025-05-16 11:02:07 +00:00