mirror of
https://github.com/angular/angular
synced 2026-05-24 09:28:37 +00:00
b682c62873
Previously, the `data` attribute of the `<object>` tag was being sanitized as a regular URL instead of a `ResourceURL`, which is security-sensitive. This commit updates the runtime sanitization logic to correctly identify `object[data]` as a `ResourceURL` context. Additionally, the sanitizer lookup logic has been refactored to use a more efficient lookup map (`RESOURCE_MAP`) instead of multiple `Set` lookups, providing better performance and maintainability. Added tests to verify the correct sanitization of `object[data]` and its behavior with trusted values. PR Close #67797 |
||
|---|---|---|
| .. | ||
| BUILD.bazel | ||
| bundle.golden_symbols.json | ||
| main.ts | ||
| treeshaking_spec.ts | ||