Elgato_dark/angular
1
0
Fork 0
mirror of https://github.com/angular/angular synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
angular/packages/core/test/render3
History
Alan Agius d04ddd73df fix(core): prevent binding unsafe attributes on SVG animation elements (#67797) 
SVG animation elements (`animate` and `set`) can be used to animate sensitive attributes like `href` or `xlink:href`. Binding to these animation attributes (like `to`, `from`, or `values`) with a sensitive target creates an XSS vector.

This change mitigates this risk by:
1. Classifying `to`, `from`, and `values` on `<animate>` and `<set>` elements as `ATTRIBUTE_NO_BINDING` in the DOM security schema to prevent standard dynamic bindings.
2. Adding runtime validations in `ɵɵvalidateAttribute` to verify that `attributeName` is not a sensitive attribute (such as `href` or `xlink:href`) when processed by a set of `SECURITY_SENSITIVE_ATTRIBUTE_NAMES`. If it is, a runtime error `UNSAFE_ATTRIBUTE_BINDING` is thrown.
3. Adding regression tests in `integration_spec.ts` to ensure unsafe bindings throw an error while safe ones pass correctly.

PR Close #67797
2026-04-01 11:43:59 +02:00
..
i18n fix(core): block creation of sensitive URI attributes from ICU messages 2026-02-24 18:50:41 +00:00
instructions refactor(core): track the tracing service in the LView environment 2026-03-06 17:48:27 +00:00
interfaces refactor(core): convert scripts within packages/core/test to relative imports (#60227) 2025-03-25 10:58:00 -07:00
ivy build: rename defaults2.bzl to defaults.bzl (#63383) 2025-08-25 15:45:01 -07:00
jit perf(compiler): chain query creation instructions 2025-12-09 09:24:36 -08:00
styling_next refactor(core): convert scripts within packages/core/test to relative imports (#60227) 2025-03-25 10:58:00 -07:00
util refactor(core): convert scripts within packages/core/test to relative imports (#60227) 2025-03-25 10:58:00 -07:00
BUILD.bazel build: consolidate domino bundling in platform-server 2026-03-25 13:31:10 -07:00
change_detection_spec.ts fix(core): Flush animations when no component has been checked (#58089) 2025-04-09 11:12:54 -07:00
component_ref_spec.ts ci: reformat files 2025-12-16 14:44:19 -08:00
deps_tracker_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) 2025-03-25 10:58:00 -07:00
di_spec.ts refactor(core): track the tracing service in the LView environment 2026-03-06 17:48:27 +00:00
es2015-tsconfig.json fix(core): destroy hooks not set up for useClass provider using forwardRef (#44281) 2021-11-30 11:56:05 -05:00
global_utils_spec.ts feat(core): add utility for resolving defer block information to ng global (#59184) 2024-12-16 10:26:43 -08:00
i18n_debug_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) 2025-03-25 10:58:00 -07:00
imported_renderer2.ts refactor(platform-browser): remove unused Platform ID dependency from DomRendererFactory2 2025-11-06 12:00:46 -08:00
instructions_spec.ts build: update Jasmine to 6.0.0 2026-02-09 12:15:57 -08:00
integration_spec.ts fix(core): prevent binding unsafe attributes on SVG animation elements (#67797) 2026-04-01 11:43:59 +02:00
is_shape_of.ts refactor(forms): move control logic into FormField directive 2026-01-29 13:17:40 -08:00
is_shape_of_spec.ts refactor: update license text to point to angular.dev (#57901) 2024-09-24 15:33:00 +02:00
jit_environment_spec.ts refactor(core): remove unused type 2025-11-12 13:13:48 -08:00
list_reconciliation_spec.ts fix(core): ensure @for iteration over field is reactive (#64113) 2025-10-24 09:29:29 +02:00
load_domino.ts build: migrate all ts_library in packages/core/test (#61472) 2025-05-20 10:00:43 +00:00
matchers.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) 2025-03-25 10:58:00 -07:00
matchers_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) 2025-03-25 10:58:00 -07:00
metadata_spec.ts refactor: update license text to point to angular.dev (#57901) 2024-09-24 15:33:00 +02:00
multi_map_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) 2025-03-25 10:58:00 -07:00
node_selector_matcher_spec.ts refactor(core): simplify attributes extraction logic for ComponentRef (#59678) 2025-01-27 13:15:21 +01:00
providers_helper.ts refactor: clean up explicit standalone flags from tests (#63963) 2025-09-22 14:27:34 +00:00
providers_spec.ts ci: reformat files 2025-12-16 14:44:19 -08:00
query_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) 2025-03-25 10:58:00 -07:00
reactive_safety_spec.ts refactor(core): Update tests for zoneless by default (#63668) 2025-09-09 14:41:56 -07:00
reactivity_spec.ts ci: reformat files 2025-12-16 14:44:19 -08:00
testing_spec.ts refactor: update license text to point to angular.dev (#57901) 2024-09-24 15:33:00 +02:00
utils.ts docs: set syntax highlighting of code examples MD code blocks (#59026) 2024-12-04 17:30:28 +01:00
view_fixture.ts refactor(core): track the tracing service in the LView environment 2026-03-06 17:48:27 +00:00
view_utils_spec.ts refactor(core): convert scripts within packages/core/test to relative imports (#60227) 2025-03-25 10:58:00 -07:00