angular/packages/core
Bjarki f245c6bb15 fix(core): remove closing body tag from inert DOM builder (#38454)
Fix a bug in the HTML sanitizer where an unclosed iframe tag would
result in an escaped closing body tag as the output:

_sanitizeHtml(document, '<iframe>') => '&lt;/body&gt;'

This closing body tag comes from the DOMParserHelper where the HTML to be
sanitized is wrapped with surrounding body tags. When an opening iframe
tag is parsed by DOMParser, which DOMParserHelper uses, everything up
until its matching closing tag is consumed as a text node. In the above
example this includes the appended closing body tag.

By removing the explicit closing body tag from the DOMParserHelper and
relying on the body tag being closed implicitly at the end, the above
example is sanitized as expected:

_sanitizeHtml(document, '<iframe>') => ''

PR Close #38454
2020-08-19 14:18:44 -07:00
..
global build: update license headers to reference Google LLC (#37205) 2020-05-26 14:26:58 -04:00
schematics fix(migrations): do not incorrectly add todo for @Injectable or @Pipe (#37732) 2020-06-25 14:22:08 -07:00
src fix(core): remove closing body tag from inert DOM builder (#38454) 2020-08-19 14:18:44 -07:00
test fix(core): remove closing body tag from inert DOM builder (#38454) 2020-08-19 14:18:44 -07:00
testing feat(core): rename async to waitForAsync to avoid confusing (#37583) 2020-08-03 12:54:13 -07:00
BUILD.bazel fix(core): disable tsickle pass when producing APF packages (#37221) 2020-05-21 09:14:47 -07:00
index.ts build: update license headers to reference Google LLC (#37205) 2020-05-26 14:26:58 -04:00
package.json Revert "build: remove wombot proxy registry from package.jsons for release (#37378)" (#37495) 2020-06-10 08:21:45 -07:00
PACKAGE.md docs: add package doc files (#26047) 2018-10-05 15:42:14 -07:00
public_api.ts build: update license headers to reference Google LLC (#37205) 2020-05-26 14:26:58 -04:00