mirror of
https://github.com/angular/angular
synced 2026-05-24 09:28:37 +00:00
eaff724b77
This commit updates HTML sanitization logic to avoid infinite loops in case clobbered elements contain fields like `nextSibling` or `parentNode`. Those fields are used for DOM traversal and this update makes sure that those calls return valid results. Also this commit fixes an issue when clobbering `nodeName` causes JS exceptions. PR Close #54425 |
||
|---|---|---|
| .. | ||
| bypass.ts | ||
| html_sanitizer.ts | ||
| iframe_attrs_validation.ts | ||
| inert_body.ts | ||
| readme.md | ||
| sanitization.ts | ||
| sanitizer.ts | ||
| security.ts | ||
| url_sanitizer.ts | ||
Sanitization
This folder contains sanitization related code.
History
It used to be that sanitization related code used to be in @angular/platform-browser since it is platform related. While this is true, in practice the compiler schema is permanently tied to the DOM and hence the fact that sanitizer could in theory be replaced is not used in practice.
In order to better support tree shaking we need to be able to refer to the sanitization functions from the Ivy code. For this reason the code has been moved into the @angular/core.