mirror of
https://github.com/angular/angular
synced 2026-05-24 09:28:37 +00:00
908a102a87
Summary: This adds basic security hooks to Angular 2. * `SecurityContext` is a private API between core, compiler, and platform-browser. `SecurityContext` communicates what context a value is used in across template parser, compiler, and sanitization at runtime. * `SanitizationService` is the bare bones interface to sanitize values for a particular context. * `SchemaElementRegistry.securityContext(tagName, attributeOrPropertyName)` determines the security context for an attribute or property (it turns out attributes and properties match for the purposes of sanitization). Based on these hooks: * `DomSchemaElementRegistry` decides what sanitization applies in a particular context. * `DomSanitizationService` implements `SanitizationService` and adds *Safe Value*s, i.e. the ability to mark a value as safe and not requiring further sanitization. * `url_sanitizer` and `style_sanitizer` sanitize URLs and Styles, respectively (surprise!). `DomSanitizationService` is the default implementation bound for browser applications, in the three contexts (browser rendering, web worker rendering, server side rendering). BREAKING CHANGES: *** SECURITY WARNING *** Angular 2 Release Candidates do not implement proper contextual escaping yet. Make sure to correctly escape all values that go into the DOM. *** SECURITY WARNING *** Reviewers: IgorMinar Differential Revision: https://reviews.angular.io/D103 |
||
|---|---|---|
| .. | ||
| change_detection | ||
| debug | ||
| di | ||
| dom | ||
| facade | ||
| linker | ||
| metadata | ||
| profile | ||
| reflection | ||
| testability | ||
| util | ||
| zone | ||
| application_ref_spec.ts | ||
| dev_mode_spec.ts | ||
| directive_lifecycle_integration_spec.ts | ||
| fake_async_spec.ts | ||
| forward_ref_integration_spec.dart | ||
| forward_ref_integration_spec.ts | ||
| matchers_spec.ts | ||
| spies.dart | ||
| spies.ts | ||
| testing_internal_spec.ts | ||
| tsconfig.json | ||
| typings.d.ts | ||