mirror of
https://github.com/angular/angular
synced 2026-05-24 09:28:37 +00:00
672dfd0ad5
tsec is a TypeScript compiler wrapper for restricting use of security-sensitive DOM APIs, in particular those that could lead to XSS or Trusted Types violations. Add it as a linter to aio to prevent future Trusted Types regressions on angular.io. Also introduces security_exemptions.json, which lists the known, security-reviewed tsec security violations. New entries can only be added to this file after a security review, in particular making sure that the corresponding code does not cause XSS vulnerabilities or Trusted Types violations. PR Close #42800
11 lines
302 B
JSON
11 lines
302 B
JSON
{
|
|
"ban-reviewed-conversions": [
|
|
"src/app/custom-elements/code/code.component.ts",
|
|
"src/app/custom-elements/code/pretty-printer.service.ts",
|
|
"src/app/documents/document.service.ts",
|
|
"src/app/shared/security.ts"
|
|
],
|
|
"ban-worker-calls": [
|
|
"src/app/search/search.service.ts"
|
|
]
|
|
}
|