mirror of
https://github.com/angular/angular
synced 2026-05-24 09:28:37 +00:00
672dfd0ad5
tsec is a TypeScript compiler wrapper for restricting use of security-sensitive DOM APIs, in particular those that could lead to XSS or Trusted Types violations. Add it as a linter to aio to prevent future Trusted Types regressions on angular.io. Also introduces security_exemptions.json, which lists the known, security-reviewed tsec security violations. New entries can only be added to this file after a security review, in particular making sure that the corresponding code does not cause XSS vulnerabilities or Trusted Types violations. PR Close #42800
22 lines
357 B
JSON
22 lines
357 B
JSON
{
|
|
"extends": "./tsconfig.json",
|
|
"compilerOptions": {
|
|
"outDir": "./out-tsc/app",
|
|
"types": [
|
|
"trusted-types"
|
|
],
|
|
"plugins": [
|
|
{
|
|
"name": "tsec",
|
|
"exemptionConfig": "./security-exemptions.json"
|
|
}
|
|
]
|
|
},
|
|
"files": [
|
|
"src/main.ts",
|
|
"src/polyfills.ts"
|
|
],
|
|
"include": [
|
|
"src/**/*.d.ts"
|
|
]
|
|
}
|