angular/packages/compiler-cli/test/compliance/test_cases
Alan Agius d1ca8ae043 fix(compiler): prevent XSS via SVG animation attributeName and MathML/SVG URLs
This commit implements a security fix to prevent XSS vulnerabilities where SVG animation elements (`<animate>`, `<set>`, etc.) could be used to modify the `href` or `xlink:href` attributes of other elements to `javascript:` URLs.

The fix introduces a runtime validation step:
- A new [ɵɵValidateAttribute](cci:1://file:///usr/local/google/home/alanagius/git/angular/packages/core/src/sanitization/sanitization.ts:276:0-288:1) instruction is used when `attributeName` is bound on SVG animation elements.
- If executed, a `RuntimeError` is thrown, preventing the binding.
- The compiler now identifies `attributeName` on SVG animation elements as security-sensitive and injects this validation.

Additionally, the DOM security schema has been updated to include a comprehensive list of MathML and SVG elements that accept `href` or `xlink:href` attributes, ensuring they are correctly treated as `SecurityContext.URL` and sanitized. This prevents malicious URLs from being bound to these attributes.

http://b/463880509
2025-12-01 10:29:30 +01:00
..
model_inputs fix(compiler-cli): capture metadata for undecorated fields (#63957) (#64317) 2025-10-09 11:57:57 -07:00
output_function fix(compiler-cli): capture metadata for undecorated fields (#63957) (#64317) 2025-10-09 11:57:57 -07:00
r3_compiler_compliance fix(compiler): prevent XSS via SVG animation attributeName and MathML/SVG URLs 2025-12-01 10:29:30 +01:00
r3_view_compiler refactor(core): dispatch enter and leave animations at the right times (#63710) 2025-09-10 22:24:31 +00:00
r3_view_compiler_bindings fix(compiler): prevent XSS via SVG animation attributeName and MathML/SVG URLs 2025-12-01 10:29:30 +01:00
r3_view_compiler_control_flow feat(core): support as aliases on else if blocks (#63047) 2025-08-08 08:43:00 -07:00
r3_view_compiler_deferred fix(compiler-cli): resolve import alias in defer blocks (#63966) 2025-09-22 15:52:17 +00:00
r3_view_compiler_di/di refactor(compiler): update compliance tests. (#58238) 2024-10-24 12:44:12 -07:00
r3_view_compiler_directives refactor(compiler): update compliance tests. (#58238) 2024-10-24 12:44:12 -07:00
r3_view_compiler_i18n fix(compiler): error when ng-content fallback has translated children (#63156) 2025-08-15 09:47:18 +02:00
r3_view_compiler_input_outputs feat(compiler-cli): add experimental support for fast type declaration emission (#61334) 2025-05-14 14:07:37 -07:00
r3_view_compiler_let refactor(compiler): produce DOM-only instructions (#62096) 2025-06-23 14:24:09 +02:00
r3_view_compiler_listener fix(compiler-cli): capture metadata for undecorated fields (#63957) (#64317) 2025-10-09 11:57:57 -07:00
r3_view_compiler_providers refactor(compiler): update compliance tests. (#58238) 2024-10-24 12:44:12 -07:00
r3_view_compiler_styling fix(compiler): allow more characters in square-bracketed attribute names (#62742) 2025-07-23 11:06:47 -04:00
r3_view_compiler_template refactor(compiler): produce DOM-only instructions (#62096) 2025-06-23 14:24:09 +02:00
signal_inputs fix(compiler-cli): capture metadata for undecorated fields (#63957) (#64317) 2025-10-09 11:57:57 -07:00
signal_queries fix(compiler-cli): capture metadata for undecorated fields (#63957) (#64317) 2025-10-09 11:57:57 -07:00
source_mapping fix(compiler-cli): capture metadata for undecorated fields (#63957) (#64317) 2025-10-09 11:57:57 -07:00
BUILD.bazel build: rename defaults2.bzl to defaults.bzl (#63384) 2025-08-25 15:45:46 -07:00
list_golden_update_rules.ts build: use pnpm as the package manager instead of yarn (#62924) 2025-07-31 22:06:27 +00:00
test_case_schema.json feat(compiler-cli): add experimental support for fast type declaration emission (#61334) 2025-05-14 14:07:37 -07:00