Elgato_dark/angular
1
0
Fork 0
mirror of https://github.com/angular/angular synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
angular/packages/core/test/sanitization
History
Guillaume Weghsteen b35fa73968 feat(core): change the URL sanitization to only block javascript: URLs (#49659) 
In modern browsers, the 'javascript:' URL scheme is the only scheme that
can execute JavaScript when passed in a navigation URL context (e.g.
`a.href` value). Validate URL shemes to only contain characters allowed
in the URL specification ([a-zA-Z-+.]), and that are not javascript
(case insensitive). This is not a breaking change. The URL sanitization
is loosen.

PR Close #49659
2023-04-04 15:01:13 -07:00
..
html_sanitizer_spec.ts refactor(common): drop unnecessary srcset sanitization (#47302) 2022-09-09 14:27:16 -07:00
sanitization_spec.ts refactor(core): consolidate LView state from injectors (#49641) 2023-03-30 09:37:47 -07:00
url_sanitizer_spec.ts feat(core): change the URL sanitization to only block javascript: URLs (#49659) 2023-04-04 15:01:13 -07:00