Elgato_dark/angular
1
0
Fork 0
mirror of https://github.com/angular/angular synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
angular/packages/core/test/sanitization
History
Alan Agius d04ddd73df fix(core): prevent binding unsafe attributes on SVG animation elements (#67797) 
SVG animation elements (`animate` and `set`) can be used to animate sensitive attributes like `href` or `xlink:href`. Binding to these animation attributes (like `to`, `from`, or `values`) with a sensitive target creates an XSS vector.

This change mitigates this risk by:
1. Classifying `to`, `from`, and `values` on `<animate>` and `<set>` elements as `ATTRIBUTE_NO_BINDING` in the DOM security schema to prevent standard dynamic bindings.
2. Adding runtime validations in `ɵɵvalidateAttribute` to verify that `attributeName` is not a sensitive attribute (such as `href` or `xlink:href`) when processed by a set of `SECURITY_SENSITIVE_ATTRIBUTE_NAMES`. If it is, a runtime error `UNSAFE_ATTRIBUTE_BINDING` is thrown.
3. Adding regression tests in `integration_spec.ts` to ensure unsafe bindings throw an error while safe ones pass correctly.

PR Close #67797
2026-04-01 11:43:59 +02:00
..
html_sanitizer_spec.ts Revert "refactor(core): Add ngDevMode guards and new sanitization error codes" 2026-01-02 11:37:24 +01:00
sanitization_spec.ts fix(core): prevent binding unsafe attributes on SVG animation elements (#67797) 2026-04-01 11:43:59 +02:00
url_sanitizer_spec.ts refactor: update license text to point to angular.dev (#57901) 2024-09-24 15:33:00 +02:00