Elgato_dark/angular
1
0
Fork 0
mirror of https://github.com/angular/angular synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
angular/packages/localize/tools
History
Alan Agius 3c41e74fdd fix(localize): validate locale in getOutputPathFn to prevent path traversal 
The `localize-translate` CLI tool uses the `locale` field from translation files to expand the `{{LOCALE}}` placeholder in the output directory. It failed to sanitize `locale` input, allowing malicious translations to write files outside of the configured output directory.

This change mitigates this issue by combining.

Closes #67906

(cherry picked from commit 7871093822)
2026-03-30 12:15:31 +02:00
..
src fix(localize): validate locale in getOutputPathFn to prevent path traversal 2026-03-30 12:15:31 +02:00
test fix(localize): validate locale in getOutputPathFn to prevent path traversal 2026-03-30 12:15:31 +02:00
BUILD.bazel build: initial test of TypeScript 6 2026-01-15 13:41:01 -08:00
esbuild.config.js build: use esbuild from aspect rules (#62568) 2025-07-10 13:45:15 -07:00
index.ts refactor: update license text to point to angular.dev (#57901) 2024-09-24 15:33:00 +02:00
README.md build: format md files 2025-11-06 10:03:05 -08:00
tsconfig.json build: migrate localize package to use rules_js (#61613) 2025-05-26 08:53:55 +00:00

README.md

Disclaimer

The localize tools are consumed via the Angular CLI. The programmatic APIs are not considered officially supported though and are not subject to the breaking change guarantees of SemVer.