mirror of https://github.com/angular/angular synced 2026-05-24 09:28:37 +00:00

History

Bjarki 414b1b2d5f docs: extract XSS security doc URL into a constant (#48082 ) We plan to change the link in google3 to point to google3-specific documentation. Replacing a single constant will make for a smaller and more maintainable patch. PR Close #48082		2022-11-17 13:21:16 -08:00
..
bypass.ts	docs: extract XSS security doc URL into a constant (#48082 )	2022-11-17 13:21:16 -08:00
html_sanitizer.ts	docs: extract XSS security doc URL into a constant (#48082 )	2022-11-17 13:21:16 -08:00
iframe_attrs_validation.ts	fix(core): hardening attribute and property binding rules for <iframe> elements (#47964 )	2022-11-09 00:47:56 -08:00
inert_body.ts	fix(core): ensure sanitizer works if DOMParser return null body (#40107 )	2021-01-06 10:32:24 -08:00
readme.md	refactor(core): move sanitization into core (#22540 )	2018-03-07 18:24:06 -08:00
sanitization.ts	docs: extract XSS security doc URL into a constant (#48082 )	2022-11-17 13:21:16 -08:00
sanitizer.ts	feat(core): manually annotate de-sugarred core tree-shakable providers with @pureOrBreakMyCode (#41096 )	2021-03-08 10:30:08 -08:00
security.ts	build: update license headers to reference Google LLC (#37205 )	2020-05-26 14:26:58 -04:00
url_sanitizer.ts	docs: extract XSS security doc URL into a constant (#48082 )	2022-11-17 13:21:16 -08:00

readme.md

Sanitization

This folder contains sanitization related code.

History

It used to be that sanitization related code used to be in @angular/platform-browser since it is platform related. While this is true, in practice the compiler schema is permanently tied to the DOM and hence the fact that sanitizer could in theory be replaced is not used in practice.

In order to better support tree shaking we need to be able to refer to the sanitization functions from the Ivy code. For this reason the code has been moved into the @angular/core.