mirror of
https://github.com/angular/angular
synced 2026-05-24 09:28:37 +00:00
262ba67525
In the past, the sanitizer would remove unsafe elements, but still traverse and sanitize (and potentially preserve) their content. This was problematic in the case of `<style></style>` tags, whose content would be converted to HTML text nodes. In order to fix this, the sanitizer's behavior was changed in #25879 to ignore the content of _all_ unsafe elements. While this fixed the problem with `<style></style>` tags, it unnecessarily removed the contents for _any_ unsafe element. This was an unneeded breaking change. This commit partially restores the old sanitizer behavior (namely traversing content of unsafe elements), but introduces a list of elements whose content should not be traversed if the elements themselves are considered unsafe. Currently, this list contains `style`, `script` and `template`. Related to #25879 and #26007. Fixes #28427 PR Close #28804 |
||
|---|---|---|
| .. | ||
| html_sanitizer_spec.ts | ||
| sanatization_spec.ts | ||
| style_sanitizer_spec.ts | ||
| url_sanitizer_spec.ts | ||