mirror of
https://github.com/angular/angular
synced 2026-05-24 09:28:37 +00:00
0100a39e21
While sanitizing on browsers that don't support the `template` element (pretty much only IE), we create an inert document and we insert content into it via `document.body.innerHTML = unsafeHTML`. The problem is that IE appears to parse the HTML passed to `innerHTML` differently, depending on whether the element has been inserted into a document or not. In particular, it seems to split some strings into multiple text nodes, which would've otherwise been a single node. This ended up throwing off some of the i18n code down the line and causing a handful of failures. I've worked around it by creating a new inert `body` element into which the HTML would be inserted. PR Close #34305 |
||
|---|---|---|
| .. | ||
| bypass.ts | ||
| html_sanitizer.ts | ||
| inert_body.ts | ||
| readme.md | ||
| sanitization.ts | ||
| sanitizer.ts | ||
| security.ts | ||
| style_sanitizer.ts | ||
| url_sanitizer.ts | ||
Sanitization
This folder contains sanitization related code.
History
It used to be that sanitization related code used to be in @angular/platform-browser since it is platform related. While this is true, in practice the compiler schema is permanently tied to the DOM and hence the fact that sanitizer could in theory be replaced is not used in practice.
In order to better support tree shaking we need to be able to refer to the sanitization functions from the Ivy code. For this reason the code has been moved into the @angular/core.