Please sign in to comment.
fix(core): allow css custom variables/properties in the style sanitiz…
…er (#33841) This change enables "var(--my-var)" to pass through the style sanitizer. After consulation with our security team, allowing these doesn't create new attack vectors, so the sanitizer doesn't need to strip them. Fixes parts of #23485 related to the sanitizer, other use cases discussed there related to binding have been addressed via other changes to the class and style handling in the runtime. Closes #23485 PR Close #33841
- Loading branch information
Showing with 4 additions and 1 deletion.