fix(ivy): sanitization for Host Bindings #27939
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AndrewKushnir
added
type: bug/fix
action: review
|
You can preview 1e045f2 at https://pr27939-1e045f2.ngbuilds.io/. |
AndrewKushnir
force-pushed
the
FW-785_host_bindings_sanitize
branch
from
1e045f2
to
9a1db6a
Compare
|
You can preview 9a1db6a at https://pr27939-9a1db6a.ngbuilds.io/. |
trotyl
reviewed
Jan 8, 2019
mhevery
approved these changes
Jan 9, 2019
mhevery
added
action: cleanup
This commit adds sanitization for `elementProperty` and `elementAttribute` instructions used in `hostBindings` function, similar to what we already have in the `template` function. Main difference is the fact that for some attributes (like "href" and "src") we can't define which SecurityContext they belong to (URL vs RESOURCE_URL) in Compiler, since information in Directive selector may not be enough to calculate it. In order to resolve the problem, Compiler injects slightly different sanitization function which detects proper Security Context at runtime.
AndrewKushnir
force-pushed
the
FW-785_host_bindings_sanitize
branch
from
9a1db6a
to
747299a
Compare
|
You can preview 747299a at https://pr27939-747299a.ngbuilds.io/. |
|
You can preview e1508ee at https://pr27939-e1508ee.ngbuilds.io/. |
AndrewKushnir
added
action: merge
mhevery
pushed a commit
to mhevery/angular
that referenced
this pull request
Jan 9, 2019
This commit adds sanitization for `elementProperty` and `elementAttribute` instructions used in `hostBindings` function, similar to what we already have in the `template` function. Main difference is the fact that for some attributes (like "href" and "src") we can't define which SecurityContext they belong to (URL vs RESOURCE_URL) in Compiler, since information in Directive selector may not be enough to calculate it. In order to resolve the problem, Compiler injects slightly different sanitization function which detects proper Security Context at runtime. PR Close angular#27939
mhevery
pushed a commit
to mhevery/angular
that referenced
this pull request
Jan 9, 2019
This commit adds sanitization for `elementProperty` and `elementAttribute` instructions used in `hostBindings` function, similar to what we already have in the `template` function. Main difference is the fact that for some attributes (like "href" and "src") we can't define which SecurityContext they belong to (URL vs RESOURCE_URL) in Compiler, since information in Directive selector may not be enough to calculate it. In order to resolve the problem, Compiler injects slightly different sanitization function which detects proper Security Context at runtime. PR Close angular#27939
mhevery
added a commit
to mhevery/angular
that referenced
this pull request
Jan 9, 2019
ngfelixl
pushed a commit
to ngfelixl/angular
that referenced
this pull request
Jan 28, 2019
This commit adds sanitization for `elementProperty` and `elementAttribute` instructions used in `hostBindings` function, similar to what we already have in the `template` function. Main difference is the fact that for some attributes (like "href" and "src") we can't define which SecurityContext they belong to (URL vs RESOURCE_URL) in Compiler, since information in Directive selector may not be enough to calculate it. In order to resolve the problem, Compiler injects slightly different sanitization function which detects proper Security Context at runtime. PR Close angular#27939
|
This issue has been automatically locked due to inactivity. Read more about our automatic conversation locking policy. This action has been performed automatically by a bot. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds sanitization for
elementPropertyandelementAttributeinstructions used inhostBindingsfunction, similar to what we already have in thetemplatefunction.Main difference is the fact that for some attributes (like "href" and "src") we can't define which SecurityContext they belong to (URL vs RESOURCE_URL) in Compiler, since information in Directive selector may not be enough to calculate it. In order to resolve the problem, Compiler injects slightly different sanitization function which accepts tag name and property name and detects proper Security Context at runtime.
This PR resolves FW-785.
PR Type
What kind of change does this PR introduce?
Does this PR introduce a breaking change?