Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(core): allow Z variations of CSS transforms in sanitizer #29264

Closed
wants to merge 1 commit into from

Conversation

@foolmoron
Copy link
Contributor

commented Mar 12, 2019

PR Type

What kind of change does this PR introduce?

  • Bugfix

What is the current behavior?

Sanitizer regex does not allow the Z variations of CSS transform values (translateZ, rotateZ, etc) which are supposed to be valid

Issue Number: N/A

What is the new behavior?

Z variations of CSS transform values are allowed through the sanitizer, like the X and Y variations

Does this PR introduce a breaking change?

  • Yes
  • No

@foolmoron foolmoron requested a review from angular/fw-security as a code owner Mar 12, 2019

@googlebot googlebot added the cla: yes label Mar 12, 2019

@kara kara added the comp: core label Mar 12, 2019

@ngbot ngbot bot added this to the needsTriage milestone Mar 12, 2019

@foolmoron

This comment has been minimized.

Copy link
Contributor Author

commented Jul 16, 2019

Anything I can do to get this fix in?

@ngbot

This comment has been minimized.

Copy link

commented Jul 17, 2019

I see that you just added the PR action: merge label, but the following checks are still failing:
    failure status "ci/circleci: integration_test" is failing
    pending missing required labels: PR target: *
    pending status "google3" is pending
    pending missing required status "ci/circleci: publish_snapshot"

If you want your PR to be merged, it has to pass all the CI checks.

If you can't get the PR to a green state due to flakes or broken master, please try rebasing to master and/or restarting the CI job. If that fails and you believe that the issue is not due to your change, please contact the caretaker and ask for help.

@mhevery

This comment has been minimized.

@mhevery mhevery closed this in 78e7fdd Jul 18, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.