This repository has been archived by the owner on Apr 12, 2024. It is now read-only.
Sanitize innert document #12524
Closed
Sanitize innert document #12524
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
We found a Contributor License Agreement for you (the sender of this pull request) and all commit authors, but as best as we can tell these commits were authored by someone else. If that's the case, please add them to this pull request and have them confirm that they're okay with these commits being contributed to Google. If we're mistaken and you did author these commits, just reply here to confirm. |
|
hmm.. tests are failing because different browsers enumerate over the list of tags in a different order which results in non-deterministic. I'll either have to sort the attribute list or change the matcher to account for this. |
|
@IgorMinar even after sorting the attributes, there are two test failures with IE9 I think it should be possible to fix the second issue with something like https://github.com/angular/angular.js/blob/master/src/jqLite.js#L159 |
IgorMinar
force-pushed
the
sanitize-innertDocument
branch
from
e403d80 to
f128934
Compare
IgorMinar
force-pushed
the
sanitize-innertDocument
branch
from
f128934 to
d99fb5a
Compare
IgorMinar
force-pushed
the
sanitize-innertDocument
branch
5 times, most recently
from
1520d90 to
d24463f
Compare
| * Enables a subset of svg to be supported by the sanitizer. | ||
| * | ||
| * **Warning**: By enabling this setting without taking other precautions, you might expose your | ||
| * application to click-hijacking attacks. In these attacks, a sanitize svg could be positioned |
IgorMinar
force-pushed
the
sanitize-innertDocument
branch
6 times, most recently
from
4d3a2a4 to
801fb7a
Compare
benjaminParisel
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Jan 24, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
added a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 6, 2023
Closes angular#12524 (manually apply from the commit f33ce17)
julienmege
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 6, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 20, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 20, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 20, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 20, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 21, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 21, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 21, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 21, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 21, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 21, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 24, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 24, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 24, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 24, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
DumitruCorini
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 24, 2023
Closes angular#12524 (cherry picked from commit f33ce17)
julienmege
added a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 28, 2023
fix($compile): properly sanitize xlink:href attribute interoplation Closes angular#12524 (cherry picked from commit f33ce17) Co-authored-by: Igor Minar <igor@angularjs.org> Co-authored-by: Dumitru Corini <dumitru.corini@gmail.com>
taki-eddine-rahal
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Feb 28, 2023
fix: grunt package is working fix(angular.merge): do not merge __proto__ property Report from * angular@c0498d4 * angular@add78e6 fix($compile): properly sanitize xlink:href attribute interoplation Closes angular#12524 (cherry picked from commit f33ce17) Build version on windows Build version on windows Update ReadMe for Windows environment Update ReadMe Fix Unit Test Fix Unit Test Fix Unit Test Fix Test e2e Fix Test e2e Fix Test e2e Fix Test e2e
taki-eddine-rahal
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Mar 1, 2023
fix: grunt package is working fix(angular.merge): do not merge __proto__ property Report from * angular@c0498d4 * angular@add78e6 fix($compile): properly sanitize xlink:href attribute interoplation Closes angular#12524 (cherry picked from commit f33ce17) Build version on windows Build version on windows Update ReadMe for Windows environment Update ReadMe Fix Unit Test Fix Unit Test Fix Unit Test Fix Test e2e Fix Test e2e Fix Test e2e Fix Test e2e Fix npm:angular:20150909 Test and Validation CVE npm:angular:20150909 fix($sanitize): disallow unsafe svg animation tags and add mXSS protection
taki-eddine-rahal
pushed a commit
to bonitasoft/angular.js
that referenced
this pull request
Mar 1, 2023
fix: grunt package is working fix(angular.merge): do not merge __proto__ property Report from * angular@c0498d4 * angular@add78e6 fix($compile): properly sanitize xlink:href attribute interoplation Closes angular#12524 (cherry picked from commit f33ce17) Build version on windows Build version on windows Update ReadMe for Windows environment Update ReadMe Fix Unit Test Fix Unit Test Fix Unit Test Fix Test e2e Fix Test e2e Fix Test e2e Fix Test e2e Fix npm:angular:20150909 Test and Validation CVE npm:angular:20150909 fix($sanitize): disallow unsafe svg animation tags and add mXSS protection
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.