@angular/core 19.2.22 → 19.2.23

package/event_dispatcher.d-K56StcHr.d.ts

@@ -1,5 +1,5 @@
 /**
- * @license Angular v19.2.22
+ * @license Angular v19.2.23
  * (c) 2010-2025 Google LLC. https://angular.io/
  * License: MIT
  */

package/fesm2022/core.mjs

@@ -1,5 +1,5 @@
 /**
- * @license Angular v19.2.22
+ * @license Angular v19.2.23
  * (c) 2010-2025 Google LLC. https://angular.io/
  * License: MIT
  */
@@ -3195,8 +3195,8 @@ const profiler = function (event, instance = null, hookOrListener) {
     }
 };
 
-const SVG_NAMESPACE = 'svg';
-const MATH_ML_NAMESPACE = 'math';
+const SVG_NAMESPACE$1 = 'svg';
+const MATH_ML_NAMESPACE$1 = 'math';
 
 /**
  * For efficiency reasons we often put several different data types (`RNode`, `LView`, `LContainer`)
@@ -3981,7 +3981,7 @@ function getSelectedTNode() {
  * @codeGenApi
  */
 function ɵɵnamespaceSVG() {
-    instructionState.lFrame.currentNamespace = SVG_NAMESPACE;
+    instructionState.lFrame.currentNamespace = SVG_NAMESPACE$1;
 }
 /**
  * Sets the namespace used to create elements to `'http://www.w3.org/1998/MathML/'` in global state.
@@ -3989,7 +3989,7 @@ function ɵɵnamespaceSVG() {
  * @codeGenApi
  */
 function ɵɵnamespaceMathML() {
-    instructionState.lFrame.currentNamespace = MATH_ML_NAMESPACE;
+    instructionState.lFrame.currentNamespace = MATH_ML_NAMESPACE$1;
 }
 /**
  * Sets the namespace used to create elements to `null`, which forces element creation to use
@@ -10880,13 +10880,6 @@ const VALID_ATTRS = merge(URI_ATTRS, HTML_ATTRS, ARIA_ATTRS);
 // `Some content`, but strip `invalid-element` opening/closing tags. For some elements, though, we
 // don't want to preserve the content, if the elements themselves are going to be removed.
 const SKIP_TRAVERSING_CONTENT_IF_INVALID_ELEMENTS = tagSet('script,style,template');
-/**
- * Attributes that are potential attach vectors and may need to be sanitized.
- */
-const SENSITIVE_ATTRS = merge(URI_ATTRS, 
-// Note: we don't include these attributes in `URI_ATTRS`, because `URI_ATTRS` also
-// determines whether an attribute should be dropped when sanitizing an HTML string.
-tagSet('action,formaction,data,codebase'));
 /**
  * SanitizingHtmlSerializer serializes a DOM fragment, stripping out any unsafe elements and unsafe
  * attributes.
@@ -11298,7 +11291,132 @@ var SecurityContext;
     SecurityContext[SecurityContext["SCRIPT"] = 3] = "SCRIPT";
     SecurityContext[SecurityContext["URL"] = 4] = "URL";
     SecurityContext[SecurityContext["RESOURCE_URL"] = 5] = "RESOURCE_URL";
+    SecurityContext[SecurityContext["ATTRIBUTE_NO_BINDING"] = 6] = "ATTRIBUTE_NO_BINDING";
 })(SecurityContext || (SecurityContext = {}));
+// =================================================================================================
+// =================================================================================================
+// =========== S T O P   -  S T O P   -  S T O P   -  S T O P   -  S T O P   -  S T O P  ===========
+// =================================================================================================
+// =================================================================================================
+//
+//        DO NOT EDIT THIS LIST OF SECURITY SENSITIVE PROPERTIES WITHOUT A SECURITY REVIEW!
+//
+// =================================================================================================
+/**
+ *  Map from tagName|propertyName to SecurityContext. Properties applying to all tags use '*'.
+ */
+let _SECURITY_SCHEMA;
+const SVG_NAMESPACE = 'svg';
+const MATH_ML_NAMESPACE = 'math';
+/**
+ * @remarks Keep is a copy of DOM Security Schema.
+ * @see [SECURITY_SCHEMA](../../../compiler/src/schema/dom_security_schema.ts)
+ */
+function SECURITY_SCHEMA() {
+    if (!_SECURITY_SCHEMA) {
+        _SECURITY_SCHEMA = {};
+        // Case is insignificant below, all element and attribute names are lower-cased for lookup.
+        registerContext(SecurityContext.HTML, /** Namespace */ undefined, [
+            ['iframe', ['srcdoc']],
+            ['*', ['innerHTML', 'outerHTML']],
+        ]);
+        registerContext(SecurityContext.STYLE, /** Namespace */ undefined, [['*', ['style']]]);
+        // NB: no SCRIPT contexts here, they are never allowed due to the parser stripping them.
+        registerContext(SecurityContext.URL, /** Namespace */ undefined, [
+            ['*', ['formAction']],
+            ['area', ['href']],
+            ['a', ['href', 'xlink:href']],
+            ['form', ['action']],
+            // The below two items are safe and should be removed but they require a G3 clean-up as a small number of tests fail.
+            ['img', ['src']],
+            ['video', ['src']],
+        ]);
+        registerContext(SecurityContext.URL, MATH_ML_NAMESPACE, [
+            // MathML namespace
+            // https://crsrc.org/c/third_party/blink/renderer/core/sanitizer/sanitizer.cc;l=753-768;drc=b3eb16372dcd3317d65e9e0265015e322494edcd;bpv=1;bpt=1
+            ['annotation', ['href', 'xlink:href']],
+            ['annotation-xml', ['href', 'xlink:href']],
+            ['maction', ['href', 'xlink:href']],
+            ['malignmark', ['href', 'xlink:href']],
+            ['math', ['href', 'xlink:href']],
+            ['mroot', ['href', 'xlink:href']],
+            ['msqrt', ['href', 'xlink:href']],
+            ['merror', ['href', 'xlink:href']],
+            ['mfrac', ['href', 'xlink:href']],
+            ['mglyph', ['href', 'xlink:href']],
+            ['msub', ['href', 'xlink:href']],
+            ['msup', ['href', 'xlink:href']],
+            ['msubsup', ['href', 'xlink:href']],
+            ['mmultiscripts', ['href', 'xlink:href']],
+            ['mprescripts', ['href', 'xlink:href']],
+            ['mi', ['href', 'xlink:href']],
+            ['mn', ['href', 'xlink:href']],
+            ['mo', ['href', 'xlink:href']],
+            ['mpadded', ['href', 'xlink:href']],
+            ['mphantom', ['href', 'xlink:href']],
+            ['mrow', ['href', 'xlink:href']],
+            ['ms', ['href', 'xlink:href']],
+            ['mspace', ['href', 'xlink:href']],
+            ['mstyle', ['href', 'xlink:href']],
+            ['mtable', ['href', 'xlink:href']],
+            ['mtd', ['href', 'xlink:href']],
+            ['mtr', ['href', 'xlink:href']],
+            ['mtext', ['href', 'xlink:href']],
+            ['mover', ['href', 'xlink:href']],
+            ['munder', ['href', 'xlink:href']],
+            ['munderover', ['href', 'xlink:href']],
+            ['semantics', ['href', 'xlink:href']],
+            ['none', ['href', 'xlink:href']],
+        ]);
+        registerContext(SecurityContext.RESOURCE_URL, /** Namespace */ undefined, [
+            ['base', ['href']],
+            ['embed', ['src']],
+            ['frame', ['src']],
+            ['iframe', ['src']],
+            ['link', ['href']],
+            ['object', ['codebase', 'data']],
+        ]);
+        registerContext(SecurityContext.URL, SVG_NAMESPACE, [['a', ['href', 'xlink:href']]]);
+        // Keep this in sync with SECURITY_SENSITIVE_ELEMENTS in packages/core/src/sanitization/sanitization.ts
+        // Unknown is the internal tag name for unknown elements example used for host-bindings.
+        // These are unsafe as `attributeName` can be `href` or `xlink:href`
+        // See: http://b/463880509#comment7
+        registerContext(SecurityContext.ATTRIBUTE_NO_BINDING, SVG_NAMESPACE, [
+            ['animate', ['attributeName', 'values', 'to', 'from']],
+            ['set', ['to', 'attributeName']],
+            ['animateMotion', ['attributeName']],
+            ['animateTransform', ['attributeName']],
+        ]);
+        registerContext(SecurityContext.ATTRIBUTE_NO_BINDING, /** Namespace */ undefined, [
+            [
+                'unknown',
+                [
+                    'attributeName',
+                    'values',
+                    'to',
+                    'from',
+                    'sandbox',
+                    'allow',
+                    'allowFullscreen',
+                    'referrerPolicy',
+                    'csp',
+                    'fetchPriority',
+                ],
+            ],
+            ['iframe', ['sandbox', 'allow', 'allowFullscreen', 'referrerPolicy', 'csp', 'fetchPriority']],
+        ]);
+    }
+    return _SECURITY_SCHEMA;
+}
+function registerContext(ctx, namespace, specs) {
+    for (const [element, attributeNames] of specs) {
+        let tagName = namespace && element !== '*' && element !== 'unknown' ? `:${namespace}:${element}` : element;
+        tagName = tagName.toLowerCase();
+        for (const attr of attributeNames) {
+            _SECURITY_SCHEMA[`${tagName}|${attr.toLowerCase()}`] = ctx;
+        }
+    }
+}
 
 /**
  * An `html` sanitizer which converts untrusted `html` **string** into trusted string by removing
@@ -11466,8 +11584,15 @@ function ɵɵtrustConstantResourceUrl(url) {
     return trustedScriptURLFromString(url[0]);
 }
 // Define sets outside the function for O(1) lookups and memory efficiency
-const SRC_RESOURCE_TAGS = new Set(['embed', 'frame', 'iframe', 'media', 'script']);
-const HREF_RESOURCE_TAGS = new Set(['base', 'link', 'script']);
+const RESOURCE_MAP = {
+    'embed': { 'src': true },
+    'frame': { 'src': true },
+    'iframe': { 'src': true },
+    'media': { 'src': true },
+    'base': { 'href': true },
+    'link': { 'href': true },
+    'object': { 'data': true, 'codebase': true },
+};
 /**
  * Detects which sanitizer to use for URL property, based on tag name and prop name.
  *
@@ -11476,9 +11601,7 @@ const HREF_RESOURCE_TAGS = new Set(['base', 'link', 'script']);
  * If tag and prop names don't match Resource URL schema, use URL sanitizer.
  */
 function getUrlSanitizer(tag, prop) {
-    const isResource = (prop === 'src' && SRC_RESOURCE_TAGS.has(tag)) ||
-        (prop === 'href' && HREF_RESOURCE_TAGS.has(tag)) ||
-        (prop === 'xlink:href' && tag === 'script');
+    const isResource = RESOURCE_MAP[tag.toLowerCase()]?.[prop.toLowerCase()] === true;
     return isResource ? ɵɵsanitizeResourceUrl : ɵɵsanitizeUrl;
 }
 /**
@@ -11519,24 +11642,32 @@ function getSanitizer() {
     const lView = getLView();
     return lView && lView[ENVIRONMENT].sanitizer;
 }
-const attributeName = new Set(['attributename']);
 /**
  * @remarks Keep this in sync with DOM Security Schema.
  * @see [SECURITY_SCHEMA](../../../compiler/src/schema/dom_security_schema.ts)
  */
+/**
+ * Set of attributes that are sensitive and should be sanitized.
+ */
+const SECURITY_SENSITIVE_ATTRIBUTE_NAMES = new Set(['href', 'xlink:href']);
 const SECURITY_SENSITIVE_ELEMENTS = {
-    'iframe': new Set([
-        'sandbox',
-        'allow',
-        'allowfullscreen',
-        'referrerpolicy',
-        'csp',
-        'fetchpriority',
-    ]),
-    'animate': attributeName,
-    'set': attributeName,
-    'animatemotion': attributeName,
-    'animatetransform': attributeName,
+    'iframe': {
+        'sandbox': true,
+        'allow': true,
+        'allowfullscreen': true,
+        'referrerpolicy': true,
+        'csp': true,
+        'fetchpriority': true,
+    },
+    ':svg:animate': {
+        'attributename': true,
+        'to': SECURITY_SENSITIVE_ATTRIBUTE_NAMES,
+        'values': SECURITY_SENSITIVE_ATTRIBUTE_NAMES,
+        'from': SECURITY_SENSITIVE_ATTRIBUTE_NAMES,
+    },
+    ':svg:set': { 'attributename': true, 'to': SECURITY_SENSITIVE_ATTRIBUTE_NAMES },
+    ':svg:animatemotion': { 'attributename': true },
+    ':svg:animatetransform': { 'attributename': true },
 };
 /**
  * Validates that the attribute binding is safe to use.
@@ -11548,22 +11679,54 @@ const SECURITY_SENSITIVE_ELEMENTS = {
 function ɵɵvalidateAttribute(value, tagName, attributeName) {
     const lowerCaseTagName = tagName.toLowerCase();
     const lowerCaseAttrName = attributeName.toLowerCase();
-    if (!SECURITY_SENSITIVE_ELEMENTS[lowerCaseTagName]?.has(lowerCaseAttrName)) {
+    const index = getSelectedIndex();
+    const tNode = index === -1 ? null : getSelectedTNode();
+    if (tNode && tNode.type !== 2 /* TNodeType.Element */) {
         return value;
     }
-    const tNode = getSelectedTNode();
-    if (tNode.type !== 2 /* TNodeType.Element */) {
+    // Leverage tNode.namespace if active, otherwise check both namespaced and base variants.
+    const fullTagName = lowerCaseTagName[0] !== ':' && tNode?.namespace
+        ? `:${tNode.namespace}:${lowerCaseTagName}`
+        : lowerCaseTagName;
+    const validationConfig = SECURITY_SENSITIVE_ELEMENTS[fullTagName]?.[lowerCaseAttrName];
+    if (!validationConfig) {
         return value;
     }
     const lView = getLView();
-    if (lowerCaseTagName === 'iframe') {
+    if (tNode && lowerCaseTagName === 'iframe') {
         const element = getNativeByTNode(tNode, lView);
         enforceIframeSecurity(element);
     }
+    const displayTagName = tagName[0] === ':' ? tagName.split(':').pop() : tagName;
+    if (typeof validationConfig !== 'boolean') {
+        if (!tNode) {
+            const errorMessage = ngDevMode &&
+                `Angular has detected that the \`${attributeName}\` was applied ` +
+                    `as a binding to the <${tagName}> element. ` +
+                    `For security reasons, the \`${attributeName}\` can be set on the <${tagName}> element ` +
+                    `as a static attribute only. \n` +
+                    `To fix this, switch the \`${attributeName}\` binding to a static attribute ` +
+                    `in a template or in host bindings section.`;
+            throw new RuntimeError(-910 /* RuntimeErrorCode.UNSAFE_ATTRIBUTE_BINDING */, errorMessage);
+        }
+        const element = getNativeByTNode(tNode, lView);
+        const attributeNameValue = element.getAttribute('attributeName');
+        if (attributeNameValue && validationConfig.has(attributeNameValue.toLowerCase())) {
+            const errorMessage = ngDevMode &&
+                `Angular has detected that the \`${attributeName}\` was applied ` +
+                    `as a binding to the <${displayTagName}> element${getTemplateLocationDetails(lView)}. ` +
+                    `For security reasons, the \`${attributeName}\` can be set on the <${displayTagName}> element ` +
+                    `as a static attribute only when the "attributeName" is set to \'${attributeNameValue}\'. \n` +
+                    `To fix this, switch the \`${attributeNameValue}\` binding to a static attribute ` +
+                    `in a template or in host bindings section.`;
+            throw new RuntimeError(-910 /* RuntimeErrorCode.UNSAFE_ATTRIBUTE_BINDING */, errorMessage);
+        }
+        return value;
+    }
     const errorMessage = ngDevMode &&
         `Angular has detected that the \`${attributeName}\` was applied ` +
-            `as a binding to the <${tagName}> element${getTemplateLocationDetails(lView)}. ` +
-            `For security reasons, the \`${attributeName}\` can be set on the <${tagName}> element ` +
+            `as a binding to the <${displayTagName}> element${tNode ? getTemplateLocationDetails(lView) : ''}. ` +
+            `For security reasons, the \`${attributeName}\` can be set on the <${displayTagName}> element ` +
             `as a static attribute only. \n` +
             `To fix this, switch the \`${attributeName}\` binding to a static attribute ` +
             `in a template or in host bindings section.`;
@@ -12558,6 +12721,9 @@ function locateHostElement(renderer, elementOrSelector, encapsulation, injector)
     // projection.
     const preserveContent = preserveHostContent || encapsulation === ViewEncapsulation.ShadowDom;
     const rootElement = renderer.selectRootElement(elementOrSelector, preserveContent);
+    if (rootElement?.tagName?.toLowerCase() === 'script') {
+        throw new RuntimeError(905 /* RuntimeErrorCode.UNSAFE_VALUE_IN_SCRIPT */, ngDevMode && `"<script>" tag is not allowed as a component host element.`);
+    }
     applyRootElementTransform(rootElement);
     return rootElement;
 }
@@ -15590,6 +15756,7 @@ function createTNode(tView, tParent, type, index, value, attrs) {
         flags,
         providerIndexes: 0,
         value: value,
+        namespace: getNamespace(),
         attrs: attrs,
         mergedAttrs: null,
         localNames: null,
@@ -18045,7 +18212,7 @@ function createHostElement(componentDef, render) {
     // dynamically. Default to 'div' if this component did not specify any tag name in its
     // selector.
     const tagName = (componentDef.selectors[0][0] || 'div').toLowerCase();
-    const namespace = tagName === 'svg' ? SVG_NAMESPACE : tagName === 'math' ? MATH_ML_NAMESPACE : null;
+    const namespace = tagName === 'svg' ? SVG_NAMESPACE$1 : tagName === 'math' ? MATH_ML_NAMESPACE$1 : null;
     return createElementNode(render, tagName, namespace);
 }
 /**
@@ -18088,7 +18255,7 @@ class ComponentFactory extends ComponentFactory$1 {
             const cmpDef = this.componentDef;
             ngDevMode && verifyNotAnOrphanComponent(cmpDef);
             const tAttributes = rootSelectorOrNode
-                ? ['ng-version', '19.2.22']
+                ? ['ng-version', '19.2.23']
                 : // Extract attributes and classes from the first selector only to match VE behavior.
                     extractAttrsAndClassesFromSelector(this.componentDef.selectors[0]);
             // Create the root view. Uses empty TView and ContentTemplate.
@@ -28898,7 +29065,14 @@ function applyUpdateOpCodes(tView, lView, updateOpCodes, bindingsStartIndex, cha
                                     setElementAttribute(lView[RENDERER], lView[nodeIndex], null, tNodeOrTagName, propName, value, sanitizeFn);
                                 }
                                 else {
-                                    elementPropertyInternal(tView, tNodeOrTagName, lView, propName, value, lView[RENDERER], sanitizeFn, false);
+                                    const prevSelectedIndex = getSelectedIndex();
+                                    setSelectedIndex(nodeIndex);
+                                    try {
+                                        elementPropertyInternal(tView, tNodeOrTagName, lView, propName, value, lView[RENDERER], sanitizeFn, false);
+                                    }
+                                    finally {
+                                        setSelectedIndex(prevSelectedIndex);
+                                    }
                                 }
                                 break;
                             case 0 /* I18nUpdateOpCode.Text */:
@@ -29478,7 +29652,10 @@ function i18nAttributesFirstPass(tView, index, values) {
                 // the compiler treats static i18n attributes as regular attribute bindings.
                 // Since this may not be the first i18n attribute on this element we need to pass in how
                 // many previous bindings there have already been.
-                generateBindingUpdateOpCodes(updateOpCodes, message, previousElementIndex, attrName, countBindings(updateOpCodes), i18nSanitizeAttribute(attrName));
+                const tagName = previousElement.namespace
+                    ? `:${previousElement.namespace}:${previousElement.value}`
+                    : previousElement.value;
+                generateBindingUpdateOpCodes(updateOpCodes, message, previousElementIndex, attrName, countBindings(updateOpCodes), i18nResolveSanitizer(attrName, tagName));
             }
         }
         tView.data[index] = updateOpCodes;
@@ -29804,9 +29981,15 @@ function walkIcuTree(ast, tView, tIcu, lView, sharedUpdateOpCodes, create, remov
                         const attr = elAttrs.item(i);
                         const lowerAttrName = attr.name.toLowerCase();
                         const hasBinding = !!attr.value.match(BINDING_REGEXP);
+                        const elementNS = element.namespaceURI;
+                        const tagNameWithNamespace = elementNS === 'http://www.w3.org/2000/svg'
+                            ? `:svg:${tagName}`
+                            : elementNS === 'http://www.w3.org/1998/Math/MathML'
+                                ? `:math:${tagName}`
+                                : tagName;
                         if (hasBinding) {
                             if (VALID_ATTRS.hasOwnProperty(lowerAttrName)) {
-                                generateBindingUpdateOpCodes(update, attr.value, newIndex, attr.name, 0, i18nSanitizeAttribute(lowerAttrName));
+                                generateBindingUpdateOpCodes(update, attr.value, newIndex, attr.name, 0, i18nResolveSanitizer(lowerAttrName, tagNameWithNamespace));
                             }
                             else {
                                 ngDevMode &&
@@ -29816,9 +29999,9 @@ function walkIcuTree(ast, tView, tIcu, lView, sharedUpdateOpCodes, create, remov
                             }
                         }
                         else if (VALID_ATTRS[lowerAttrName]) {
-                            if (SENSITIVE_ATTRS[lowerAttrName]) {
-                                // Don't sanitize, because no value is acceptable in sensitive attributes.
-                                // Translators are not allowed to create URIs.
+                            let val = attr.value;
+                            const sanitizer = i18nResolveSanitizer(lowerAttrName, tagNameWithNamespace);
+                            if (sanitizer) {
                                 if (typeof ngDevMode !== 'undefined' && ngDevMode) {
                                     console.warn(`WARNING: ignoring unsafe attribute ` +
                                         `${lowerAttrName} on element ${tagName} ` +
@@ -29827,7 +30010,7 @@ function walkIcuTree(ast, tView, tIcu, lView, sharedUpdateOpCodes, create, remov
                                 addCreateAttribute(create, newIndex, attr.name, 'unsafe:blocked');
                             }
                             else {
-                                addCreateAttribute(create, newIndex, attr.name, attr.value);
+                                addCreateAttribute(create, newIndex, attr.name, val);
                             }
                         }
                         else {
@@ -29907,26 +30090,49 @@ function addCreateNodeAndAppend(create, marker, text, appendToParentIdx, createA
 function addCreateAttribute(create, newIndex, attrName, attrValue) {
     create.push((newIndex << 1 /* IcuCreateOpCode.SHIFT_REF */) | 1 /* IcuCreateOpCode.Attr */, attrName, attrValue);
 }
-/**
- * Caches all keys of `SECURITY_SENSITIVE_ELEMENTS` in a Set to avoid recomputing
- * or scanning them on every invocation.
- */
-const SECURITY_SENSITIVE_ATTRS = /* @__PURE__ */ (() => new Set(Object.values(SECURITY_SENSITIVE_ELEMENTS).flatMap((attrs) => (attrs ? [...attrs.keys()] : []))))();
-/**
- * Returns a sanitizer for the given attribute name or null if the attribute is not security sensitive.
- *
- * @param attrName The name of the attribute to sanitize.
- * @returns The sanitizer for the given attribute name.
- */
-function i18nSanitizeAttribute(attrName) {
-    const lowerAttrName = attrName.toLowerCase();
-    if (SENSITIVE_ATTRS[lowerAttrName]) {
-        return _sanitizeUrl;
+function splitNsName(elementName, fatal = true) {
+    if (elementName[0] != ':') {
+        return [null, elementName];
     }
-    if (SECURITY_SENSITIVE_ATTRS.has(lowerAttrName)) {
-        return ɵɵvalidateAttribute;
+    const colonIndex = elementName.indexOf(':', 1);
+    if (colonIndex === -1) {
+        if (fatal) {
+            throw new Error(`Unsupported format "${elementName}" expecting ":namespace:name"`);
+        }
+        else {
+            return [null, elementName];
+        }
+    }
+    return [elementName.slice(1, colonIndex), elementName.slice(colonIndex + 1)];
+}
+function normalizeTagName(tagName) {
+    const tagNameLower = tagName.toLowerCase();
+    const [ns, name] = splitNsName(tagNameLower, false);
+    return ns === SVG_NAMESPACE$1 || ns === MATH_ML_NAMESPACE$1 ? `:${ns}:${name}` : name;
+}
+function i18nResolveSanitizer(attrName, tagName) {
+    const lowerAttrName = attrName.toLowerCase();
+    const lowerTagName = tagName ? normalizeTagName(tagName) : '*';
+    const schema = SECURITY_SCHEMA();
+    const schemaContext = schema[`${lowerTagName}|${lowerAttrName}`] ||
+        schema[`*|${lowerAttrName}`] ||
+        SecurityContext.NONE;
+    switch (schemaContext) {
+        case SecurityContext.HTML:
+            return ɵɵsanitizeHtml;
+        case SecurityContext.STYLE:
+            return ɵɵsanitizeStyle;
+        case SecurityContext.SCRIPT:
+            return ɵɵsanitizeScript;
+        case SecurityContext.URL:
+            return _sanitizeUrl;
+        case SecurityContext.RESOURCE_URL:
+            return ɵɵsanitizeResourceUrl;
+        case SecurityContext.ATTRIBUTE_NO_BINDING:
+            return ɵɵvalidateAttribute;
+        default:
+            return null;
     }
-    return null;
 }
 
 // i18nPostprocess consts
@@ -34829,7 +35035,7 @@ class Version {
 /**
  * @publicApi
  */
-const VERSION = new Version('19.2.22');
+const VERSION = new Version('19.2.23');
 
 /**
  * Combination of NgModuleFactory and ComponentFactories.