@angular/core 20.3.16 → 20.3.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/api.d.d.ts +1 -1
- package/chrome_dev_tools_performance.d.d.ts +1 -1
- package/discovery.d.d.ts +1 -1
- package/effect.d.d.ts +1 -1
- package/event_dispatcher.d.d.ts +1 -1
- package/fesm2022/attribute.mjs +1 -1
- package/fesm2022/core.mjs +1 -1
- package/fesm2022/debug_node.mjs +33 -13
- package/fesm2022/debug_node.mjs.map +1 -1
- package/fesm2022/effect.mjs +1 -1
- package/fesm2022/not_found.mjs +1 -1
- package/fesm2022/primitives/di.mjs +1 -1
- package/fesm2022/primitives/event-dispatch.mjs +1 -1
- package/fesm2022/primitives/signals.mjs +1 -1
- package/fesm2022/resource.mjs +1 -1
- package/fesm2022/root_effect_scheduler.mjs +2 -2
- package/fesm2022/root_effect_scheduler.mjs.map +1 -1
- package/fesm2022/rxjs-interop.mjs +1 -1
- package/fesm2022/signal.mjs +1 -1
- package/fesm2022/testing.mjs +1 -1
- package/fesm2022/weak_ref.mjs +1 -1
- package/formatter.d.d.ts +1 -1
- package/index.d.ts +1 -1
- package/package.json +2 -2
- package/primitives/di/index.d.ts +1 -1
- package/primitives/event-dispatch/index.d.ts +1 -1
- package/primitives/signals/index.d.ts +1 -1
- package/rxjs-interop/index.d.ts +1 -1
- package/schematics/bundles/add-bootstrap-context-to-server-main.cjs +5 -5
- package/schematics/bundles/{apply_import_manager-C-hIllzM.cjs → apply_import_manager-CTzEuFJw.cjs} +3 -3
- package/schematics/bundles/cleanup-unused-imports.cjs +5 -5
- package/schematics/bundles/{compiler_host-C7zi7NDP.cjs → compiler_host-Ber_JSyo.cjs} +2 -2
- package/schematics/bundles/control-flow-migration.cjs +3 -3
- package/schematics/bundles/document-core.cjs +5 -5
- package/schematics/bundles/imports-CIX-JgAN.cjs +1 -1
- package/schematics/bundles/{index-BdbAclL_.cjs → index-B8IUVpRW.cjs} +4 -4
- package/schematics/bundles/{index-CEqacA4Q.cjs → index-DUHSh_FI.cjs} +12 -12
- package/schematics/bundles/inject-flags.cjs +5 -5
- package/schematics/bundles/inject-migration.cjs +3 -3
- package/schematics/bundles/leading_space-D9nQ8UQC.cjs +1 -1
- package/schematics/bundles/{migrate_ts_type_references-BJnim1Tm.cjs → migrate_ts_type_references-DLcyIMjy.cjs} +5 -5
- package/schematics/bundles/ng_decorators-B5HCqr20.cjs +1 -1
- package/schematics/bundles/nodes-B16H9JUd.cjs +1 -1
- package/schematics/bundles/output-migration.cjs +6 -6
- package/schematics/bundles/{project_paths-qw-vHpyb.cjs → project_paths-D9GYMpqK.cjs} +3 -3
- package/schematics/bundles/{project_tsconfig_paths-C5dXM8JP.cjs → project_tsconfig_paths-MdN5DRlX.cjs} +5 -4
- package/schematics/bundles/property_name-BBwFuqMe.cjs +1 -1
- package/schematics/bundles/route-lazy-loading.cjs +3 -3
- package/schematics/bundles/router-current-navigation.cjs +4 -4
- package/schematics/bundles/self-closing-tags-migration.cjs +4 -4
- package/schematics/bundles/signal-input-migration.cjs +7 -7
- package/schematics/bundles/signal-queries-migration.cjs +7 -7
- package/schematics/bundles/signals.cjs +7 -7
- package/schematics/bundles/standalone-migration.cjs +4 -4
- package/schematics/bundles/symbol-VPWguRxr.cjs +1 -1
- package/schematics/bundles/test-bed-get.cjs +4 -4
- package/testing/index.d.ts +1 -1
- package/weak_ref.d.d.ts +1 -1
package/api.d.d.ts
CHANGED
package/discovery.d.d.ts
CHANGED
package/effect.d.d.ts
CHANGED
package/event_dispatcher.d.d.ts
CHANGED
package/fesm2022/attribute.mjs
CHANGED
package/fesm2022/core.mjs
CHANGED
package/fesm2022/debug_node.mjs
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* @license Angular v20.3.
|
|
2
|
+
* @license Angular v20.3.18
|
|
3
3
|
* (c) 2010-2025 Google LLC. https://angular.dev/
|
|
4
4
|
* License: MIT
|
|
5
5
|
*/
|
|
@@ -5622,6 +5622,13 @@ const VALID_ATTRS = merge(URI_ATTRS, HTML_ATTRS, ARIA_ATTRS);
|
|
|
5622
5622
|
// `Some content`, but strip `invalid-element` opening/closing tags. For some elements, though, we
|
|
5623
5623
|
// don't want to preserve the content, if the elements themselves are going to be removed.
|
|
5624
5624
|
const SKIP_TRAVERSING_CONTENT_IF_INVALID_ELEMENTS = tagSet('script,style,template');
|
|
5625
|
+
/**
|
|
5626
|
+
* Attributes that are potential attach vectors and may need to be sanitized.
|
|
5627
|
+
*/
|
|
5628
|
+
const SENSITIVE_ATTRS = merge(URI_ATTRS,
|
|
5629
|
+
// Note: we don't include these attributes in `URI_ATTRS`, because `URI_ATTRS` also
|
|
5630
|
+
// determines whether an attribute should be dropped when sanitizing an HTML string.
|
|
5631
|
+
tagSet('action,formaction,data,codebase'));
|
|
5625
5632
|
/**
|
|
5626
5633
|
* SanitizingHtmlSerializer serializes a DOM fragment, stripping out any unsafe elements and unsafe
|
|
5627
5634
|
* attributes.
|
|
@@ -14720,7 +14727,7 @@ class ComponentFactory extends ComponentFactory$1 {
|
|
|
14720
14727
|
}
|
|
14721
14728
|
function createRootTView(rootSelectorOrNode, componentDef, componentBindings, directives) {
|
|
14722
14729
|
const tAttributes = rootSelectorOrNode
|
|
14723
|
-
? ['ng-version', '20.3.
|
|
14730
|
+
? ['ng-version', '20.3.18']
|
|
14724
14731
|
: // Extract attributes and classes from the first selector only to match VE behavior.
|
|
14725
14732
|
extractAttrsAndClassesFromSelector(componentDef.selectors[0]);
|
|
14726
14733
|
let creationBindings = null;
|
|
@@ -24917,7 +24924,7 @@ function i18nAttributesFirstPass(tView, index, values) {
|
|
|
24917
24924
|
// the compiler treats static i18n attributes as regular attribute bindings.
|
|
24918
24925
|
// Since this may not be the first i18n attribute on this element we need to pass in how
|
|
24919
24926
|
// many previous bindings there have already been.
|
|
24920
|
-
generateBindingUpdateOpCodes(updateOpCodes, message, previousElementIndex, attrName, countBindings(updateOpCodes), null);
|
|
24927
|
+
generateBindingUpdateOpCodes(updateOpCodes, message, previousElementIndex, attrName, countBindings(updateOpCodes), SENSITIVE_ATTRS[attrName.toLowerCase()] ? _sanitizeUrl : null);
|
|
24921
24928
|
}
|
|
24922
24929
|
}
|
|
24923
24930
|
tView.data[index] = updateOpCodes;
|
|
@@ -25243,15 +25250,9 @@ function walkIcuTree(ast, tView, tIcu, lView, sharedUpdateOpCodes, create, remov
|
|
|
25243
25250
|
const attr = elAttrs.item(i);
|
|
25244
25251
|
const lowerAttrName = attr.name.toLowerCase();
|
|
25245
25252
|
const hasBinding = !!attr.value.match(BINDING_REGEXP);
|
|
25246
|
-
// we assume the input string is safe, unless it's using a binding
|
|
25247
25253
|
if (hasBinding) {
|
|
25248
25254
|
if (VALID_ATTRS.hasOwnProperty(lowerAttrName)) {
|
|
25249
|
-
|
|
25250
|
-
generateBindingUpdateOpCodes(update, attr.value, newIndex, attr.name, 0, _sanitizeUrl);
|
|
25251
|
-
}
|
|
25252
|
-
else {
|
|
25253
|
-
generateBindingUpdateOpCodes(update, attr.value, newIndex, attr.name, 0, null);
|
|
25254
|
-
}
|
|
25255
|
+
generateBindingUpdateOpCodes(update, attr.value, newIndex, attr.name, 0, SENSITIVE_ATTRS[lowerAttrName] ? _sanitizeUrl : null);
|
|
25255
25256
|
}
|
|
25256
25257
|
else {
|
|
25257
25258
|
ngDevMode &&
|
|
@@ -25260,8 +25261,27 @@ function walkIcuTree(ast, tView, tIcu, lView, sharedUpdateOpCodes, create, remov
|
|
|
25260
25261
|
`(see ${XSS_SECURITY_URL})`);
|
|
25261
25262
|
}
|
|
25262
25263
|
}
|
|
25264
|
+
else if (VALID_ATTRS[lowerAttrName]) {
|
|
25265
|
+
if (SENSITIVE_ATTRS[lowerAttrName]) {
|
|
25266
|
+
// Don't sanitize, because no value is acceptable in sensitive attributes.
|
|
25267
|
+
// Translators are not allowed to create URIs.
|
|
25268
|
+
if (typeof ngDevMode !== 'undefined' && ngDevMode) {
|
|
25269
|
+
console.warn(`WARNING: ignoring unsafe attribute ` +
|
|
25270
|
+
`${lowerAttrName} on element ${tagName} ` +
|
|
25271
|
+
`(see ${XSS_SECURITY_URL})`);
|
|
25272
|
+
}
|
|
25273
|
+
addCreateAttribute(create, newIndex, attr.name, 'unsafe:blocked');
|
|
25274
|
+
}
|
|
25275
|
+
else {
|
|
25276
|
+
addCreateAttribute(create, newIndex, attr.name, attr.value);
|
|
25277
|
+
}
|
|
25278
|
+
}
|
|
25263
25279
|
else {
|
|
25264
|
-
|
|
25280
|
+
if (typeof ngDevMode !== 'undefined' && ngDevMode) {
|
|
25281
|
+
console.warn(`WARNING: ignoring unknown attribute name ` +
|
|
25282
|
+
`${lowerAttrName} on element ${tagName} ` +
|
|
25283
|
+
`(see ${XSS_SECURITY_URL})`);
|
|
25284
|
+
}
|
|
25265
25285
|
}
|
|
25266
25286
|
}
|
|
25267
25287
|
const elementNode = {
|
|
@@ -25330,8 +25350,8 @@ function addCreateNodeAndAppend(create, marker, text, appendToParentIdx, createA
|
|
|
25330
25350
|
}
|
|
25331
25351
|
create.push(text, createAtIdx, icuCreateOpCode(0 /* IcuCreateOpCode.AppendChild */, appendToParentIdx, createAtIdx));
|
|
25332
25352
|
}
|
|
25333
|
-
function addCreateAttribute(create, newIndex,
|
|
25334
|
-
create.push((newIndex << 1 /* IcuCreateOpCode.SHIFT_REF */) | 1 /* IcuCreateOpCode.Attr */,
|
|
25353
|
+
function addCreateAttribute(create, newIndex, attrName, attrValue) {
|
|
25354
|
+
create.push((newIndex << 1 /* IcuCreateOpCode.SHIFT_REF */) | 1 /* IcuCreateOpCode.Attr */, attrName, attrValue);
|
|
25335
25355
|
}
|
|
25336
25356
|
|
|
25337
25357
|
// i18nPostprocess consts
|