@angular/core 20.3.21 → 20.3.22

package/api.d.d.ts

@@ -1,5 +1,5 @@
 /**
- * @license Angular v20.3.21
+ * @license Angular v20.3.22
  * (c) 2010-2025 Google LLC. https://angular.dev/
  * License: MIT
  */

package/chrome_dev_tools_performance.d.d.ts

@@ -1,5 +1,5 @@
 /**
- * @license Angular v20.3.21
+ * @license Angular v20.3.22
  * (c) 2010-2025 Google LLC. https://angular.dev/
  * License: MIT
  */

package/discovery.d.d.ts

@@ -1,5 +1,5 @@
 /**
- * @license Angular v20.3.21
+ * @license Angular v20.3.22
  * (c) 2010-2025 Google LLC. https://angular.dev/
  * License: MIT
  */
@@ -1350,6 +1350,10 @@ interface TNode {
      *   `TNodeType.ICUContainer`: `TIcu`
      */
     value: any;
+    /**
+     * The namespace associated with this node.
+     */
+    namespace: string | null;
     /**
      * Attributes associated with an element. We need to store attributes to support various
      * use-cases (attribute injection, content projection with selectors, directives matching).
@@ -2927,7 +2931,8 @@ declare enum SecurityContext {
     STYLE = 2,
     SCRIPT = 3,
     URL = 4,
-    RESOURCE_URL = 5
+    RESOURCE_URL = 5,
+    ATTRIBUTE_NO_BINDING = 6
 }
 
 /**

package/effect.d.d.ts

@@ -1,5 +1,5 @@
 /**
- * @license Angular v20.3.21
+ * @license Angular v20.3.22
  * (c) 2010-2025 Google LLC. https://angular.dev/
  * License: MIT
  */

package/event_dispatcher.d.d.ts

@@ -1,5 +1,5 @@
 /**
- * @license Angular v20.3.21
+ * @license Angular v20.3.22
  * (c) 2010-2025 Google LLC. https://angular.dev/
  * License: MIT
  */

package/fesm2022/attribute.mjs

@@ -1,5 +1,5 @@
 /**
- * @license Angular v20.3.21
+ * @license Angular v20.3.22
  * (c) 2010-2025 Google LLC. https://angular.dev/
  * License: MIT
  */

package/fesm2022/core.mjs

@@ -1,5 +1,5 @@
 /**
- * @license Angular v20.3.21
+ * @license Angular v20.3.22
  * (c) 2010-2025 Google LLC. https://angular.dev/
  * License: MIT
  */

package/fesm2022/debug_node.mjs

@@ -1,10 +1,10 @@
 /**
- * @license Angular v20.3.21
+ * @license Angular v20.3.22
  * (c) 2010-2025 Google LLC. https://angular.dev/
  * License: MIT
  */
 
-import { attachInjectFlag, _global, ɵɵdefineInjectable as __defineInjectable, ɵɵdefineInjector as __defineInjector, ɵɵinject as __inject, ɵɵinvalidFactoryDep as __invalidFactoryDep, resolveForwardRef, newArray, EMPTY_OBJ, assertString, assertNotEqual, FLAGS, assertEqual, isInCheckNoChangesMode, PREORDER_HOOK_FLAGS, assertFirstCreatePass, assertDefined, throwError, assertNumber, assertGreaterThan, HEADER_OFFSET, DECLARATION_VIEW, NG_FACTORY_DEF, isForwardRef, getFactoryDef, assertIndexInRange, assertTNodeForLView, enterDI, runInInjectorProfilerContext, getCurrentTNode, getLView, emitInjectorToCreateInstanceEvent, emitInstanceCreatedByInjectorEvent, throwProviderNotFoundError, leaveDI, assertNodeInjector, stringifyForError, cyclicDependencyErrorWithDetails, cyclicDependencyError, setInjectorProfilerContext, setInjectImplementation, assertDirectiveDef, NG_ELEMENT_ID, convertToBitFlags, isRootView, T_HOST, TVIEW, injectRootLimpMode, isComponentDef, EMBEDDED_VIEW_INJECTOR, INJECTOR$1 as INJECTOR, DECLARATION_COMPONENT_VIEW, isComponentHost, RuntimeError, NG_PROV_DEF, getClosureSafeProperty, getNativeByTNode, flatten, arrayEquals, ID, isLView, assertDomNode, unwrapRNode, getComponentLViewByIndex, CONTEXT, EMPTY_ARRAY, assertLView, HOST, CHILD_HEAD, NEXT, isLContainer, getLViewParent, Injector, CLEANUP, getComponentDef, getDirectiveDef, InjectionToken, inject, formatRuntimeError, isInSkipHydrationBlock as isInSkipHydrationBlock$1, HYDRATION, isContentQueryHost, setCurrentQueryIndex, isDirectiveHost, XSS_SECURITY_URL, RENDERER, renderStringify, getSelectedTNode, ENVIRONMENT, makeEnvironmentProviders, resetPreOrderHookFlags, PARENT, CHILD_TAIL, assertSame, assertFirstUpdatePass, getSelectedIndex, getTView, assertIndexInDeclRange, setSelectedIndex, isInInjectionContext, DestroyRef, PendingTasksInternal, noop, ChangeDetectionScheduler, ErrorHandler, AFTER_RENDER_SEQUENCES_TO_ADD, markAncestorsForTraversal, assertNotInReactiveContext, assertInInjectionContext, ViewContext, assertLContainer, MOVED_VIEWS, isDestroyed, REACTIVE_TEMPLATE_CONSUMER, DECLARATION_LCONTAINER, QUERIES, assertNotReactive, ON_DESTROY_HOOKS, assertFunction, EFFECTS, assertProjectionSlots, NATIVE, ANIMATIONS, assertParentView, CONTAINER_HEADER_OFFSET, assertNotSame, setCurrentDirectiveIndex, setCurrentTNode, getElementDepthCount, increaseElementDepthCount, wasLastNodeCreated, isCurrentTNodeParent, setCurrentTNodeAsNotParent, assertHasParent, INTERNAL_APPLICATION_ERROR_HANDLER, stringify, getCurrentDirectiveIndex, unwrapLView, isCreationMode, enterView, leaveView, markViewForRefresh, setIsRefreshingViews, isExhaustiveCheckNoChanges, requiresRefreshOrTraversal, setIsInCheckNoChangesMode, CheckNoChangesMode, setBindingIndex, EFFECTS_TO_SCHEDULE, viewAttachedToChangeDetector, setBindingRootForHostBindings, isRefreshingViews, removeFromArray, addToArray, updateAncestorTraversalFlagsOnAttach, storeLViewOnDestroy, VIEW_REFS, assertGreaterThanOrEqual, isInI18nBlock, assertTNodeForTView, getCurrentParentTNode, getCurrentTNodePlaceholderOk, assertTNode, assertTIcu, assertNumberInRange, DEHYDRATED_VIEWS, getNgModuleDef, getPipeDef as getPipeDef$1, getNgModuleDefOrThrow, isStandalone, concatStringsWithSpace, assertInjectImplementationNotEqual, emitInjectEvent, getConstant, assertLessThan, getOrCreateTViewCleanup, getOrCreateLViewCleanup, assertNotDefined, nextBindingIndex, getDirectiveDefOrThrow, getTNode, assertComponentType, debugStringifyTypeForError, EnvironmentInjector, SVG_NAMESPACE, MATH_ML_NAMESPACE, viewAttachedToContainer, storeCleanupWithContext, signal, createInjectorWithoutInjectorInstances, R3Injector, getNullInjector, internalImportProvidersFrom, initNgDevMode, fillProperties, getBindingsEnabled, lastNodeWasCreated, removeLViewOnDestroy, walkUpViews, getNativeByIndex, assertElement, arrayInsert2, arraySplice, setInjectorProfiler, NullInjector, ENVIRONMENT_INITIALIZER, INJECTOR_DEF_TYPES, walkProviderTree, getInjectorDef, deepForEach, isTypeProvider, isSignal, runInInjectionContext, ZONELESS_ENABLED, EffectScheduler, PendingTasks, assertTNodeCreationIndex, isSkipHydrationRootTNode, leaveSkipHydrationBlock, decreaseElementDepthCount, getNamespace, enterSkipHydrationBlock, getCurrentDirectiveDef, assertIndexInExpandoRange, getBindingIndex, assertOneOf, setInI18nBlock, nextContextImpl, getCurrentQueryIndex, getContextLView, load, keyValueArrayIndexOf, keyValueArraySet, keyValueArrayGet, incrementBindingIndex, isWritableSignal, store, providerToFactory, emitProviderConfiguredEvent, isClassProvider, getBindingRoot, NG_COMP_DEF, ɵɵresetView as __resetView, ɵɵnamespaceHTML as __namespaceHTML, ɵɵnamespaceMathML as __namespaceMathML, ɵɵnamespaceSVG as __namespaceSVG, ɵɵenableBindings as __enableBindings, ɵɵdisableBindings as __disableBindings, ɵɵrestoreView as __restoreView, forwardRef, NG_MOD_DEF, NG_INJ_DEF, NG_DIR_DEF, NG_PIPE_DEF, ZONELESS_SCHEDULER_DISABLED, SCHEDULE_IN_ROOT_ZONE, PROVIDED_ZONELESS, getNativeByTNodeOrNull } from './root_effect_scheduler.mjs';
+import { attachInjectFlag, _global, ɵɵdefineInjectable as __defineInjectable, ɵɵdefineInjector as __defineInjector, ɵɵinject as __inject, ɵɵinvalidFactoryDep as __invalidFactoryDep, resolveForwardRef, newArray, EMPTY_OBJ, assertString, assertNotEqual, FLAGS, assertEqual, isInCheckNoChangesMode, PREORDER_HOOK_FLAGS, assertFirstCreatePass, assertDefined, throwError, assertNumber, assertGreaterThan, HEADER_OFFSET, DECLARATION_VIEW, NG_FACTORY_DEF, isForwardRef, getFactoryDef, assertIndexInRange, assertTNodeForLView, enterDI, runInInjectorProfilerContext, getCurrentTNode, getLView, emitInjectorToCreateInstanceEvent, emitInstanceCreatedByInjectorEvent, throwProviderNotFoundError, leaveDI, assertNodeInjector, stringifyForError, cyclicDependencyErrorWithDetails, cyclicDependencyError, setInjectorProfilerContext, setInjectImplementation, assertDirectiveDef, NG_ELEMENT_ID, convertToBitFlags, isRootView, T_HOST, TVIEW, injectRootLimpMode, isComponentDef, EMBEDDED_VIEW_INJECTOR, INJECTOR$1 as INJECTOR, DECLARATION_COMPONENT_VIEW, isComponentHost, RuntimeError, NG_PROV_DEF, getClosureSafeProperty, getNativeByTNode, flatten, arrayEquals, ID, isLView, assertDomNode, unwrapRNode, getComponentLViewByIndex, CONTEXT, EMPTY_ARRAY, assertLView, HOST, CHILD_HEAD, NEXT, isLContainer, getLViewParent, Injector, CLEANUP, getComponentDef, getDirectiveDef, InjectionToken, inject, formatRuntimeError, isInSkipHydrationBlock as isInSkipHydrationBlock$1, HYDRATION, isContentQueryHost, setCurrentQueryIndex, isDirectiveHost, XSS_SECURITY_URL, RENDERER, renderStringify, getSelectedTNode, ENVIRONMENT, getSelectedIndex, makeEnvironmentProviders, resetPreOrderHookFlags, PARENT, CHILD_TAIL, assertSame, assertFirstUpdatePass, getTView, assertIndexInDeclRange, setSelectedIndex, isInInjectionContext, DestroyRef, PendingTasksInternal, noop, ChangeDetectionScheduler, ErrorHandler, AFTER_RENDER_SEQUENCES_TO_ADD, markAncestorsForTraversal, assertNotInReactiveContext, assertInInjectionContext, ViewContext, assertLContainer, MOVED_VIEWS, isDestroyed, REACTIVE_TEMPLATE_CONSUMER, DECLARATION_LCONTAINER, QUERIES, assertNotReactive, ON_DESTROY_HOOKS, assertFunction, EFFECTS, assertProjectionSlots, NATIVE, ANIMATIONS, assertParentView, CONTAINER_HEADER_OFFSET, assertNotSame, setCurrentDirectiveIndex, setCurrentTNode, getElementDepthCount, increaseElementDepthCount, wasLastNodeCreated, isCurrentTNodeParent, setCurrentTNodeAsNotParent, assertHasParent, INTERNAL_APPLICATION_ERROR_HANDLER, stringify, getCurrentDirectiveIndex, unwrapLView, isCreationMode, enterView, leaveView, markViewForRefresh, setIsRefreshingViews, isExhaustiveCheckNoChanges, requiresRefreshOrTraversal, setIsInCheckNoChangesMode, CheckNoChangesMode, setBindingIndex, EFFECTS_TO_SCHEDULE, viewAttachedToChangeDetector, setBindingRootForHostBindings, isRefreshingViews, removeFromArray, addToArray, updateAncestorTraversalFlagsOnAttach, storeLViewOnDestroy, VIEW_REFS, assertGreaterThanOrEqual, isInI18nBlock, assertTNodeForTView, getCurrentParentTNode, getNamespace, getCurrentTNodePlaceholderOk, assertTNode, assertTIcu, assertNumberInRange, DEHYDRATED_VIEWS, getNgModuleDef, getPipeDef as getPipeDef$1, getNgModuleDefOrThrow, isStandalone, concatStringsWithSpace, assertInjectImplementationNotEqual, emitInjectEvent, getConstant, assertLessThan, getOrCreateTViewCleanup, getOrCreateLViewCleanup, assertNotDefined, nextBindingIndex, getDirectiveDefOrThrow, getTNode, assertComponentType, debugStringifyTypeForError, EnvironmentInjector, SVG_NAMESPACE as SVG_NAMESPACE$1, MATH_ML_NAMESPACE as MATH_ML_NAMESPACE$1, viewAttachedToContainer, storeCleanupWithContext, signal, createInjectorWithoutInjectorInstances, R3Injector, getNullInjector, internalImportProvidersFrom, initNgDevMode, fillProperties, getBindingsEnabled, lastNodeWasCreated, removeLViewOnDestroy, walkUpViews, getNativeByIndex, assertElement, arrayInsert2, arraySplice, setInjectorProfiler, NullInjector, ENVIRONMENT_INITIALIZER, INJECTOR_DEF_TYPES, walkProviderTree, getInjectorDef, deepForEach, isTypeProvider, isSignal, runInInjectionContext, ZONELESS_ENABLED, EffectScheduler, PendingTasks, assertTNodeCreationIndex, isSkipHydrationRootTNode, leaveSkipHydrationBlock, decreaseElementDepthCount, enterSkipHydrationBlock, getCurrentDirectiveDef, assertIndexInExpandoRange, getBindingIndex, assertOneOf, setInI18nBlock, nextContextImpl, getCurrentQueryIndex, getContextLView, load, keyValueArrayIndexOf, keyValueArraySet, keyValueArrayGet, incrementBindingIndex, isWritableSignal, store, providerToFactory, emitProviderConfiguredEvent, isClassProvider, getBindingRoot, NG_COMP_DEF, ɵɵresetView as __resetView, ɵɵnamespaceHTML as __namespaceHTML, ɵɵnamespaceMathML as __namespaceMathML, ɵɵnamespaceSVG as __namespaceSVG, ɵɵenableBindings as __enableBindings, ɵɵdisableBindings as __disableBindings, ɵɵrestoreView as __restoreView, forwardRef, NG_MOD_DEF, NG_INJ_DEF, NG_DIR_DEF, NG_PIPE_DEF, ZONELESS_SCHEDULER_DISABLED, SCHEDULE_IN_ROOT_ZONE, PROVIDED_ZONELESS, getNativeByTNodeOrNull } from './root_effect_scheduler.mjs';
 import { setActiveConsumer, SIGNAL, consumerDestroy, REACTIVE_NODE, consumerPollProducersForChange, consumerBeforeComputation, getActiveConsumer, consumerAfterComputation, createComputed, setThrowInvalidWriteToSignalError } from './signal.mjs';
 import { Subject, Subscription } from 'rxjs';
 import { setActiveConsumer as setActiveConsumer$1 } from '@angular/core/primitives/signals';
@@ -5622,13 +5622,6 @@ const VALID_ATTRS = merge(URI_ATTRS, HTML_ATTRS, ARIA_ATTRS);
 // `Some content`, but strip `invalid-element` opening/closing tags. For some elements, though, we
 // don't want to preserve the content, if the elements themselves are going to be removed.
 const SKIP_TRAVERSING_CONTENT_IF_INVALID_ELEMENTS = tagSet('script,style,template');
-/**
- * Attributes that are potential attach vectors and may need to be sanitized.
- */
-const SENSITIVE_ATTRS = merge(URI_ATTRS, 
-// Note: we don't include these attributes in `URI_ATTRS`, because `URI_ATTRS` also
-// determines whether an attribute should be dropped when sanitizing an HTML string.
-tagSet('action,formaction,data,codebase'));
 /**
  * SanitizingHtmlSerializer serializes a DOM fragment, stripping out any unsafe elements and unsafe
  * attributes.
@@ -6032,7 +6025,132 @@ var SecurityContext;
     SecurityContext[SecurityContext["SCRIPT"] = 3] = "SCRIPT";
     SecurityContext[SecurityContext["URL"] = 4] = "URL";
     SecurityContext[SecurityContext["RESOURCE_URL"] = 5] = "RESOURCE_URL";
+    SecurityContext[SecurityContext["ATTRIBUTE_NO_BINDING"] = 6] = "ATTRIBUTE_NO_BINDING";
 })(SecurityContext || (SecurityContext = {}));
+// =================================================================================================
+// =================================================================================================
+// =========== S T O P   -  S T O P   -  S T O P   -  S T O P   -  S T O P   -  S T O P  ===========
+// =================================================================================================
+// =================================================================================================
+//
+//        DO NOT EDIT THIS LIST OF SECURITY SENSITIVE PROPERTIES WITHOUT A SECURITY REVIEW!
+//
+// =================================================================================================
+/**
+ *  Map from tagName|propertyName to SecurityContext. Properties applying to all tags use '*'.
+ */
+let _SECURITY_SCHEMA;
+const SVG_NAMESPACE = 'svg';
+const MATH_ML_NAMESPACE = 'math';
+/**
+ * @remarks Keep is a copy of DOM Security Schema.
+ * @see [SECURITY_SCHEMA](../../../compiler/src/schema/dom_security_schema.ts)
+ */
+function SECURITY_SCHEMA() {
+    if (!_SECURITY_SCHEMA) {
+        _SECURITY_SCHEMA = {};
+        // Case is insignificant below, all element and attribute names are lower-cased for lookup.
+        registerContext(SecurityContext.HTML, /** Namespace */ undefined, [
+            ['iframe', ['srcdoc']],
+            ['*', ['innerHTML', 'outerHTML']],
+        ]);
+        registerContext(SecurityContext.STYLE, /** Namespace */ undefined, [['*', ['style']]]);
+        // NB: no SCRIPT contexts here, they are never allowed due to the parser stripping them.
+        registerContext(SecurityContext.URL, /** Namespace */ undefined, [
+            ['*', ['formAction']],
+            ['area', ['href']],
+            ['a', ['href', 'xlink:href']],
+            ['form', ['action']],
+            // The below two items are safe and should be removed but they require a G3 clean-up as a small number of tests fail.
+            ['img', ['src']],
+            ['video', ['src']],
+        ]);
+        registerContext(SecurityContext.URL, MATH_ML_NAMESPACE, [
+            // MathML namespace
+            // https://crsrc.org/c/third_party/blink/renderer/core/sanitizer/sanitizer.cc;l=753-768;drc=b3eb16372dcd3317d65e9e0265015e322494edcd;bpv=1;bpt=1
+            ['annotation', ['href', 'xlink:href']],
+            ['annotation-xml', ['href', 'xlink:href']],
+            ['maction', ['href', 'xlink:href']],
+            ['malignmark', ['href', 'xlink:href']],
+            ['math', ['href', 'xlink:href']],
+            ['mroot', ['href', 'xlink:href']],
+            ['msqrt', ['href', 'xlink:href']],
+            ['merror', ['href', 'xlink:href']],
+            ['mfrac', ['href', 'xlink:href']],
+            ['mglyph', ['href', 'xlink:href']],
+            ['msub', ['href', 'xlink:href']],
+            ['msup', ['href', 'xlink:href']],
+            ['msubsup', ['href', 'xlink:href']],
+            ['mmultiscripts', ['href', 'xlink:href']],
+            ['mprescripts', ['href', 'xlink:href']],
+            ['mi', ['href', 'xlink:href']],
+            ['mn', ['href', 'xlink:href']],
+            ['mo', ['href', 'xlink:href']],
+            ['mpadded', ['href', 'xlink:href']],
+            ['mphantom', ['href', 'xlink:href']],
+            ['mrow', ['href', 'xlink:href']],
+            ['ms', ['href', 'xlink:href']],
+            ['mspace', ['href', 'xlink:href']],
+            ['mstyle', ['href', 'xlink:href']],
+            ['mtable', ['href', 'xlink:href']],
+            ['mtd', ['href', 'xlink:href']],
+            ['mtr', ['href', 'xlink:href']],
+            ['mtext', ['href', 'xlink:href']],
+            ['mover', ['href', 'xlink:href']],
+            ['munder', ['href', 'xlink:href']],
+            ['munderover', ['href', 'xlink:href']],
+            ['semantics', ['href', 'xlink:href']],
+            ['none', ['href', 'xlink:href']],
+        ]);
+        registerContext(SecurityContext.RESOURCE_URL, /** Namespace */ undefined, [
+            ['base', ['href']],
+            ['embed', ['src']],
+            ['frame', ['src']],
+            ['iframe', ['src']],
+            ['link', ['href']],
+            ['object', ['codebase', 'data']],
+        ]);
+        registerContext(SecurityContext.URL, SVG_NAMESPACE, [['a', ['href', 'xlink:href']]]);
+        // Keep this in sync with SECURITY_SENSITIVE_ELEMENTS in packages/core/src/sanitization/sanitization.ts
+        // Unknown is the internal tag name for unknown elements example used for host-bindings.
+        // These are unsafe as `attributeName` can be `href` or `xlink:href`
+        // See: http://b/463880509#comment7
+        registerContext(SecurityContext.ATTRIBUTE_NO_BINDING, SVG_NAMESPACE, [
+            ['animate', ['attributeName', 'values', 'to', 'from']],
+            ['set', ['to', 'attributeName']],
+            ['animateMotion', ['attributeName']],
+            ['animateTransform', ['attributeName']],
+        ]);
+        registerContext(SecurityContext.ATTRIBUTE_NO_BINDING, /** Namespace */ undefined, [
+            [
+                'unknown',
+                [
+                    'attributeName',
+                    'values',
+                    'to',
+                    'from',
+                    'sandbox',
+                    'allow',
+                    'allowFullscreen',
+                    'referrerPolicy',
+                    'csp',
+                    'fetchPriority',
+                ],
+            ],
+            ['iframe', ['sandbox', 'allow', 'allowFullscreen', 'referrerPolicy', 'csp', 'fetchPriority']],
+        ]);
+    }
+    return _SECURITY_SCHEMA;
+}
+function registerContext(ctx, namespace, specs) {
+    for (const [element, attributeNames] of specs) {
+        let tagName = namespace && element !== '*' && element !== 'unknown' ? `:${namespace}:${element}` : element;
+        tagName = tagName.toLowerCase();
+        for (const attr of attributeNames) {
+            _SECURITY_SCHEMA[`${tagName}|${attr.toLowerCase()}`] = ctx;
+        }
+    }
+}
 
 /**
  * An `html` sanitizer which converts untrusted `html` **string** into trusted string by removing
@@ -6200,8 +6318,15 @@ function ɵɵtrustConstantResourceUrl(url) {
     return trustedScriptURLFromString(url[0]);
 }
 // Define sets outside the function for O(1) lookups and memory efficiency
-const SRC_RESOURCE_TAGS = new Set(['embed', 'frame', 'iframe', 'media', 'script']);
-const HREF_RESOURCE_TAGS = new Set(['base', 'link', 'script']);
+const RESOURCE_MAP = {
+    'embed': { 'src': true },
+    'frame': { 'src': true },
+    'iframe': { 'src': true },
+    'media': { 'src': true },
+    'base': { 'href': true },
+    'link': { 'href': true },
+    'object': { 'data': true, 'codebase': true },
+};
 /**
  * Detects which sanitizer to use for URL property, based on tag name and prop name.
  *
@@ -6210,9 +6335,7 @@ const HREF_RESOURCE_TAGS = new Set(['base', 'link', 'script']);
  * If tag and prop names don't match Resource URL schema, use URL sanitizer.
  */
 function getUrlSanitizer(tag, prop) {
-    const isResource = (prop === 'src' && SRC_RESOURCE_TAGS.has(tag)) ||
-        (prop === 'href' && HREF_RESOURCE_TAGS.has(tag)) ||
-        (prop === 'xlink:href' && tag === 'script');
+    const isResource = RESOURCE_MAP[tag.toLowerCase()]?.[prop.toLowerCase()] === true;
     return isResource ? ɵɵsanitizeResourceUrl : ɵɵsanitizeUrl;
 }
 /**
@@ -6246,24 +6369,32 @@ function getSanitizer() {
     const lView = getLView();
     return lView && lView[ENVIRONMENT].sanitizer;
 }
-const attributeName = new Set(['attributename']);
 /**
  * @remarks Keep this in sync with DOM Security Schema.
  * @see [SECURITY_SCHEMA](../../../compiler/src/schema/dom_security_schema.ts)
  */
+/**
+ * Set of attributes that are sensitive and should be sanitized.
+ */
+const SECURITY_SENSITIVE_ATTRIBUTE_NAMES = new Set(['href', 'xlink:href']);
 const SECURITY_SENSITIVE_ELEMENTS = {
-    'iframe': new Set([
-        'sandbox',
-        'allow',
-        'allowfullscreen',
-        'referrerpolicy',
-        'csp',
-        'fetchpriority',
-    ]),
-    'animate': attributeName,
-    'set': attributeName,
-    'animatemotion': attributeName,
-    'animatetransform': attributeName,
+    'iframe': {
+        'sandbox': true,
+        'allow': true,
+        'allowfullscreen': true,
+        'referrerpolicy': true,
+        'csp': true,
+        'fetchpriority': true,
+    },
+    ':svg:animate': {
+        'attributename': true,
+        'to': SECURITY_SENSITIVE_ATTRIBUTE_NAMES,
+        'values': SECURITY_SENSITIVE_ATTRIBUTE_NAMES,
+        'from': SECURITY_SENSITIVE_ATTRIBUTE_NAMES,
+    },
+    ':svg:set': { 'attributename': true, 'to': SECURITY_SENSITIVE_ATTRIBUTE_NAMES },
+    ':svg:animatemotion': { 'attributename': true },
+    ':svg:animatetransform': { 'attributename': true },
 };
 /**
  * Validates that the attribute binding is safe to use.
@@ -6275,22 +6406,54 @@ const SECURITY_SENSITIVE_ELEMENTS = {
 function ɵɵvalidateAttribute(value, tagName, attributeName) {
     const lowerCaseTagName = tagName.toLowerCase();
     const lowerCaseAttrName = attributeName.toLowerCase();
-    if (!SECURITY_SENSITIVE_ELEMENTS[lowerCaseTagName]?.has(lowerCaseAttrName)) {
+    const index = getSelectedIndex();
+    const tNode = index === -1 ? null : getSelectedTNode();
+    if (tNode && tNode.type !== 2 /* TNodeType.Element */) {
         return value;
     }
-    const tNode = getSelectedTNode();
-    if (tNode.type !== 2 /* TNodeType.Element */) {
+    // Leverage tNode.namespace if active, otherwise check both namespaced and base variants.
+    const fullTagName = lowerCaseTagName[0] !== ':' && tNode?.namespace
+        ? `:${tNode.namespace}:${lowerCaseTagName}`
+        : lowerCaseTagName;
+    const validationConfig = SECURITY_SENSITIVE_ELEMENTS[fullTagName]?.[lowerCaseAttrName];
+    if (!validationConfig) {
         return value;
     }
     const lView = getLView();
-    if (lowerCaseTagName === 'iframe') {
+    if (tNode && lowerCaseTagName === 'iframe') {
         const element = getNativeByTNode(tNode, lView);
         enforceIframeSecurity(element);
     }
+    const displayTagName = tagName[0] === ':' ? tagName.split(':').pop() : tagName;
+    if (typeof validationConfig !== 'boolean') {
+        if (!tNode) {
+            const errorMessage = ngDevMode &&
+                `Angular has detected that the \`${attributeName}\` was applied ` +
+                    `as a binding to the <${tagName}> element. ` +
+                    `For security reasons, the \`${attributeName}\` can be set on the <${tagName}> element ` +
+                    `as a static attribute only. \n` +
+                    `To fix this, switch the \`${attributeName}\` binding to a static attribute ` +
+                    `in a template or in host bindings section.`;
+            throw new RuntimeError(-910 /* RuntimeErrorCode.UNSAFE_ATTRIBUTE_BINDING */, errorMessage);
+        }
+        const element = getNativeByTNode(tNode, lView);
+        const attributeNameValue = element.getAttribute('attributeName');
+        if (attributeNameValue && validationConfig.has(attributeNameValue.toLowerCase())) {
+            const errorMessage = ngDevMode &&
+                `Angular has detected that the \`${attributeName}\` was applied ` +
+                    `as a binding to the <${displayTagName}> element${getTemplateLocationDetails(lView)}. ` +
+                    `For security reasons, the \`${attributeName}\` can be set on the <${displayTagName}> element ` +
+                    `as a static attribute only when the "attributeName" is set to \'${attributeNameValue}\'. \n` +
+                    `To fix this, switch the \`${attributeNameValue}\` binding to a static attribute ` +
+                    `in a template or in host bindings section.`;
+            throw new RuntimeError(-910 /* RuntimeErrorCode.UNSAFE_ATTRIBUTE_BINDING */, errorMessage);
+        }
+        return value;
+    }
     const errorMessage = ngDevMode &&
         `Angular has detected that the \`${attributeName}\` was applied ` +
-            `as a binding to the <${tagName}> element${getTemplateLocationDetails(lView)}. ` +
-            `For security reasons, the \`${attributeName}\` can be set on the <${tagName}> element ` +
+            `as a binding to the <${displayTagName}> element${tNode ? getTemplateLocationDetails(lView) : ''}. ` +
+            `For security reasons, the \`${attributeName}\` can be set on the <${displayTagName}> element ` +
             `as a static attribute only. \n` +
             `To fix this, switch the \`${attributeName}\` binding to a static attribute ` +
             `in a template or in host bindings section.`;
@@ -9178,6 +9341,9 @@ function locateHostElement(renderer, elementOrSelector, encapsulation, injector)
     // projection.
     const preserveContent = preserveHostContent || encapsulation === ViewEncapsulation.ShadowDom;
     const rootElement = renderer.selectRootElement(elementOrSelector, preserveContent);
+    if (rootElement.tagName.toLowerCase() === 'script') {
+        throw new RuntimeError(905 /* RuntimeErrorCode.UNSAFE_VALUE_IN_SCRIPT */, ngDevMode && `"<script>" tag is not allowed as a component host element.`);
+    }
     applyRootElementTransform(rootElement);
     return rootElement;
 }
@@ -11598,6 +11764,7 @@ function createTNode(tView, tParent, type, index, value, attrs) {
         flags,
         providerIndexes: 0,
         value: value,
+        namespace: getNamespace(),
         attrs: attrs,
         mergedAttrs: null,
         localNames: null,
@@ -14613,7 +14780,7 @@ function createHostElement(componentDef, renderer) {
     // dynamically. Default to 'div' if this component did not specify any tag name in its
     // selector.
     const tagName = inferTagNameFromDefinition(componentDef);
-    const namespace = tagName === 'svg' ? SVG_NAMESPACE : tagName === 'math' ? MATH_ML_NAMESPACE : null;
+    const namespace = tagName === 'svg' ? SVG_NAMESPACE$1 : tagName === 'math' ? MATH_ML_NAMESPACE$1 : null;
     return createElementNode(renderer, tagName, namespace);
 }
 /**
@@ -14721,7 +14888,7 @@ class ComponentFactory extends ComponentFactory$1 {
 }
 function createRootTView(rootSelectorOrNode, componentDef, componentBindings, directives) {
     const tAttributes = rootSelectorOrNode
-        ? ['ng-version', '20.3.21']
+        ? ['ng-version', '20.3.22']
         : // Extract attributes and classes from the first selector only to match VE behavior.
             extractAttrsAndClassesFromSelector(componentDef.selectors[0]);
     let creationBindings = null;
@@ -24338,7 +24505,14 @@ function applyUpdateOpCodes(tView, lView, updateOpCodes, bindingsStartIndex, cha
                                     setElementAttribute(lView[RENDERER], lView[nodeIndex], null, tNodeOrTagName, propName, value, sanitizeFn);
                                 }
                                 else {
-                                    setPropertyAndInputs(tNodeOrTagName, lView, propName, value, lView[RENDERER], sanitizeFn);
+                                    const prevSelectedIndex = getSelectedIndex();
+                                    setSelectedIndex(nodeIndex);
+                                    try {
+                                        setPropertyAndInputs(tNodeOrTagName, lView, propName, value, lView[RENDERER], sanitizeFn);
+                                    }
+                                    finally {
+                                        setSelectedIndex(prevSelectedIndex);
+                                    }
                                 }
                                 break;
                             case 0 /* I18nUpdateOpCode.Text */:
@@ -24918,7 +25092,10 @@ function i18nAttributesFirstPass(tView, index, values) {
                 // the compiler treats static i18n attributes as regular attribute bindings.
                 // Since this may not be the first i18n attribute on this element we need to pass in how
                 // many previous bindings there have already been.
-                generateBindingUpdateOpCodes(updateOpCodes, message, previousElementIndex, attrName, countBindings(updateOpCodes), i18nSanitizeAttribute(attrName));
+                const tagName = previousElement.namespace
+                    ? `:${previousElement.namespace}:${previousElement.value}`
+                    : previousElement.value;
+                generateBindingUpdateOpCodes(updateOpCodes, message, previousElementIndex, attrName, countBindings(updateOpCodes), i18nResolveSanitizer(attrName, tagName));
             }
         }
         tView.data[index] = updateOpCodes;
@@ -25244,9 +25421,15 @@ function walkIcuTree(ast, tView, tIcu, lView, sharedUpdateOpCodes, create, remov
                         const attr = elAttrs.item(i);
                         const lowerAttrName = attr.name.toLowerCase();
                         const hasBinding = !!attr.value.match(BINDING_REGEXP);
+                        const elementNS = element.namespaceURI;
+                        const tagNameWithNamespace = elementNS === 'http://www.w3.org/2000/svg'
+                            ? `:svg:${tagName}`
+                            : elementNS === 'http://www.w3.org/1998/Math/MathML'
+                                ? `:math:${tagName}`
+                                : tagName;
                         if (hasBinding) {
                             if (VALID_ATTRS.hasOwnProperty(lowerAttrName)) {
-                                generateBindingUpdateOpCodes(update, attr.value, newIndex, attr.name, 0, i18nSanitizeAttribute(lowerAttrName));
+                                generateBindingUpdateOpCodes(update, attr.value, newIndex, attr.name, 0, i18nResolveSanitizer(lowerAttrName, tagNameWithNamespace));
                             }
                             else {
                                 ngDevMode &&
@@ -25256,9 +25439,9 @@ function walkIcuTree(ast, tView, tIcu, lView, sharedUpdateOpCodes, create, remov
                             }
                         }
                         else if (VALID_ATTRS[lowerAttrName]) {
-                            if (SENSITIVE_ATTRS[lowerAttrName]) {
-                                // Don't sanitize, because no value is acceptable in sensitive attributes.
-                                // Translators are not allowed to create URIs.
+                            let val = attr.value;
+                            const sanitizer = i18nResolveSanitizer(lowerAttrName, tagNameWithNamespace);
+                            if (sanitizer) {
                                 if (typeof ngDevMode !== 'undefined' && ngDevMode) {
                                     console.warn(`WARNING: ignoring unsafe attribute ` +
                                         `${lowerAttrName} on element ${tagName} ` +
@@ -25267,7 +25450,7 @@ function walkIcuTree(ast, tView, tIcu, lView, sharedUpdateOpCodes, create, remov
                                 addCreateAttribute(create, newIndex, attr.name, 'unsafe:blocked');
                             }
                             else {
-                                addCreateAttribute(create, newIndex, attr.name, attr.value);
+                                addCreateAttribute(create, newIndex, attr.name, val);
                             }
                         }
                         else {
@@ -25347,26 +25530,49 @@ function addCreateNodeAndAppend(create, marker, text, appendToParentIdx, createA
 function addCreateAttribute(create, newIndex, attrName, attrValue) {
     create.push((newIndex << 1 /* IcuCreateOpCode.SHIFT_REF */) | 1 /* IcuCreateOpCode.Attr */, attrName, attrValue);
 }
-/**
- * Caches all keys of `SECURITY_SENSITIVE_ELEMENTS` in a Set to avoid recomputing
- * or scanning them on every invocation.
- */
-const SECURITY_SENSITIVE_ATTRS = /* @__PURE__ */ (() => new Set(Object.values(SECURITY_SENSITIVE_ELEMENTS).flatMap((attrs) => (attrs ? [...attrs.keys()] : []))))();
-/**
- * Returns a sanitizer for the given attribute name or null if the attribute is not security sensitive.
- *
- * @param attrName The name of the attribute to sanitize.
- * @returns The sanitizer for the given attribute name.
- */
-function i18nSanitizeAttribute(attrName) {
-    const lowerAttrName = attrName.toLowerCase();
-    if (SENSITIVE_ATTRS[lowerAttrName]) {
-        return _sanitizeUrl;
+function splitNsName(elementName, fatal = true) {
+    if (elementName[0] != ':') {
+        return [null, elementName];
     }
-    if (SECURITY_SENSITIVE_ATTRS.has(lowerAttrName)) {
-        return ɵɵvalidateAttribute;
+    const colonIndex = elementName.indexOf(':', 1);
+    if (colonIndex === -1) {
+        if (fatal) {
+            throw new Error(`Unsupported format "${elementName}" expecting ":namespace:name"`);
+        }
+        else {
+            return [null, elementName];
+        }
+    }
+    return [elementName.slice(1, colonIndex), elementName.slice(colonIndex + 1)];
+}
+function normalizeTagName(tagName) {
+    const tagNameLower = tagName.toLowerCase();
+    const [ns, name] = splitNsName(tagNameLower, false);
+    return ns === SVG_NAMESPACE$1 || ns === MATH_ML_NAMESPACE$1 ? `:${ns}:${name}` : name;
+}
+function i18nResolveSanitizer(attrName, tagName) {
+    const lowerAttrName = attrName.toLowerCase();
+    const lowerTagName = tagName ? normalizeTagName(tagName) : '*';
+    const schema = SECURITY_SCHEMA();
+    const schemaContext = schema[`${lowerTagName}|${lowerAttrName}`] ||
+        schema[`*|${lowerAttrName}`] ||
+        SecurityContext.NONE;
+    switch (schemaContext) {
+        case SecurityContext.HTML:
+            return ɵɵsanitizeHtml;
+        case SecurityContext.STYLE:
+            return ɵɵsanitizeStyle;
+        case SecurityContext.SCRIPT:
+            return ɵɵsanitizeScript;
+        case SecurityContext.URL:
+            return _sanitizeUrl;
+        case SecurityContext.RESOURCE_URL:
+            return ɵɵsanitizeResourceUrl;
+        case SecurityContext.ATTRIBUTE_NO_BINDING:
+            return ɵɵvalidateAttribute;
+        default:
+            return null;
     }
-    return null;
 }
 
 // i18nPostprocess consts