You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The sanitization should work the same as without flex-layout module
What is the current behavior?
: is being split in style value and may result in invalid (unsafe) style when sanitazing, warning: sanitizing unsafe style value url(https (see http://g.co/ng/security#xss)., the style is applied then correctly, just the warning shouldn't be there.
The text was updated successfully, but these errors were encountered:
meelkor
changed the title
flex-layout module breaks style sanitization when style value include colon
flex-layout module breaks style sanitization when style value includes colon
Dec 18, 2018
Bug Report
What is the expected behavior?
The sanitization should work the same as without flex-layout module
What is the current behavior?
:
is being split in style value and may result in invalid (unsafe) style when sanitazing, warning:sanitizing unsafe style value url(https (see http://g.co/ng/security#xss).
, the style is applied then correctly, just the warning shouldn't be there.What are the steps to reproduce?
Open console in:
https://stackblitz.com/edit/angular-flex-layout-seed-ubokny
Which versions of Angular, Material, OS, TypeScript, browsers are affected?
[email protected] + [email protected]
(maybe those two aren't supposed to work together? if so then please disregard this issue)
Is there anything else we should know?
I guess the
stringToKeyValue
is at fault as it assumes there is no other colon in the string.https://github.com/angular/flex-layout/blob/master/src/lib/extended/style/style-transforms.ts#L81
The text was updated successfully, but these errors were encountered: