-
Notifications
You must be signed in to change notification settings - Fork 24.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(common): Allow safeUrl for ngSrc in NgOptimizedImage #51351
Conversation
d2f4cbe
to
61c1d1a
Compare
packages/common/src/directives/ng_optimized_image/ng_optimized_image.ts
Outdated
Show resolved
Hide resolved
packages/common/src/directives/ng_optimized_image/ng_optimized_image.ts
Outdated
Show resolved
Hide resolved
61c1d1a
to
a18c6dc
Compare
@atcastle thanks for addressing the feedback! The change looks great 👍 Could you please take a look at the failing |
a18c6dc
to
b8f1db2
Compare
b8f1db2
to
8e1841a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Allow safeUrl and add transformer to immediately convert ngSrc to string
8e1841a
to
70bcee7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
reviewed-for: public-api
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Reviewed-for: public-api
This PR was merged into the repository by commit d910bf8. |
Allow safeUrl and add transformer to immediately convert ngSrc to string PR Close #51351
Allow safeUrl and add transformer to immediately convert ngSrc to string PR Close angular#51351
Allow safeUrl and add transformer to immediately convert ngSrc to string PR Close angular#51351
This issue has been automatically locked due to inactivity. Read more about our automatic conversation locking policy. This action has been performed automatically by a bot. |
Allow safeUrl and add transformer to immediately convert ngSrc to string PR Close angular#51351
This PR makes a small change to NgOptimizedImage to properly allow inputs of the safeUrl type for ngSrc in NgOptimizedImage. This is purely for compatibility/migration concerns, as NgOptimizedImage does not enforce sanitization on the
src
url, as that is not an xss vector in modern browsers.The change is made using a transform which automatically unwraps provided safeUrl values, so the rest of the NgOptimizedImage still treats the ngSrc as always being a string.
CC: @AndrewKushnir @kara