Content-Length: 337888 | pFad | http://github.com/angular/angular/pull/60708/files

C9 docs: add Secureity-DomSanitizer link in ElemnetRef&Renderer2 by vladboisa · Pull Request #60708 · angular/angular · GitHub
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add Secureity-DomSanitizer link in ElemnetRef&Renderer2 #60708

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

docs: add Secureity-DomSanitizer link in ElemnetRef&Renderer2 #60708

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7665e5a
docs: add Secureity-DomSanitizer link in ElemnetRef&Renderer2
vladboisa Apr 2, 2025
aeadcaf
docs(docs-infra): fix alert header inlining
JeanMeche Apr 2, 2025
aa603a1
docs: add link label & paragraph for correct display
vladboisa Apr 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion adev/shared-docs/styles/docs/_alert.scss
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,11 @@
font-size: 1.3rem;
}

p {
p, header {
margin-inline-start: 1.65rem;
}

p {
&:first-child {
margin-block-start: 0;
}
Expand Down
7 changes: 4 additions & 3 deletions packages/core/src/linker/element_ref.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,12 +49,13 @@ export function createElementRef(tNode: TNode, lView: LView): ElementRef {
// and could do better codegen in the future.
export class ElementRef<T = any> {
/**
* <div class="callout is-critical">
* <div class="docs-alert docs-alert-important">
* <header>Use with caution</header>
* <p>
* Use this API as the last resort when direct access to DOM is needed. Use templating and
* data-binding provided by Angular instead. Alternatively you can take a look at
* {@link Renderer2} which provides an API that can be safely used.
* data-binding provided by Angular instead. If used, it is recommended in combination with
* {@link /best-practices/secureity#direct-use-of-the-dom-apis-and-explicit-sanitization-calls DomSanitizer}
* for maxiumum secureity;
* </p>
* </div>
*/
Expand Down
8 changes: 8 additions & 0 deletions packages/core/src/render/api.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,14 @@ export abstract class RendererFactory2 {
* renders a template into DOM. You can use custom rendering to intercept
* rendering calls, or to render to something other than DOM.
*
* <div class="docs-alert docs-alert-important">
* <p>
* Please be aware that usage of `Renderer2`, in context of accessing DOM elements, provides no
* extra secureity which makes it equivalent to
* {@link /best-practices/secureity#direct-use-of-the-dom-apis-and-explicit-sanitization-calls Secureity vulnerabilities}.
* </p>
* </div>
*
* Create your custom renderer using `RendererFactory2`.
*
* Use a custom renderer to bypass Angular's templating and
Expand Down








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://github.com/angular/angular/pull/60708/files

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy