Merge pull request #388 from Lavaei/master

Add innerHTML as dangerous input in Angular 2+
2025-05-31 18:36:29 -04:00 · 2020-02-13 14:47:41 +00:00 · 2020-02-13 14:47:41 +00:00 · 709d6ebeb5
commit 709d6ebeb5
parent 916d54df11 92fb303ba0
2 changed files with 7 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 .DS_Store
 .*.icloud
 .gitkeep
+.idea
--- a/Pattern-Matching/dangerous-functions-angular.txt
+++ b/Pattern-Matching/dangerous-functions-angular.txt
@ -1,8 +1,14 @@
+# Angular pipes
 bypassSecurityTrustHtml
 bypassSecurityTrustScript
 bypassSecurityTrustStyle
 bypassSecurityTrustUrl
 bypassSecurityTrustResourceUrl
+
+# Angular inputs
+[innerHTML] #Insert given HTML without escaping dangerous characters
+
+# angular.js (aka Angular 1)
 trustAsHtml
 $eval
 $evalAsync