Commit1e3534f

arturovt

authored and

mhevery

committed

perf(core): usengDevMode to tree-shake warnings (#39959)

This commit adds `ngDevMode` guard to show sanitization warnings onlyin dev mode (similar to how things work in other parts of Ivy runtime code).The `ngDevMode` flag helps to tree-shake these warnings from production builds(in dev mode everything will work as it works right now) to decrease production bundle size.PRClose#39959

1 parent16b706b commit1e3534fCopy full SHA for 1e3534f

File tree

3 files changed

-5

lines changed

goldens/size-tracking
- integration-payloads.json
packages/core/src/sanitization
- html_sanitizer.ts
- url_sanitizer.ts

3 files changed

-5

lines changed

`‎goldens/size-tracking/integration-payloads.json‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@`
`39`	`39`	`"master": {`
`40`	`40`	`"uncompressed": {`
`41`	`41`	`"runtime-es2015":2285,`
`42`		`-"main-es2015":242075,`
	`42`	`+"main-es2015":241457,`
`43`	`43`	`"polyfills-es2015":36709,`
`44`	`44`	`"5-es2015":745`
`45`	`45`	`}`

`‎packages/core/src/sanitization/html_sanitizer.ts‎`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,6 @@`
`6`	`6`	`* found in the LICENSE file at https://angular.io/license`
`7`	`7`	`*/`
`8`	`8`
`9`		`-import{isDevMode}from'../util/is_dev_mode';`
`10`	`9`	`import{getInertBodyHelper,InertBodyHelper}from'./inert_body';`
`11`	`10`	`import{_sanitizeUrl,sanitizeSrcset}from'./url_sanitizer';`
`12`	`11`
`@@ -269,7 +268,7 @@ export function _sanitizeHtml(defaultDoc: any, unsafeHtmlInput: string): string`
`269`	`268`	`constsanitizer=newSanitizingHtmlSerializer();`
`270`	`269`	`constsafeHtml=sanitizer.sanitizeChildren(`
`271`	`270`	`getTemplateContent(inertBodyElement!)asElement\|\|inertBodyElement);`
`272`		`-if(isDevMode()&&sanitizer.sanitizedSomething){`
	`271`	`+if((typeofngDevMode==='undefined'\|\|ngDevMode)&&sanitizer.sanitizedSomething){`
`273`	`272`	`console.warn(`
`274`	`273`	`'WARNING: sanitizing HTML stripped some content, see https://g.co/ng/security#xss');`
`275`	`274`	`}`

`‎packages/core/src/sanitization/url_sanitizer.ts‎`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,6 @@`
`6`	`6`	`* found in the LICENSE file at https://angular.io/license`
`7`	`7`	`*/`
`8`	`8`
`9`		`-import{isDevMode}from'../util/is_dev_mode';`
`10`	`9`
`11`	`10`	`/**`
`12`	`11`	`* A pattern that recognizes a commonly useful subset of URLs that are safe.`
`@@ -47,7 +46,7 @@ export function _sanitizeUrl(url: string): string {`
`47`	`46`	`url=String(url);`
`48`	`47`	`if(url.match(SAFE_URL_PATTERN)\|\|url.match(DATA_URL_PATTERN))returnurl;`
`49`	`48`
`50`		`-if(isDevMode()){`
	`49`	`+if(typeofngDevMode==='undefined'\|\|ngDevMode){`
`51`	`50`	console.warn(`WARNING: sanitizing unsafe URL value${url} (see https://g.co/ng/security#xss)`);
`52`	`51`	`}`
`53`	`52`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit1e3534f

File tree

3 files changed

3 files changed

`‎goldens/size-tracking/integration-payloads.json‎`

`‎packages/core/src/sanitization/html_sanitizer.ts‎`

`‎packages/core/src/sanitization/url_sanitizer.ts‎`

0 commit comments