Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate SafeStyle and DomSanitizer.bypassSecurityTrustStyle #40659

Open
jelbourn opened this issue Feb 1, 2021 · 1 comment
Open

Deprecate SafeStyle and DomSanitizer.bypassSecurityTrustStyle #40659

jelbourn opened this issue Feb 1, 2021 · 1 comment
Assignees
@AndrewKushnir
Labels
comp: core comp: security core: styling bindings P3 refactoring security
Milestone
Backlog

Comments

@jelbourn
Copy link
Member

@jelbourn jelbourn commented Feb 1, 2021

(copied from internal tracker)

The SafeStyle type is returned from the DomSanitizer.bypassSecurityTrustStyle method. Both of these APIs are apart of style sanitization in Angular. With the style sanitization refactor work, there will no longer be any need for these APIs in the framework, therefore, both the SafeStyle and DomSanitizer.bypassSecurityTrustStyle APIs will need to be deprecated.

The following steps need to be completed:

  • Deprecate SafeStyle in the API docs (@deprecated)
  • Deprecate DomSanitizer.bypassSecurityTrustStyle in the API docs (@deprecated)
  • Emit a warning message when DomSanitizer.bypassSecurityTrustStyle is used
  • Add entries to deprecation guide

Related design doc: https://hackmd.io/_sF2TzXLSiuuYbY88MpdQA?view
@jelbourn jelbourn added refactoring security comp: core comp: security core: styling bindings P3 labels Feb 1, 2021
@ngbot ngbot bot added this to the Backlog milestone Feb 1, 2021
@ngbot ngbot bot added this to the Backlog milestone Feb 1, 2021
@ngbot ngbot bot added this to the Backlog milestone Feb 1, 2021
@JoostK JoostK removed this from the Backlog milestone Dec 11, 2021
@JoostK JoostK added this to the v14-candidates milestone Dec 11, 2021
@alxhub alxhub removed this from the v14-candidates milestone Jan 18, 2022
@ngbot ngbot bot added this to the Backlog milestone Jan 18, 2022
@AndrewKushnir
Copy link
Contributor

@AndrewKushnir AndrewKushnir commented Jan 19, 2022

Just a quick update (as of 01/18/2022): it looks like the style-related cleanup is not fully completed (we still have ɵɵsanitizeStyle instructions in the code), so we can not deprecate the mentioned symbols just yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AndrewKushnir AndrewKushnir

Labels
comp: core comp: security core: styling bindings P3 refactoring security
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@JoostK @jelbourn @alxhub @AndrewKushnir