(value: T, tagName: string, attributeName: string)
| 315 | * @param attributeName The name of the attribute. |
| 316 | */ |
| 317 | export function ɵɵvalidateAttribute<T = any>(value: T, tagName: string, attributeName: string): T { |
| 318 | const lowerCaseTagName = tagName.toLowerCase(); |
| 319 | const lowerCaseAttrName = attributeName.toLowerCase(); |
| 320 | |
| 321 | const index = getSelectedIndex(); |
| 322 | const tNode: TNode | null = index === -1 ? null : getSelectedTNode(); |
| 323 | if (tNode && tNode.type !== TNodeType.Element) { |
| 324 | return value; |
| 325 | } |
| 326 | |
| 327 | // Leverage tNode.namespace if active, otherwise check both namespaced and base variants. |
| 328 | const fullTagName = |
| 329 | lowerCaseTagName[0] !== ':' && tNode?.namespace |
| 330 | ? `:${tNode.namespace}:${lowerCaseTagName}` |
| 331 | : lowerCaseTagName; |
| 332 | |
| 333 | const validationConfig = SECURITY_SENSITIVE_ELEMENTS[fullTagName]?.[lowerCaseAttrName]; |
| 334 | |
| 335 | if (!validationConfig) { |
| 336 | return value; |
| 337 | } |
| 338 | |
| 339 | const lView = getLView(); |
| 340 | if (tNode && lowerCaseTagName === 'iframe') { |
| 341 | const element = getNativeByTNode(tNode, lView) as RElement; |
| 342 | enforceIframeSecurity(element as HTMLIFrameElement); |
| 343 | } |
| 344 | |
| 345 | const displayTagName = tagName[0] === ':' ? tagName.split(':').pop()! : tagName; |
| 346 | |
| 347 | if (typeof validationConfig !== 'boolean') { |
| 348 | if (!tNode) { |
| 349 | const errorMessage = |
| 350 | ngDevMode && |
| 351 | `Angular has detected that the \`${attributeName}\` was applied ` + |
| 352 | `as a binding to the <${tagName}> element. ` + |
| 353 | `For security reasons, the \`${attributeName}\` can be set on the <${tagName}> element ` + |
| 354 | `as a static attribute only. \n` + |
| 355 | `To fix this, switch the \`${attributeName}\` binding to a static attribute ` + |
| 356 | `in a template or in host bindings section.`; |
| 357 | throw new RuntimeError(RuntimeErrorCode.UNSAFE_ATTRIBUTE_BINDING, errorMessage); |
| 358 | } |
| 359 | |
| 360 | const element = getNativeByTNode(tNode, lView) as SVGAnimateElement; |
| 361 | const attributeNameValue = getSecuritySensitiveSVGAnimationAttributeName( |
| 362 | element, |
| 363 | validationConfig, |
| 364 | ); |
| 365 | |
| 366 | if (attributeNameValue) { |
| 367 | const errorMessage = |
| 368 | ngDevMode && |
| 369 | `Angular has detected that the \`${attributeName}\` was applied ` + |
| 370 | `as a binding to the <${displayTagName}> element${getTemplateLocationDetails(lView)}. ` + |
| 371 | `For security reasons, the \`${attributeName}\` can be set on the <${displayTagName}> element ` + |
| 372 | `as a static attribute only when the "attributeName" is set to \'${attributeNameValue}\'. \n` + |
| 373 | `To fix this, switch the \`${attributeNameValue}\` binding to a static attribute ` + |
| 374 | `in a template or in host bindings section.`; |
nothing calls this directly
no test coverage detected
searching dependent graphs…