CodeSOD: Put Down the Pipe

, Software Pundits
This post was originally published on this site

The Daily WTF

Camden‘s team works on an internal Angular application. Angular is constantly releasing new versions, and while they’re largely backwards compatible, as the rule goes: every change breaks someone’s workflow. Camden’s team started to upgrade to Angular 12, only to discover that one of their dependencies wouldn’t resolve. It refused to work with any version of Angular greater than 8.

The specific dependency promised to safely sanitize external resources, like DOM snippets and URLs fetched from an external source. At its core, it wrapped around the Angular DomSanitizer object, which provided all the plumbing for handling sanitization.

So the TypeScript method looked like this:

public safePipe(value: string, type: SafePipeType): SafeHtml | SafeStyle | SafeScript | SafeUrl | SafeResourceUrl { switch (type) { case ‘html’: return this.sanitizer.bypassSecurityTrustHtml(value); case ‘style’: return this.sanitizer.bypassSecurityTrustStyle(value); case ‘script’: return this.sanitizer.bypassSecurityTrustScript(value); case ‘url’: return this.sanitizer.bypassSecurityTrustUrl(value); case ‘resourceUrl’: return this.sanitizer.bypassSecurityTrustResourceUrl(value); default: throw new Error(`SafePipe unable to bypass security for

To read the full article click on the 'post' link at the top.

Date

You May Also Like

A Tapestry of Threads

Error'd: Are You Old Enough to Know Better?

Perfect Uptime

Classic WTF: Working Around, Over and Through the Process

CodeSOD: Constantly Magic

CodeSOD: In House Refactoring

More Posts From: Software Pundits

Error'd: No Time Like the Present

CodeSOD: Don't Date Me

CodeSOD: Expressing a Leak

Representative Line: Broken Up With

COGNOS: Fast, Private & On-Demand Answers for Business Operations

CodeSOD: Where is the Validation At?