From e45fd8c968984cb58771e20e8dfde27b26f4e334 Mon Sep 17 00:00:00 2001
From: 0XJacks <zeroxjacks@gmail.com>
Date: Fri, 20 Mar 2026 15:26:50 -0700
Subject: [PATCH] Update SRC_RESOURCE_TAGS to include 'object' tag

Added 'object' tag to SRC_RESOURCE_TAGS for improved sanitization.
---
 packages/core/src/sanitization/sanitization.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/packages/core/src/sanitization/sanitization.ts b/packages/core/src/sanitization/sanitization.ts
index 0b2c65ce1679..fb13669155fd 100644
--- a/packages/core/src/sanitization/sanitization.ts
+++ b/packages/core/src/sanitization/sanitization.ts
@@ -214,7 +214,14 @@ export function ɵɵtrustConstantResourceUrl(url: TemplateStringsArray): Trusted
 }
 
 // Define sets outside the function for O(1) lookups and memory efficiency
-const SRC_RESOURCE_TAGS = new Set(['embed', 'frame', 'iframe', 'media', 'script']);
+const SRC_RESOURCE_TAGS = new Set([
+  'embed',
+  'frame',
+  'iframe',
+  'media',
+  'object', //data attribute
+  'script',
+]);
 const HREF_RESOURCE_TAGS = new Set(['base', 'link', 'script']);
 
 /**