From 13ccce9fe40d99678150ee98ad8575895891101b Mon Sep 17 00:00:00 2001
From: Matthieu Riegler <kyro38@gmail.com>
Date: Thu, 21 May 2026 02:07:50 +0200
Subject: [PATCH] refactor(core): extend sanitization test coverage

This ensures that #68576 actually fixed a sanitization issue on uppercase elements/attributes
---
 .../core/test/render3/integration_spec.ts     | 46 ++++++++++++++++++-
 1 file changed, 45 insertions(+), 1 deletion(-)

diff --git a/packages/core/test/render3/integration_spec.ts b/packages/core/test/render3/integration_spec.ts
index 4ad749ab7a5f..2a405c55a2de 100644
--- a/packages/core/test/render3/integration_spec.ts
+++ b/packages/core/test/render3/integration_spec.ts
@@ -18,8 +18,8 @@ import {TestBed} from '../../testing';
 
 import {getLContext, readPatchedData} from '../../src/render3/context_discovery';
 import {CONTEXT, HEADER_OFFSET} from '../../src/render3/interfaces/view';
-import {Sanitizer} from '../../src/sanitization/sanitizer';
 import {SecurityContext} from '../../src/sanitization/dom_security_schema';
+import {Sanitizer} from '../../src/sanitization/sanitizer';
 
 describe('element discovery', () => {
   it('should only monkey-patch immediate child nodes in a component', () => {
@@ -691,6 +691,50 @@ describe('sanitization', () => {
     const fixture = TestBed.createComponent(TestComp);
     expect(() => fixture.detectChanges()).not.toThrow();
   });
+
+  it('should throw on uppercase iframe element', () => {
+    @Directive({
+      selector: '[unsafeUrlHostBindingDir]',
+      host: {
+        '[attr.src]': '"http://src-dir-value"',
+      },
+    })
+    class UnsafeUrlHostBindingDir {}
+
+    @Component({
+      imports: [UnsafeUrlHostBindingDir],
+      template: ` <IFRAME unsafeUrlHostBindingDir></IFRAME>`,
+      changeDetection: ChangeDetectionStrategy.Eager,
+    })
+    class SimpleComp {}
+
+    const fixture = TestBed.createComponent(SimpleComp);
+    expect(() => fixture.detectChanges()).toThrowError(
+      /NG0904: unsafe value used in a resource URL/,
+    );
+  });
+
+  it('should throw on uppercase SRC attribute on iframe element', () => {
+    @Directive({
+      selector: '[unsafeUrlHostBindingDir]',
+      host: {
+        '[attr.SRC]': '"http://src-dir-value"',
+      },
+    })
+    class UnsafeUrlHostBindingDir {}
+
+    @Component({
+      imports: [UnsafeUrlHostBindingDir],
+      template: ` <iframe unsafeUrlHostBindingDir></iframe>`,
+      changeDetection: ChangeDetectionStrategy.Eager,
+    })
+    class SimpleComp {}
+
+    const fixture = TestBed.createComponent(SimpleComp);
+    expect(() => fixture.detectChanges()).toThrowError(
+      /NG0904: unsafe value used in a resource URL/,
+    );
+  });
 });
 
 class LocalSanitizedValue {