From 3dc45c3ad44e2572207b1140219951c4d0d606dd Mon Sep 17 00:00:00 2001 From: Bhuvansh855 Date: Thu, 28 May 2026 18:42:10 +0530 Subject: [PATCH] fix(compiler): restore audio src URL security context --- packages/compiler/src/schema/dom_security_schema.ts | 3 ++- .../compiler/test/schema/dom_element_schema_registry_spec.ts | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/compiler/src/schema/dom_security_schema.ts b/packages/compiler/src/schema/dom_security_schema.ts index 1acc4ede7df..7b848daeb72 100644 --- a/packages/compiler/src/schema/dom_security_schema.ts +++ b/packages/compiler/src/schema/dom_security_schema.ts @@ -63,9 +63,10 @@ export function SECURITY_SCHEMA(): {[k: string]: SecurityContext} { ['a', ['href', 'xlink:href']], ['form', ['action']], - // The below two items are safe and should be removed but they require a G3 clean-up as a small number of tests fail. + // The below items are safe and should be removed but they require a G3 clean-up as a small number of tests fail. ['img', ['src']], ['video', ['src']], + ['audio', ['src']], ]); registerContext(SecurityContext.URL, MATH_ML_NAMESPACE, [ diff --git a/packages/compiler/test/schema/dom_element_schema_registry_spec.ts b/packages/compiler/test/schema/dom_element_schema_registry_spec.ts index 839a206c508..e5bd938c139 100644 --- a/packages/compiler/test/schema/dom_element_schema_registry_spec.ts +++ b/packages/compiler/test/schema/dom_element_schema_registry_spec.ts @@ -153,6 +153,7 @@ If 'onAnything' is a directive input, make sure the directive is imported by the expect(registry.securityContext('p', 'innerHTML', false)).toBe(SecurityContext.HTML); expect(registry.securityContext('a', 'href', false)).toBe(SecurityContext.URL); expect(registry.securityContext('a', 'style', false)).toBe(SecurityContext.STYLE); + expect(registry.securityContext('audio', 'src', false)).toBe(SecurityContext.URL); expect(registry.securityContext('base', 'href', false)).toBe(SecurityContext.RESOURCE_URL); // SVG animate and set attributes