Skip to content

[Backport 20.3.x] fix(common): Limits date format string length#69197

Open
SkyZeroZx wants to merge 1 commit into
angular:20.3.xfrom
SkyZeroZx:backport-69000-to-20.3.x
Open

[Backport 20.3.x] fix(common): Limits date format string length#69197
SkyZeroZx wants to merge 1 commit into
angular:20.3.xfrom
SkyZeroZx:backport-69000-to-20.3.x

Conversation

@SkyZeroZx
Copy link
Copy Markdown
Contributor

@SkyZeroZx SkyZeroZx commented Jun 5, 2026

Backport of #69000

@SkyZeroZx
fix(common): Limits date format string length
04eac6d 
Introduces a maximum length of 256 characters for date format strings.

This prevents potential Denial of Service (DoS) attacks by throwing an
`INVALID_DATE_FORMAT` error if an excessively long format string is
provided to `formatDate` or `DatePipe`, safeguarding against performance
degradation or application crashes.

(cherry picked from commit 35de6b3)
@pullapprove pullapprove Bot requested a review from kirjs June 5, 2026 19:18
@angular-robot angular-robot Bot added the area: common Issues related to APIs in the @angular/common package label Jun 5, 2026
@ngbot ngbot Bot added this to the Backlog milestone Jun 5, 2026
@JeanMeche JeanMeche removed the request for review from kirjs June 5, 2026 22:13
@JeanMeche JeanMeche added action: merge The PR is ready for merge by the caretaker target: lts This PR is targeting a version currently in long-term support labels Jun 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JeanMeche JeanMeche JeanMeche approved these changes

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker area: common Issues related to APIs in the @angular/common package target: lts This PR is targeting a version currently in long-term support

Projects

None yet

Milestone

Backlog

Development

Successfully merging this pull request may close these issues.

2 participants

@SkyZeroZx @JeanMeche