fix(material-experimental/mdc-slider): make small fixes needed to implement the gmat mdc slider internally

wagnermaciel · wagnermaciel · commit 328bf054373e · 2021-05-12T13:44:37.000-07:00
* change imports of @material/base to @material/base/types
* explicitly check attributes when calling setAttribute to prevent xss
diff --git a/src/material-experimental/mdc-slider/global-change-and-input-listener.ts b/src/material-experimental/mdc-slider/global-change-and-input-listener.ts
@@ -8,7 +8,7 @@
 
 import {DOCUMENT} from '@angular/common';
 import {Inject, Injectable, NgZone, OnDestroy} from '@angular/core';
-import {SpecificEventListener} from '@material/base';
+import {SpecificEventListener} from '@material/base/types';
 import {fromEvent, Observable, Subject, Subscription} from 'rxjs';
 import {finalize, share, takeUntil} from 'rxjs/operators';
 
diff --git a/src/material-experimental/mdc-slider/slider.ts b/src/material-experimental/mdc-slider/slider.ts
@@ -51,7 +51,7 @@ import {
   RippleRef,
   RippleState,
 } from '@angular/material/core';
-import {SpecificEventListener, EventType} from '@material/base';
+import {SpecificEventListener, EventType} from '@material/base/types';
 import {MDCSliderAdapter, MDCSliderFoundation, Thumb, TickMark} from '@material/slider';
 import {Subscription} from 'rxjs';
 import {GlobalChangeAndInputListener} from './global-change-and-input-listener';
@@ -977,7 +977,15 @@ class SliderAdapter implements MDCSliderAdapter {
     return this._delegate._getInputElement(thumbPosition).getAttribute(attribute);
   }
   setInputAttribute = (attribute: string, value: string, thumbPosition: Thumb): void => {
-    this._delegate._getInputElement(thumbPosition).setAttribute(attribute, value);
+    const input = this._delegate._getInputElement(thumbPosition);
+
+    // Explicitly check the attribute we are setting to prevent xss.
+    if (attribute === 'aria-valuetext') { input.setAttribute('aria-valuetext', value); }
+    else if (attribute === 'disabled') { input.setAttribute('disabled', value); }
+    else if (attribute === 'min') { input.setAttribute('min', value); }
+    else if (attribute === 'max') { input.setAttribute('max', value); }
+    else if (attribute === 'value') { input.setAttribute('value', value); }
+    else if (attribute === 'step') { input.setAttribute('step', value); }
   }
   removeInputAttribute = (attribute: string, thumbPosition: Thumb): void => {
     this._delegate._getInputElement(thumbPosition).removeAttribute(attribute);
