Skip to content

Commit b4263f0

Browse files
wagnermacielwagnermaciel
committed
fix(material-experimental/mdc-slider): make small fixes needed to implement the gmat mdc slider internally
* change imports of @material/base to @material/base/types * explicitly check attributes when calling setAttribute to prevent xss
1 parent 5832463 commit b4263f0

File tree

2 files changed

+24
-3
lines changed

2 files changed

+24
-3
lines changed

src/material-experimental/mdc-slider/global-change-and-input-listener.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88

99
import {DOCUMENT} from '@angular/common';
1010
import {Inject, Injectable, NgZone, OnDestroy} from '@angular/core';
11-
import {SpecificEventListener} from '@material/base';
11+
import {SpecificEventListener} from '@material/base/types';
1212
import {fromEvent, Observable, Subject, Subscription} from 'rxjs';
1313
import {finalize, share, takeUntil} from 'rxjs/operators';
1414

src/material-experimental/mdc-slider/slider.ts

Lines changed: 23 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ import {
5151
RippleRef,
5252
RippleState,
5353
} from '@angular/material/core';
54-
import {SpecificEventListener, EventType} from '@material/base';
54+
import {SpecificEventListener, EventType} from '@material/base/types';
5555
import {MDCSliderAdapter, MDCSliderFoundation, Thumb, TickMark} from '@material/slider';
5656
import {Subscription} from 'rxjs';
5757
import {GlobalChangeAndInputListener} from './global-change-and-input-listener';
@@ -977,7 +977,28 @@ class SliderAdapter implements MDCSliderAdapter {
977977
return this._delegate._getInputElement(thumbPosition).getAttribute(attribute);
978978
}
979979
setInputAttribute = (attribute: string, value: string, thumbPosition: Thumb): void => {
980-
this._delegate._getInputElement(thumbPosition).setAttribute(attribute, value);
980+
const input = this._delegate._getInputElement(thumbPosition);
981+
982+
// Explicitly check the attribute we are setting to prevent xss.
983+
switch (attribute) {
984+
case 'aria-valuetext':
985+
input.setAttribute('aria-valuetext', value);
986+
break;
987+
case 'disabled':
988+
input.setAttribute('disabled', value);
989+
break;
990+
case 'min':
991+
input.setAttribute('min', value);
992+
break;
993+
case 'max':
994+
input.setAttribute('max', value);
995+
break;
996+
case 'value':
997+
input.setAttribute('value', value);
998+
break;
999+
case 'step':
1000+
input.setAttribute('step', value);
1001+
}
9811002
}
9821003
removeInputAttribute = (attribute: string, thumbPosition: Thumb): void => {
9831004
this._delegate._getInputElement(thumbPosition).removeAttribute(attribute);

0 commit comments

Comments
 (0)