js · @angular/compilerHeads-up
@angular/compiler fails to sanitize two-way property bindings on sensitive DOM properties
The @angular/compiler package fails to apply sanitizer resolution to two-way property bindings on sensitive DOM properties, bypassing built-in sanitization.
What changed
The @angular/compiler package fails to apply sanitizer resolution to two-way property bindings on sensitive DOM properties, bypassing built-in sanitization.
Who it affects
Angular applications using two-way data binding on security-sensitive native DOM properties (e.g., innerHTML, href, src) with user-controlled input and no additional sanitization.
What to do today
Update @angular/compiler to version 22.0.1, 21.2.17, or 20.3.25 depending on your Angular version.
The trail
Collected→
Audited→
Written→
Published