Skip to content

Commit

Permalink
perf(core): use ngDevMode to tree-shake warnings (#39959)
Browse files Browse the repository at this point in the history
This commit adds `ngDevMode` guard to show sanitization warnings only
in dev mode (similar to how things work in other parts of Ivy runtime code).
The `ngDevMode` flag helps to tree-shake these warnings from production builds
(in dev mode everything will work as it works right now) to decrease production bundle size.

PR Close #39959
  • Loading branch information
arturovt authored and mhevery committed Dec 4, 2020
1 parent 16b706b commit 1e3534f
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 5 deletions.
2 changes: 1 addition & 1 deletion goldens/size-tracking/integration-payloads.json
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
"master": {
"uncompressed": {
"runtime-es2015": 2285,
"main-es2015": 242075,
"main-es2015": 241457,
"polyfills-es2015": 36709,
"5-es2015": 745
}
Expand Down
3 changes: 1 addition & 2 deletions packages/core/src/sanitization/html_sanitizer.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
* found in the LICENSE file at https://angular.io/license
*/

import {isDevMode} from '../util/is_dev_mode';
import {getInertBodyHelper, InertBodyHelper} from './inert_body';
import {_sanitizeUrl, sanitizeSrcset} from './url_sanitizer';

Expand Down Expand Up @@ -269,7 +268,7 @@ export function _sanitizeHtml(defaultDoc: any, unsafeHtmlInput: string): string
const sanitizer = new SanitizingHtmlSerializer();
const safeHtml = sanitizer.sanitizeChildren(
getTemplateContent(inertBodyElement!) as Element || inertBodyElement);
if (isDevMode() && sanitizer.sanitizedSomething) {
if ((typeof ngDevMode === 'undefined' || ngDevMode) && sanitizer.sanitizedSomething) {
console.warn(
'WARNING: sanitizing HTML stripped some content, see https://g.co/ng/security#xss');
}
Expand Down
3 changes: 1 addition & 2 deletions packages/core/src/sanitization/url_sanitizer.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
* found in the LICENSE file at https://angular.io/license
*/

import {isDevMode} from '../util/is_dev_mode';

/**
* A pattern that recognizes a commonly useful subset of URLs that are safe.
Expand Down Expand Up @@ -47,7 +46,7 @@ export function _sanitizeUrl(url: string): string {
url = String(url);
if (url.match(SAFE_URL_PATTERN) || url.match(DATA_URL_PATTERN)) return url;

if (isDevMode()) {
if (typeof ngDevMode === 'undefined' || ngDevMode) {
console.warn(`WARNING: sanitizing unsafe URL value ${url} (see https://g.co/ng/security#xss)`);
}

Expand Down

0 comments on commit 1e3534f

Please sign in to comment.