angular: getInertBodyElement returns null, crashing in _sanitizeHtml

🐞 bug report

Affected Package

The issue is caused by package @angular/core

Is this a regression?

Description

With IVY, the following line

parsedHtml = inertBodyElement!.innerHTML;

https://github.com/angular/angular/blob/3e1e5a15ba1d5a08daf9179083e3394df10299bb/packages/core/src/sanitization/html_sanitizer.ts#L267

causes this error

null is not an object (evaluating 'n.innerHTML')

I have real trouble to repro this consistently; and it happens only on a specific browser without access to the console (I’m not a mac developer).

But the getInertBodyElement CAN return null within a try/catch, but nothing is reported. The line inertBodyElement bypasses the nullability with !. And it happens ONLY with this browser:

Mobile Safari UI/WKWebView Version 14.1, 14.0, 13.7, 13.6, 12.4 To get that specific browser, you get it via an iPad app with a UIWebView

This is getting quite specific, but it happens a lot. Why in the first place there is no check for this nullability?

🔬 Minimal Reproduction

The data being passed in is <span class="quick-books-status"><img src="/assets/images/quick-books-pending.svg" title="QuickBooks Pending" alt="" /></span>

but I have doubts that this is the main issues.

🔥 Exception or Error




null is not an object (evaluating 'n.innerHTML')

🌍 Your Environment

Angular Version: 11.0.0




Angular CLI: 11.0.1
Node: 14.13.1
OS: win32 x64

Angular: 11.0.0
... animations, common, compiler, compiler-cli, core, forms
... language-service, localize, platform-browser
... platform-browser-dynamic, router
Ivy Workspace: Yes

Package                         Version
---------------------------------------------------------
@angular-devkit/architect       0.1100.1
@angular-devkit/build-angular   0.1100.1
@angular-devkit/core            11.0.1
@angular-devkit/schematics      11.0.1
@angular/cdk                    10.2.7
@angular/cli                    11.0.1
@angular/material               10.2.7
@schematics/angular             11.0.1
@schematics/update              0.1100.1
rxjs                            6.6.3
typescript                      4.0.5

Anything else relevant?

Yes. It’s a browser served in a UIWebView on an iPad; which results in Safari.

Example of a user-agent affected

Mozilla/5.0 (iPad; CPU OS 14_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148

About this issue

Original URL
State: closed
Created 4 years ago
Comments: 19 (9 by maintainers)

Commits related to this issue

fix(core): ensure sanitizer works if DOMParser return null body In some browsers, notably a mobile version of webkit on iPad, the result of calling `DOMParser.parseFromString()` returns a document wh... — committed to petebacondarwin/angular by petebacondarwin 4 years ago
fix(core): ensure sanitizer works if DOMParser return null body In some browsers, notably a mobile version of webkit on iPad, the result of calling `DOMParser.parseFromString()` returns a document wh... — committed to petebacondarwin/angular by petebacondarwin 4 years ago
fix(core): ensure sanitizer works if DOMParser return null body (#40107) In some browsers, notably a mobile version of webkit on iPad, the result of calling `DOMParser.parseFromString()` returns a do... — committed to angular/angular by petebacondarwin 4 years ago

Most upvoted comments

I created a PR that should fall back in this scenario… #40107

petebacondarwin on Dec 14, 2020