PR Checklist

Please check if your PR fulfills the following requirements:

• The commit message follows our guidelines: https://github.com/angular/angular/blob/main/contributing-docs/commit-message-guidelines.md
• [x ] Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)

PR Type

What kind of change does this PR introduce?

• [x ] Bugfix
• Feature
• Code style update (formatting, local variables)
• Refactoring (no functional changes, no api changes)
• Build related changes
• CI related changes
• Documentation content changes
• angular.dev application / infrastructure changes
• Other... Please describe:

What is the current behavior?

Currently, several element-attribute pairs that function as URL or Resource URL sinks are not registered in the DomSanitizer security schema (SECURITY_SCHEMA). This means that values bound to these properties (e.g., meta[content], table[background], or svg:use[href]) are not automatically validated against Angular's security contexts at compile time.

Issue Number: N/A (Proactive security hardening)

What is the new behavior?

This PR expands the dom_security_schema.ts to include these missing sinks.

meta|content and background attributes are now registered under SecurityContext.URL.
use|href and use|xlink:href are now registered under SecurityContext.RESOURCE_URL.
This ensures the framework provides "Secure by Default" protection for these attributes by generating the appropriate ɵɵsanitizeUrl or ɵɵsanitizeResourceUrl instructions.

Does this PR introduce a breaking change?

• Yes
• No

Other information

This update aligns the Angular security schema with modern browser behaviors and MDN standards for URL-handling attributes. By registering these sinks, we provide a consistent defense-in-depth posture across all valid HTML and SVG resource-loading paths.