diff options
| author | Pete Bacon Darwin | 2013-12-03 10:39:09 +0000 |
|---|---|---|
| committer | Pete Bacon Darwin | 2013-12-03 13:35:09 +0000 |
| commit | 81b81856ee43d2876927c4e1f774affa87e99707 (patch) | |
| tree | abb95325f4caf048aebbdb25346065389aaae0f6 | |
| parent | fd4b99936e6ef14e9ff04e10a95410d31f063d71 (diff) | |
| download | angular.js-81b81856ee43d2876927c4e1f774affa87e99707.tar.bz2 | |
fix($sanitize): don't rely on YARR regex engine executing immediately
In Safari 7 (and other browsers potentially using the latest YARR JIT library)
regular expressions are not always executed immediately that they are called.
The regex is only evaluated (lazily) when you first access properties on the `matches`
result object returned from the regex call.
In the case of `decodeEntities()`, we were updating this returned object, `parts[0] = ''`,
before accessing it, `if (parts[2])', and so our change was overwritten by the result
of executing the regex.
The solution here is not to modify the match result object at all. We only need to make use
of the three match results directly in code.
Developers should be aware, in the future, when using regex, to read from the result object
before making modifications to it.
There is no additional test committed here, because when run against Safari 7, this
bug caused numerous specs to fail, which are all fixed by this commit.
Closes #5193
Closes #5192
| -rw-r--r-- | src/ngSanitize/sanitize.js | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/src/ngSanitize/sanitize.js b/src/ngSanitize/sanitize.js index 5d378b02..e669e77a 100644 --- a/src/ngSanitize/sanitize.js +++ b/src/ngSanitize/sanitize.js @@ -360,25 +360,27 @@ function htmlParser( html, handler ) { } } +var hiddenPre=document.createElement("pre"); +var spaceRe = /^(\s*)([\s\S]*?)(\s*)$/; /** * decodes all entities into regular string * @param value * @returns {string} A string with decoded entities. */ -var hiddenPre=document.createElement("pre"); function decodeEntities(value) { - if (!value) { - return ''; - } + if (!value) { return ''; } + // Note: IE8 does not preserve spaces at the start/end of innerHTML - var spaceRe = /^(\s*)([\s\S]*?)(\s*)$/; + // so we must capture them and reattach them afterward var parts = spaceRe.exec(value); - parts[0] = ''; - if (parts[2]) { - hiddenPre.innerHTML=parts[2].replace(/</g,"<"); - parts[2] = hiddenPre.innerText || hiddenPre.textContent; + var spaceBefore = parts[1]; + var spaceAfter = parts[3]; + var content = parts[2]; + if (content) { + hiddenPre.innerHTML=content.replace(/</g,"<"); + content = hiddenPre.innerText || hiddenPre.textContent; } - return parts.join(''); + return spaceBefore + content + spaceAfter; } /** |