diff options
| author | Chirayu Krishnappa | 2013-07-16 12:48:29 -0700 |
|---|---|---|
| committer | Chirayu Krishnappa | 2013-07-18 11:29:50 -0700 |
| commit | 3e39ac7e1b10d4812a44dad2f959a93361cd823b (patch) | |
| tree | 96185a21871d78862c63e8c1adf16cf18d0f66c7 /test/ng | |
| parent | e449c6df06d92136f9fab95caa29ac2e74b5e58b (diff) | |
| download | angular.js-3e39ac7e1b10d4812a44dad2f959a93361cd823b.tar.bz2 | |
fix($compile): allow data: image URIs in img[src]
Ref: 1adf29af13890d61286840177607edd552a9df97
BREAKING CHANGE: img[src] URLs are now sanitized via a separate
whitelist regex instead of sharing the whitelist regex with a[href].
With this change, img[src] URLs may also be data: URI's matching
mime types image/*. mailto: URLs are disallowed (and do not make
sense for img[src] but were allowed under the a[href] whitelist used
before.)
Diffstat (limited to 'test/ng')
| -rwxr-xr-x | test/ng/compileSpec.js | 44 |
1 files changed, 30 insertions, 14 deletions
diff --git a/test/ng/compileSpec.js b/test/ng/compileSpec.js index e0c68301..97a58c10 100755 --- a/test/ng/compileSpec.js +++ b/test/ng/compileSpec.js @@ -2551,15 +2551,38 @@ describe('$compile', function() { expect(element.attr('src')).toBe('unsafe:javascript:doEvilStuff()'); })); - it('should sanitize data: urls', inject(function($compile, $rootScope) { + it('should sanitize non-image data: urls', inject(function($compile, $rootScope) { element = $compile('<img src="{{testUrl}}"></a>')($rootScope); - $rootScope.testUrl = "data:evilPayload"; + $rootScope.testUrl = "data:application/javascript;charset=US-ASCII,alert('evil!');"; + $rootScope.$apply(); + expect(element.attr('src')).toBe("unsafe:data:application/javascript;charset=US-ASCII,alert('evil!');"); + $rootScope.testUrl = "data:,foo"; $rootScope.$apply(); + expect(element.attr('src')).toBe("unsafe:data:,foo"); + })); + + + it('should not sanitize data: URIs for images', inject(function($compile, $rootScope) { + element = $compile('<img src="{{dataUri}}"></img>')($rootScope); - expect(element.attr('src')).toBe('unsafe:data:evilPayload'); + // image data uri + // ref: http://probablyprogramming.com/2009/03/15/the-tiniest-gif-ever + $rootScope.dataUri = "data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=="; + $rootScope.$apply(); + expect(element.attr('src')).toBe('data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=='); })); + // Fails on IE < 10 with "TypeError: Access is denied" when trying to set img[src] + if (!msie || msie > 10) { + it('should sanitize mailto: urls', inject(function($compile, $rootScope) { + element = $compile('<img src="{{testUrl}}"></a>')($rootScope); + $rootScope.testUrl = "mailto:foo@bar.com"; + $rootScope.$apply(); + expect(element.attr('src')).toBe('unsafe:mailto:foo@bar.com'); + })); + } + it('should sanitize obfuscated javascript: urls', inject(function($compile, $rootScope) { element = $compile('<img src="{{testUrl}}"></img>')($rootScope); @@ -2636,13 +2659,6 @@ describe('$compile', function() { $rootScope.$apply(); expect(element.attr('src')).toBe('ftp://foo.com/bar'); - // Fails on IE < 10 with "TypeError: Access is denied" when trying to set img[src] - if (!msie || msie > 10) { - $rootScope.testUrl = "mailto:foo@bar.com"; - $rootScope.$apply(); - expect(element.attr('src')).toBe('mailto:foo@bar.com'); - } - $rootScope.testUrl = "file:///foo/bar.html"; $rootScope.$apply(); expect(element.attr('src')).toBe('file:///foo/bar.html'); @@ -2660,8 +2676,8 @@ describe('$compile', function() { it('should allow reconfiguration of the src whitelist', function() { module(function($compileProvider) { - expect($compileProvider.urlSanitizationWhitelist() instanceof RegExp).toBe(true); - var returnVal = $compileProvider.urlSanitizationWhitelist(/javascript:/); + expect($compileProvider.imgSrcSanitizationWhitelist() instanceof RegExp).toBe(true); + var returnVal = $compileProvider.imgSrcSanitizationWhitelist(/javascript:/); expect(returnVal).toBe($compileProvider); }); @@ -2812,8 +2828,8 @@ describe('$compile', function() { it('should allow reconfiguration of the href whitelist', function() { module(function($compileProvider) { - expect($compileProvider.urlSanitizationWhitelist() instanceof RegExp).toBe(true); - var returnVal = $compileProvider.urlSanitizationWhitelist(/javascript:/); + expect($compileProvider.aHrefSanitizationWhitelist() instanceof RegExp).toBe(true); + var returnVal = $compileProvider.aHrefSanitizationWhitelist(/javascript:/); expect(returnVal).toBe($compileProvider); }); |