diff options
Diffstat (limited to 'docs/content/error/sce')
| -rw-r--r-- | docs/content/error/sce/icontext.ngdoc | 2 | ||||
| -rw-r--r-- | docs/content/error/sce/iequirks.ngdoc | 2 | ||||
| -rw-r--r-- | docs/content/error/sce/imatcher.ngdoc | 4 | ||||
| -rw-r--r-- | docs/content/error/sce/insecurl.ngdoc | 10 | ||||
| -rw-r--r-- | docs/content/error/sce/itype.ngdoc | 4 | ||||
| -rw-r--r-- | docs/content/error/sce/iwcard.ngdoc | 4 | ||||
| -rw-r--r-- | docs/content/error/sce/unsafe.ngdoc | 4 |
7 files changed, 15 insertions, 15 deletions
diff --git a/docs/content/error/sce/icontext.ngdoc b/docs/content/error/sce/icontext.ngdoc index d1a1ba91..3ce8eccd 100644 --- a/docs/content/error/sce/icontext.ngdoc +++ b/docs/content/error/sce/icontext.ngdoc @@ -3,6 +3,6 @@ @fullName Invalid / Unknown SCE context @description -The context enum passed to {@link api/ng.$sce#trustAs $sce.trustAs} was not recognized. +The context enum passed to {@link api/ng.$sce#methods_trustAs $sce.trustAs} was not recognized. Please consult the list of {@link api/ng.$sce#contexts supported Strict Contextual Escaping (SCE) contexts}. diff --git a/docs/content/error/sce/iequirks.ngdoc b/docs/content/error/sce/iequirks.ngdoc index c5da20ee..b63e540b 100644 --- a/docs/content/error/sce/iequirks.ngdoc +++ b/docs/content/error/sce/iequirks.ngdoc @@ -3,7 +3,7 @@ @fullName IE8 in quirks mode is unsupported @description -This error occurs when you are using AngularJS with {@link api/ng.$sce#strictcontextualescaping Strict Contextual Escaping (SCE)} mode enabled (the default) on IE8 or lower in quirks mode. +This error occurs when you are using AngularJS with {@link api/ng.$sce Strict Contextual Escaping (SCE)} mode enabled (the default) on IE8 or lower in quirks mode. In this mode, IE8 allows one to execute arbitrary javascript by the use of the `expression()` syntax and is not supported. Refer {@link http://blogs.msdn.com/b/ie/archive/2008/10/16/ending-expressions.aspx MSDN Blogs > IEBlog > Ending Expressions} to learn more about them. diff --git a/docs/content/error/sce/imatcher.ngdoc b/docs/content/error/sce/imatcher.ngdoc index 8c4f0a4c..86d27f13 100644 --- a/docs/content/error/sce/imatcher.ngdoc +++ b/docs/content/error/sce/imatcher.ngdoc @@ -3,7 +3,7 @@ @fullName Invalid matcher (only string patterns and RegExp instances are supported) @description -Please see {@link api/ng.$sceDelegateProvider#resourceUrlWhitelist +Please see {@link api/ng.$sceDelegateProvider#methods_resourceUrlWhitelist $sceDelegateProvider.resourceUrlWhitelist} and {@link -api/ng.$sceDelegateProvider#resourceUrlBlacklist $sceDelegateProvider.resourceUrlBlacklist} for the +api/ng.$sceDelegateProvider#methods_resourceUrlBlacklist $sceDelegateProvider.resourceUrlBlacklist} for the list of acceptable items. diff --git a/docs/content/error/sce/insecurl.ngdoc b/docs/content/error/sce/insecurl.ngdoc index b5d3ce84..e7c61010 100644 --- a/docs/content/error/sce/insecurl.ngdoc +++ b/docs/content/error/sce/insecurl.ngdoc @@ -3,21 +3,21 @@ @fullName Processing of a Resource from Untrusted Source Blocked @description -AngularJS' {@link api/ng.$sce#strictcontextualescaping Strict Contextual Escaping (SCE)} mode (enabled by default) has blocked loading a resource from an insecure URL. +AngularJS' {@link api/ng.$sce Strict Contextual Escaping (SCE)} mode (enabled by default) has blocked loading a resource from an insecure URL. Typically, this would occur if you're attempting to load an Angular template from an untrusted source. It's also possible that a custom directive threw this error for a similar reason. -Angular only loads templates from trusted URLs (by calling {@link api/ng.$sce#getTrustedResourceUrl $sce.getTrustedResourceUrl} on the template URL). +Angular only loads templates from trusted URLs (by calling {@link api/ng.$sce#methods_getTrustedResourceUrl $sce.getTrustedResourceUrl} on the template URL). By default, only URLs that belong to the same origin are trusted. These are urls with the same domain and protocol as the application document. The {@link api/ng.directive:ngInclude ngInclude} directive and {@link guide/directive directives} that specify a `templateUrl` require a trusted resource URL. To load templates from other domains and/or protocols, either adjust the {@link -api/ng.$sceDelegateProvider#resourceUrlWhitelist whitelist}/ {@link -api/ng.$sceDelegateProvider#resourceUrlBlacklist blacklist} or wrap the URL with a call to {@link -api/ng.$sce#trustAsResourceUrl $sce.trustAsResourceUrl}. +api/ng.$sceDelegateProvider#methods_resourceUrlWhitelist whitelist}/ {@link +api/ng.$sceDelegateProvider#methods_resourceUrlBlacklist blacklist} or wrap the URL with a call to {@link +api/ng.$sce#methods_trustAsResourceUrl $sce.trustAsResourceUrl}. **Note**: The browser's {@link https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_XMLHttpRequest Same Origin diff --git a/docs/content/error/sce/itype.ngdoc b/docs/content/error/sce/itype.ngdoc index de7a5a5e..04106afa 100644 --- a/docs/content/error/sce/itype.ngdoc +++ b/docs/content/error/sce/itype.ngdoc @@ -3,6 +3,6 @@ @fullName String Value is Required for SCE Trust Call @description -{@link api/ng.$sce#trustAs $sce.trustAs} requires a string value. +{@link api/ng.$sce#methods_trustAs $sce.trustAs} requires a string value. -Read more about {@link api/ng.$sce#strictcontextualescaping Strict Contextual Escaping (SCE)} in AngularJS. +Read more about {@link api/ng.$sce Strict Contextual Escaping (SCE)} in AngularJS. diff --git a/docs/content/error/sce/iwcard.ngdoc b/docs/content/error/sce/iwcard.ngdoc index 459b78d5..4b0b5192 100644 --- a/docs/content/error/sce/iwcard.ngdoc +++ b/docs/content/error/sce/iwcard.ngdoc @@ -3,7 +3,7 @@ @fullName The sequence *** is not a valid pattern wildcard @description -The strings in {@link api/ng.$sceDelegateProvider#resourceUrlWhitelist +The strings in {@link api/ng.$sceDelegateProvider#methods_resourceUrlWhitelist $sceDelegateProvider.resourceUrlWhitelist} and {@link -api/ng.$sceDelegateProvider#resourceUrlBlacklist $sceDelegateProvider.resourceUrlBlacklist} may not +api/ng.$sceDelegateProvider#methods_resourceUrlBlacklist $sceDelegateProvider.resourceUrlBlacklist} may not contain the undefined sequence `***`. Only `*` and `**` wildcard patterns are defined. diff --git a/docs/content/error/sce/unsafe.ngdoc b/docs/content/error/sce/unsafe.ngdoc index 908033d2..7ebd2c0c 100644 --- a/docs/content/error/sce/unsafe.ngdoc +++ b/docs/content/error/sce/unsafe.ngdoc @@ -5,11 +5,11 @@ The value provided for use in a specific context was not found to be safe/trusted for use. -Angular's {@link api/ng.$sce#strictcontextualescaping Strict Contextual Escaping (SCE)} mode +Angular's {@link api/ng.$sce Strict Contextual Escaping (SCE)} mode (enabled by default), requires bindings in certain contexts to result in a value that is trusted as safe for use in such a context. (e.g. loading an Angular template from a URL requires that the URL is one considered safe for loading resources.) This helps prevent XSS and other security issues. Read more at {@link -api/ng.$sce#strictcontextualescaping Strict Contextual Escaping (SCE)} +api/ng.$sce Strict Contextual Escaping (SCE)} |