From c7658d94579d0e802bcdd43fe8fdee24c9a45dcb Mon Sep 17 00:00:00 2001 From: paolo-delmundo Date: Wed, 2 Oct 2013 20:49:20 +0100 Subject: fix($sanitize): sanitize DOCTYPE declarations correctly HTML to be sanitized that contains a DOCTYPE declaration were causing the HTML parser to throw an error. Now the parser correctly removes the declarations when sanitizing HTML. Closes #3931 --- src/ngSanitize/sanitize.js | 8 ++++++++ test/ngSanitize/sanitizeSpec.js | 10 +++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/src/ngSanitize/sanitize.js b/src/ngSanitize/sanitize.js index 6f28324e..73340043 100644 --- a/src/ngSanitize/sanitize.js +++ b/src/ngSanitize/sanitize.js @@ -141,6 +141,7 @@ var START_TAG_REGEXP = /^<\s*([\w:-]+)((?:\s+[\w:-]+(?:\s*=\s*(?:(?:"[^"]*")|(?: BEGIN_TAG_REGEXP = /^/g, + DOCTYPE_REGEXP = /]*?)>/i, CDATA_REGEXP = //g, URI_REGEXP = /^((ftp|https?):\/\/|mailto:|#)/i, NON_ALPHANUMERIC_REGEXP = /([^\#-~| |!])/g; // Match everything outside of normal chars and " (quote character) @@ -223,7 +224,14 @@ function htmlParser( html, handler ) { html = html.substring( index + 3 ); chars = false; } + // DOCTYPE + } else if ( DOCTYPE_REGEXP.test(html) ) { + match = html.match( DOCTYPE_REGEXP ); + if ( match ) { + html = html.replace( match[0] , ''); + chars = false; + } // end tag } else if ( BEGING_END_TAGE_REGEXP.test(html) ) { match = html.match( END_TAG_REGEXP ); diff --git a/test/ngSanitize/sanitizeSpec.js b/test/ngSanitize/sanitizeSpec.js index 2a53b532..bb52bb9a 100644 --- a/test/ngSanitize/sanitizeSpec.js +++ b/test/ngSanitize/sanitizeSpec.js @@ -24,7 +24,7 @@ describe('HTML', function() { attrs: attrs, unary: unary }; - // Since different browsers handle newlines differenttly we trim + // Since different browsers handle newlines differently we trim // so that it is easier to write tests. angular.forEach(attrs, function(value, key) { attrs[key] = value.replace(/^\s*/, '').replace(/\s*$/, '') @@ -80,6 +80,13 @@ describe('HTML', function() { expectHTML('a