From 333523483f3ce6dd3177b697a5e5a7177ca364c8 Mon Sep 17 00:00:00 2001 From: Tobias Bosch Date: Mon, 25 Nov 2013 15:40:18 -0800 Subject: fix($sanitize): Use same whitelist mechanism as $compile does. `$sanitize` now uses the same mechanism as `$compile` to validate uris. By this, the validation in `$sanitize` is more general and can be configured in the same way as the one in `$compile`. Changes - Creates the new private service `$$sanitizeUri`. - Moves related specs from `compileSpec.js` into `sanitizeUriSpec.js`. - Refactors the `linky` filter to be less dependent on `$sanitize` internal functions. Fixes #3748. --- src/ng/compile.js | 34 ++++++++++++---------------------- 1 file changed, 12 insertions(+), 22 deletions(-) (limited to 'src/ng/compile.js') diff --git a/src/ng/compile.js b/src/ng/compile.js index 13fb9682..54d2dc9f 100644 --- a/src/ng/compile.js +++ b/src/ng/compile.js @@ -493,14 +493,12 @@ var $compileMinErr = minErr('$compile'); * * @description */ -$CompileProvider.$inject = ['$provide']; -function $CompileProvider($provide) { +$CompileProvider.$inject = ['$provide', '$$sanitizeUriProvider']; +function $CompileProvider($provide, $$sanitizeUriProvider) { var hasDirectives = {}, Suffix = 'Directive', COMMENT_DIRECTIVE_REGEXP = /^\s*directive\:\s*([\d\w\-_]+)\s+(.*)$/, - CLASS_DIRECTIVE_REGEXP = /(([\d\w\-_]+)(?:\:([^;]+))?;?)/, - aHrefSanitizationWhitelist = /^\s*(https?|ftp|mailto|tel|file):/, - imgSrcSanitizationWhitelist = /^\s*(https?|ftp|file):|data:image\//; + CLASS_DIRECTIVE_REGEXP = /(([\d\w\-_]+)(?:\:([^;]+))?;?)/; // Ref: http://developers.whatwg.org/webappapis.html#event-handler-idl-attributes // The assumption is that future DOM event attribute names will begin with @@ -584,10 +582,11 @@ function $CompileProvider($provide) { */ this.aHrefSanitizationWhitelist = function(regexp) { if (isDefined(regexp)) { - aHrefSanitizationWhitelist = regexp; + $$sanitizeUriProvider.aHrefSanitizationWhitelist(regexp); return this; + } else { + return $$sanitizeUriProvider.aHrefSanitizationWhitelist(); } - return aHrefSanitizationWhitelist; }; @@ -614,18 +613,18 @@ function $CompileProvider($provide) { */ this.imgSrcSanitizationWhitelist = function(regexp) { if (isDefined(regexp)) { - imgSrcSanitizationWhitelist = regexp; + $$sanitizeUriProvider.imgSrcSanitizationWhitelist(regexp); return this; + } else { + return $$sanitizeUriProvider.imgSrcSanitizationWhitelist(); } - return imgSrcSanitizationWhitelist; }; - this.$get = [ '$injector', '$interpolate', '$exceptionHandler', '$http', '$templateCache', '$parse', - '$controller', '$rootScope', '$document', '$sce', '$animate', + '$controller', '$rootScope', '$document', '$sce', '$animate', '$$sanitizeUri', function($injector, $interpolate, $exceptionHandler, $http, $templateCache, $parse, - $controller, $rootScope, $document, $sce, $animate) { + $controller, $rootScope, $document, $sce, $animate, $$sanitizeUri) { var Attributes = function(element, attr) { this.$$element = element; @@ -730,16 +729,7 @@ function $CompileProvider($provide) { // sanitize a[href] and img[src] values if ((nodeName === 'A' && key === 'href') || (nodeName === 'IMG' && key === 'src')) { - // NOTE: urlResolve() doesn't support IE < 8 so we don't sanitize for that case. - if (!msie || msie >= 8 ) { - normalizedVal = urlResolve(value).href; - if (normalizedVal !== '') { - if ((key === 'href' && !normalizedVal.match(aHrefSanitizationWhitelist)) || - (key === 'src' && !normalizedVal.match(imgSrcSanitizationWhitelist))) { - this[key] = value = 'unsafe:' + normalizedVal; - } - } - } + this[key] = value = $$sanitizeUri(value, key === 'src'); } if (writeAttr !== false) { -- cgit v1.2.3