From 0421cb4200e672818ed10996e92311404c150c3a Mon Sep 17 00:00:00 2001
From: Chirayu Krishnappa
Date: Tue, 12 Nov 2013 15:32:52 -0800
Subject: fix($compile): secure form[action] & iframe[srcdoc]

Require bindings to form[action] to be $sce.RESOURCE_URL and bindings to
iframe[srcdoc] to be $sce.HTML

Closes #4927
Closes #4933
---
 src/ng/compile.js | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/ng/compile.js b/src/ng/compile.js
index d977f173..4eb12019 100644
--- a/src/ng/compile.js
+++ b/src/ng/compile.js
@@ -1780,10 +1780,15 @@ function $CompileProvider($provide) {
 
 
     function getTrustedContext(node, attrNormalizedName) {
+      if (attrNormalizedName == "srcdoc") {
+        return $sce.HTML;
+      }
+      var tag = nodeName_(node);
       // maction[xlink:href] can source SVG.  It's not limited to <maction>.
       if (attrNormalizedName == "xlinkHref" ||
-          (nodeName_(node) != "IMG" && (attrNormalizedName == "src" ||
-                                        attrNormalizedName == "ngSrc"))) {
+          (tag == "FORM" && attrNormalizedName == "action") ||
+          (tag != "IMG" && (attrNormalizedName == "src" ||
+                            attrNormalizedName == "ngSrc"))) {
         return $sce.RESOURCE_URL;
       }
     }
-- 
cgit v1.2.3