From 47ab8df455df1f1391b760e1fbcc5c21645512b8 Mon Sep 17 00:00:00 2001 From: Igor Minar Date: Mon, 10 Mar 2014 01:39:15 -0700 Subject: feat(): whitelist blob urls for sanitization of data-bound image urls Closes #4623 --- test/ng/sanitizeUriSpec.js | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'test') diff --git a/test/ng/sanitizeUriSpec.js b/test/ng/sanitizeUriSpec.js index b9f6a0e2..7de3f065 100644 --- a/test/ng/sanitizeUriSpec.js +++ b/test/ng/sanitizeUriSpec.js @@ -37,13 +37,6 @@ describe('sanitizeUri', function() { expect(sanitizeImg(testUrl)).toBe("unsafe:data:,foo"); }); - it('should not sanitize data: URIs for images', function() { - // image data uri - // ref: http://probablyprogramming.com/2009/03/15/the-tiniest-gif-ever - testUrl = "data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=="; - expect(sanitizeImg(testUrl)).toBe('data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=='); - }); - it('should sanitize mailto: urls', function() { testUrl = "mailto:foo@bar.com"; expect(sanitizeImg(testUrl)).toBe('unsafe:mailto:foo@bar.com'); @@ -113,6 +106,17 @@ describe('sanitizeUri', function() { expect(sanitizeImg(testUrl)).toBe('file:///foo/bar.html'); }); + it('should not sanitize blob urls', function() { + testUrl = "blob:///foo/bar.html"; + expect(sanitizeImg(testUrl)).toBe('blob:///foo/bar.html'); + }); + + it('should not sanitize data: URIs for images', function() { + // image data uri + // ref: http://probablyprogramming.com/2009/03/15/the-tiniest-gif-ever + testUrl = "data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=="; + expect(sanitizeImg(testUrl)).toBe('data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=='); + }); it('should allow reconfiguration of the src whitelist', function() { var returnVal; @@ -227,4 +231,4 @@ describe('sanitizeUri', function() { }); -}); \ No newline at end of file +}); -- cgit v1.2.3