angular-gem 1.2.2 → 1.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/angular-gem/version.rb +1 -1
- data/vendor/assets/javascripts/1.2.3/angular-animate.js +1294 -0
- data/vendor/assets/javascripts/1.2.3/angular-cookies.js +202 -0
- data/vendor/assets/javascripts/1.2.3/angular-loader.js +410 -0
- data/vendor/assets/javascripts/1.2.3/angular-mocks.js +2115 -0
- data/vendor/assets/javascripts/1.2.3/angular-resource.js +546 -0
- data/vendor/assets/javascripts/1.2.3/angular-route.js +891 -0
- data/vendor/assets/javascripts/1.2.3/angular-sanitize.js +615 -0
- data/vendor/assets/javascripts/1.2.3/angular-scenario.js +32287 -0
- data/vendor/assets/javascripts/1.2.3/angular-touch.js +563 -0
- data/vendor/assets/javascripts/1.2.3/angular.js +20282 -0
- data/vendor/assets/javascripts/angular-animate.js +18 -7
- data/vendor/assets/javascripts/angular-cookies.js +2 -2
- data/vendor/assets/javascripts/angular-loader.js +3 -3
- data/vendor/assets/javascripts/angular-mocks.js +186 -186
- data/vendor/assets/javascripts/angular-resource.js +2 -2
- data/vendor/assets/javascripts/angular-route.js +2 -2
- data/vendor/assets/javascripts/angular-sanitize.js +66 -28
- data/vendor/assets/javascripts/angular-scenario.js +149 -82
- data/vendor/assets/javascripts/angular-touch.js +2 -2
- data/vendor/assets/javascripts/angular.js +149 -82
- metadata +11 -1
@@ -1,6 +1,6 @@
|
|
1
1
|
/**
|
2
|
-
* @license AngularJS v1.2.
|
3
|
-
* (c) 2010-
|
2
|
+
* @license AngularJS v1.2.3
|
3
|
+
* (c) 2010-2014 Google, Inc. http://angularjs.org
|
4
4
|
* License: MIT
|
5
5
|
*/
|
6
6
|
(function(window, angular, undefined) {'use strict';
|
@@ -51,6 +51,8 @@ var $sanitizeMinErr = angular.$$minErr('$sanitize');
|
|
51
51
|
* it into the returned string, however, since our parser is more strict than a typical browser
|
52
52
|
* parser, it's possible that some obscure input, which would be recognized as valid HTML by a
|
53
53
|
* browser, won't make it through the sanitizer.
|
54
|
+
* The whitelist is configured using the functions `aHrefSanitizationWhitelist` and
|
55
|
+
* `imgSrcSanitizationWhitelist` of {@link ng.$compileProvider `$compileProvider`}.
|
54
56
|
*
|
55
57
|
* @param {string} html Html input.
|
56
58
|
* @returns {string} Sanitized html.
|
@@ -133,11 +135,24 @@ var $sanitizeMinErr = angular.$$minErr('$sanitize');
|
|
133
135
|
</doc:scenario>
|
134
136
|
</doc:example>
|
135
137
|
*/
|
136
|
-
|
138
|
+
function $SanitizeProvider() {
|
139
|
+
this.$get = ['$$sanitizeUri', function($$sanitizeUri) {
|
140
|
+
return function(html) {
|
141
|
+
var buf = [];
|
142
|
+
htmlParser(html, htmlSanitizeWriter(buf, function(uri, isImage) {
|
143
|
+
return !/^unsafe/.test($$sanitizeUri(uri, isImage));
|
144
|
+
}));
|
145
|
+
return buf.join('');
|
146
|
+
};
|
147
|
+
}];
|
148
|
+
}
|
149
|
+
|
150
|
+
function sanitizeText(chars) {
|
137
151
|
var buf = [];
|
138
|
-
|
139
|
-
|
140
|
-
|
152
|
+
var writer = htmlSanitizeWriter(buf, angular.noop);
|
153
|
+
writer.chars(chars);
|
154
|
+
return buf.join('');
|
155
|
+
}
|
141
156
|
|
142
157
|
|
143
158
|
// Regular Expressions for parsing tags and attributes
|
@@ -150,7 +165,6 @@ var START_TAG_REGEXP =
|
|
150
165
|
COMMENT_REGEXP = /<!--(.*?)-->/g,
|
151
166
|
DOCTYPE_REGEXP = /<!DOCTYPE([^>]*?)>/i,
|
152
167
|
CDATA_REGEXP = /<!\[CDATA\[(.*?)]]>/g,
|
153
|
-
URI_REGEXP = /^((ftp|https?):\/\/|mailto:|tel:|#)/i,
|
154
168
|
// Match everything outside of normal chars and " (quote character)
|
155
169
|
NON_ALPHANUMERIC_REGEXP = /([^\#-~| |!])/g;
|
156
170
|
|
@@ -358,8 +372,18 @@ function htmlParser( html, handler ) {
|
|
358
372
|
*/
|
359
373
|
var hiddenPre=document.createElement("pre");
|
360
374
|
function decodeEntities(value) {
|
361
|
-
|
362
|
-
|
375
|
+
if (!value) {
|
376
|
+
return '';
|
377
|
+
}
|
378
|
+
// Note: IE8 does not preserve spaces at the start/end of innerHTML
|
379
|
+
var spaceRe = /^(\s*)([\s\S]*?)(\s*)$/;
|
380
|
+
var parts = spaceRe.exec(value);
|
381
|
+
parts[0] = '';
|
382
|
+
if (parts[2]) {
|
383
|
+
hiddenPre.innerHTML=parts[2].replace(/</g,"<");
|
384
|
+
parts[2] = hiddenPre.innerText || hiddenPre.textContent;
|
385
|
+
}
|
386
|
+
return parts.join('');
|
363
387
|
}
|
364
388
|
|
365
389
|
/**
|
@@ -389,7 +413,7 @@ function encodeEntities(value) {
|
|
389
413
|
* comment: function(text) {}
|
390
414
|
* }
|
391
415
|
*/
|
392
|
-
function htmlSanitizeWriter(buf){
|
416
|
+
function htmlSanitizeWriter(buf, uriValidator){
|
393
417
|
var ignore = false;
|
394
418
|
var out = angular.bind(buf, buf.push);
|
395
419
|
return {
|
@@ -403,7 +427,9 @@ function htmlSanitizeWriter(buf){
|
|
403
427
|
out(tag);
|
404
428
|
angular.forEach(attrs, function(value, key){
|
405
429
|
var lkey=angular.lowercase(key);
|
406
|
-
|
430
|
+
var isImage = (tag === 'img' && lkey === 'src') || (lkey === 'background');
|
431
|
+
if (validAttrs[lkey] === true &&
|
432
|
+
(uriAttrs[lkey] !== true || uriValidator(value, isImage))) {
|
407
433
|
out(' ');
|
408
434
|
out(key);
|
409
435
|
out('="');
|
@@ -435,9 +461,9 @@ function htmlSanitizeWriter(buf){
|
|
435
461
|
|
436
462
|
|
437
463
|
// define ngSanitize module and register $sanitize service
|
438
|
-
angular.module('ngSanitize', []).
|
464
|
+
angular.module('ngSanitize', []).provider('$sanitize', $SanitizeProvider);
|
439
465
|
|
440
|
-
/* global
|
466
|
+
/* global sanitizeText: false */
|
441
467
|
|
442
468
|
/**
|
443
469
|
* @ngdoc filter
|
@@ -537,7 +563,7 @@ angular.module('ngSanitize', []).value('$sanitize', $sanitize);
|
|
537
563
|
</doc:scenario>
|
538
564
|
</doc:example>
|
539
565
|
*/
|
540
|
-
angular.module('ngSanitize').filter('linky', function() {
|
566
|
+
angular.module('ngSanitize').filter('linky', ['$sanitize', function($sanitize) {
|
541
567
|
var LINKY_URL_REGEXP =
|
542
568
|
/((ftp|https?):\/\/|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>]/,
|
543
569
|
MAILTO_REGEXP = /^mailto:/;
|
@@ -547,31 +573,43 @@ angular.module('ngSanitize').filter('linky', function() {
|
|
547
573
|
var match;
|
548
574
|
var raw = text;
|
549
575
|
var html = [];
|
550
|
-
// TODO(vojta): use $sanitize instead
|
551
|
-
var writer = htmlSanitizeWriter(html);
|
552
576
|
var url;
|
553
577
|
var i;
|
554
|
-
var properties = {};
|
555
|
-
if (angular.isDefined(target)) {
|
556
|
-
properties.target = target;
|
557
|
-
}
|
558
578
|
while ((match = raw.match(LINKY_URL_REGEXP))) {
|
559
579
|
// We can not end in these as they are sometimes found at the end of the sentence
|
560
580
|
url = match[0];
|
561
581
|
// if we did not match ftp/http/mailto then assume mailto
|
562
582
|
if (match[2] == match[3]) url = 'mailto:' + url;
|
563
583
|
i = match.index;
|
564
|
-
|
565
|
-
|
566
|
-
writer.start('a', properties);
|
567
|
-
writer.chars(match[0].replace(MAILTO_REGEXP, ''));
|
568
|
-
writer.end('a');
|
584
|
+
addText(raw.substr(0, i));
|
585
|
+
addLink(url, match[0].replace(MAILTO_REGEXP, ''));
|
569
586
|
raw = raw.substring(i + match[0].length);
|
570
587
|
}
|
571
|
-
|
572
|
-
return html.join('');
|
588
|
+
addText(raw);
|
589
|
+
return $sanitize(html.join(''));
|
590
|
+
|
591
|
+
function addText(text) {
|
592
|
+
if (!text) {
|
593
|
+
return;
|
594
|
+
}
|
595
|
+
html.push(sanitizeText(text));
|
596
|
+
}
|
597
|
+
|
598
|
+
function addLink(url, text) {
|
599
|
+
html.push('<a ');
|
600
|
+
if (angular.isDefined(target)) {
|
601
|
+
html.push('target="');
|
602
|
+
html.push(target);
|
603
|
+
html.push('" ');
|
604
|
+
}
|
605
|
+
html.push('href="');
|
606
|
+
html.push(url);
|
607
|
+
html.push('">');
|
608
|
+
addText(text);
|
609
|
+
html.push('</a>');
|
610
|
+
}
|
573
611
|
};
|
574
|
-
});
|
612
|
+
}]);
|
575
613
|
|
576
614
|
|
577
615
|
})(window, window.angular);
|
@@ -9790,8 +9790,8 @@ if ( typeof module === "object" && module && typeof module.exports === "object"
|
|
9790
9790
|
})( window );
|
9791
9791
|
|
9792
9792
|
/**
|
9793
|
-
* @license AngularJS v1.2.
|
9794
|
-
* (c) 2010-
|
9793
|
+
* @license AngularJS v1.2.3
|
9794
|
+
* (c) 2010-2014 Google, Inc. http://angularjs.org
|
9795
9795
|
* License: MIT
|
9796
9796
|
*/
|
9797
9797
|
(function(window, document){
|
@@ -9860,7 +9860,7 @@ function minErr(module) {
|
|
9860
9860
|
return match;
|
9861
9861
|
});
|
9862
9862
|
|
9863
|
-
message = message + '\nhttp://errors.angularjs.org/1.2.
|
9863
|
+
message = message + '\nhttp://errors.angularjs.org/1.2.3/' +
|
9864
9864
|
(module ? module + '/' : '') + code;
|
9865
9865
|
for (i = 2; i < arguments.length; i++) {
|
9866
9866
|
message = message + (i == 2 ? '?' : '&') + 'p' + (i-2) + '=' +
|
@@ -10415,7 +10415,7 @@ var trim = (function() {
|
|
10415
10415
|
// TODO: we should move this into IE/ES5 polyfill
|
10416
10416
|
if (!String.prototype.trim) {
|
10417
10417
|
return function(value) {
|
10418
|
-
return isString(value) ? value.replace(/^\s*/, '').replace(/\s*$/, '') : value;
|
10418
|
+
return isString(value) ? value.replace(/^\s\s*/, '').replace(/\s\s*$/, '') : value;
|
10419
10419
|
};
|
10420
10420
|
}
|
10421
10421
|
return function(value) {
|
@@ -11594,6 +11594,7 @@ function setupModuleLoader(window) {
|
|
11594
11594
|
$ParseProvider,
|
11595
11595
|
$RootScopeProvider,
|
11596
11596
|
$QProvider,
|
11597
|
+
$$SanitizeUriProvider,
|
11597
11598
|
$SceProvider,
|
11598
11599
|
$SceDelegateProvider,
|
11599
11600
|
$SnifferProvider,
|
@@ -11617,11 +11618,11 @@ function setupModuleLoader(window) {
|
|
11617
11618
|
* - `codeName` – `{string}` – Code name of the release, such as "jiggling-armfat".
|
11618
11619
|
*/
|
11619
11620
|
var version = {
|
11620
|
-
full: '1.2.
|
11621
|
+
full: '1.2.3', // all of these placeholder strings will be replaced by grunt's
|
11621
11622
|
major: 1, // package task
|
11622
11623
|
minor: 2,
|
11623
|
-
dot:
|
11624
|
-
codeName: '
|
11624
|
+
dot: 3,
|
11625
|
+
codeName: 'unicorn-zapper'
|
11625
11626
|
};
|
11626
11627
|
|
11627
11628
|
|
@@ -11665,6 +11666,10 @@ function publishExternalAPI(angular){
|
|
11665
11666
|
|
11666
11667
|
angularModule('ng', ['ngLocale'], ['$provide',
|
11667
11668
|
function ngModule($provide) {
|
11669
|
+
// $$sanitizeUriProvider needs to be before $compileProvider as it is used by it.
|
11670
|
+
$provide.provider({
|
11671
|
+
$$sanitizeUri: $$SanitizeUriProvider
|
11672
|
+
});
|
11668
11673
|
$provide.provider('$compile', $CompileProvider).
|
11669
11674
|
directive({
|
11670
11675
|
a: htmlAnchorDirective,
|
@@ -14681,7 +14686,7 @@ function $TemplateCacheProvider() {
|
|
14681
14686
|
* </div>
|
14682
14687
|
*
|
14683
14688
|
* <div class="alert alert-error">
|
14684
|
-
* **Note:** The `transclude` function that is passed to the compile function is
|
14689
|
+
* **Note:** The `transclude` function that is passed to the compile function is deprecated, as it
|
14685
14690
|
* e.g. does not know about the right outer scope. Please use the transclude function that is passed
|
14686
14691
|
* to the link function instead.
|
14687
14692
|
* </div>
|
@@ -14891,14 +14896,12 @@ var $compileMinErr = minErr('$compile');
|
|
14891
14896
|
*
|
14892
14897
|
* @description
|
14893
14898
|
*/
|
14894
|
-
$CompileProvider.$inject = ['$provide'];
|
14895
|
-
function $CompileProvider($provide) {
|
14899
|
+
$CompileProvider.$inject = ['$provide', '$$sanitizeUriProvider'];
|
14900
|
+
function $CompileProvider($provide, $$sanitizeUriProvider) {
|
14896
14901
|
var hasDirectives = {},
|
14897
14902
|
Suffix = 'Directive',
|
14898
14903
|
COMMENT_DIRECTIVE_REGEXP = /^\s*directive\:\s*([\d\w\-_]+)\s+(.*)$/,
|
14899
|
-
CLASS_DIRECTIVE_REGEXP = /(([\d\w\-_]+)(?:\:([^;]+))?;?)
|
14900
|
-
aHrefSanitizationWhitelist = /^\s*(https?|ftp|mailto|tel|file):/,
|
14901
|
-
imgSrcSanitizationWhitelist = /^\s*(https?|ftp|file):|data:image\//;
|
14904
|
+
CLASS_DIRECTIVE_REGEXP = /(([\d\w\-_]+)(?:\:([^;]+))?;?)/;
|
14902
14905
|
|
14903
14906
|
// Ref: http://developers.whatwg.org/webappapis.html#event-handler-idl-attributes
|
14904
14907
|
// The assumption is that future DOM event attribute names will begin with
|
@@ -14982,10 +14985,11 @@ function $CompileProvider($provide) {
|
|
14982
14985
|
*/
|
14983
14986
|
this.aHrefSanitizationWhitelist = function(regexp) {
|
14984
14987
|
if (isDefined(regexp)) {
|
14985
|
-
aHrefSanitizationWhitelist
|
14988
|
+
$$sanitizeUriProvider.aHrefSanitizationWhitelist(regexp);
|
14986
14989
|
return this;
|
14990
|
+
} else {
|
14991
|
+
return $$sanitizeUriProvider.aHrefSanitizationWhitelist();
|
14987
14992
|
}
|
14988
|
-
return aHrefSanitizationWhitelist;
|
14989
14993
|
};
|
14990
14994
|
|
14991
14995
|
|
@@ -15012,18 +15016,18 @@ function $CompileProvider($provide) {
|
|
15012
15016
|
*/
|
15013
15017
|
this.imgSrcSanitizationWhitelist = function(regexp) {
|
15014
15018
|
if (isDefined(regexp)) {
|
15015
|
-
imgSrcSanitizationWhitelist
|
15019
|
+
$$sanitizeUriProvider.imgSrcSanitizationWhitelist(regexp);
|
15016
15020
|
return this;
|
15021
|
+
} else {
|
15022
|
+
return $$sanitizeUriProvider.imgSrcSanitizationWhitelist();
|
15017
15023
|
}
|
15018
|
-
return imgSrcSanitizationWhitelist;
|
15019
15024
|
};
|
15020
15025
|
|
15021
|
-
|
15022
15026
|
this.$get = [
|
15023
15027
|
'$injector', '$interpolate', '$exceptionHandler', '$http', '$templateCache', '$parse',
|
15024
|
-
'$controller', '$rootScope', '$document', '$sce', '$animate',
|
15028
|
+
'$controller', '$rootScope', '$document', '$sce', '$animate', '$$sanitizeUri',
|
15025
15029
|
function($injector, $interpolate, $exceptionHandler, $http, $templateCache, $parse,
|
15026
|
-
$controller, $rootScope, $document, $sce, $animate) {
|
15030
|
+
$controller, $rootScope, $document, $sce, $animate, $$sanitizeUri) {
|
15027
15031
|
|
15028
15032
|
var Attributes = function(element, attr) {
|
15029
15033
|
this.$$element = element;
|
@@ -15128,16 +15132,7 @@ function $CompileProvider($provide) {
|
|
15128
15132
|
// sanitize a[href] and img[src] values
|
15129
15133
|
if ((nodeName === 'A' && key === 'href') ||
|
15130
15134
|
(nodeName === 'IMG' && key === 'src')) {
|
15131
|
-
|
15132
|
-
if (!msie || msie >= 8 ) {
|
15133
|
-
normalizedVal = urlResolve(value).href;
|
15134
|
-
if (normalizedVal !== '') {
|
15135
|
-
if ((key === 'href' && !normalizedVal.match(aHrefSanitizationWhitelist)) ||
|
15136
|
-
(key === 'src' && !normalizedVal.match(imgSrcSanitizationWhitelist))) {
|
15137
|
-
this[key] = value = 'unsafe:' + normalizedVal;
|
15138
|
-
}
|
15139
|
-
}
|
15140
|
-
}
|
15135
|
+
this[key] = value = $$sanitizeUri(value, key === 'src');
|
15141
15136
|
}
|
15142
15137
|
|
15143
15138
|
if (writeAttr !== false) {
|
@@ -17610,12 +17605,11 @@ var XHR = window.XMLHttpRequest || function() {
|
|
17610
17605
|
*/
|
17611
17606
|
function $HttpBackendProvider() {
|
17612
17607
|
this.$get = ['$browser', '$window', '$document', function($browser, $window, $document) {
|
17613
|
-
return createHttpBackend($browser, XHR, $browser.defer, $window.angular.callbacks,
|
17614
|
-
$document[0], $window.location.protocol.replace(':', ''));
|
17608
|
+
return createHttpBackend($browser, XHR, $browser.defer, $window.angular.callbacks, $document[0]);
|
17615
17609
|
}];
|
17616
17610
|
}
|
17617
17611
|
|
17618
|
-
function createHttpBackend($browser, XHR, $browserDefer, callbacks, rawDocument
|
17612
|
+
function createHttpBackend($browser, XHR, $browserDefer, callbacks, rawDocument) {
|
17619
17613
|
var ABORTED = -1;
|
17620
17614
|
|
17621
17615
|
// TODO(vojta): fix the signature
|
@@ -17695,14 +17689,14 @@ function createHttpBackend($browser, XHR, $browserDefer, callbacks, rawDocument,
|
|
17695
17689
|
}
|
17696
17690
|
|
17697
17691
|
function completeRequest(callback, status, response, headersString) {
|
17698
|
-
var protocol =
|
17692
|
+
var protocol = urlResolve(url).protocol;
|
17699
17693
|
|
17700
17694
|
// cancel timeout and subsequent timeout promise resolution
|
17701
17695
|
timeoutId && $browserDefer.cancel(timeoutId);
|
17702
17696
|
jsonpDone = xhr = null;
|
17703
17697
|
|
17704
17698
|
// fix status code for file protocol (it's always 0)
|
17705
|
-
status = (protocol == 'file') ? (response ? 200 : 404) : status;
|
17699
|
+
status = (protocol == 'file' && status === 0) ? (response ? 200 : 404) : status;
|
17706
17700
|
|
17707
17701
|
// normalize IE bug (http://bugs.jquery.com/ticket/1450)
|
17708
17702
|
status = status == 1223 ? 204 : status;
|
@@ -18322,7 +18316,47 @@ function LocationHashbangUrl(appBase, hashPrefix) {
|
|
18322
18316
|
hashPrefix);
|
18323
18317
|
}
|
18324
18318
|
parseAppUrl(withoutHashUrl, this, appBase);
|
18319
|
+
|
18320
|
+
this.$$path = removeWindowsDriveName(this.$$path, withoutHashUrl, appBase);
|
18321
|
+
|
18325
18322
|
this.$$compose();
|
18323
|
+
|
18324
|
+
/*
|
18325
|
+
* In Windows, on an anchor node on documents loaded from
|
18326
|
+
* the filesystem, the browser will return a pathname
|
18327
|
+
* prefixed with the drive name ('/C:/path') when a
|
18328
|
+
* pathname without a drive is set:
|
18329
|
+
* * a.setAttribute('href', '/foo')
|
18330
|
+
* * a.pathname === '/C:/foo' //true
|
18331
|
+
*
|
18332
|
+
* Inside of Angular, we're always using pathnames that
|
18333
|
+
* do not include drive names for routing.
|
18334
|
+
*/
|
18335
|
+
function removeWindowsDriveName (path, url, base) {
|
18336
|
+
/*
|
18337
|
+
Matches paths for file protocol on windows,
|
18338
|
+
such as /C:/foo/bar, and captures only /foo/bar.
|
18339
|
+
*/
|
18340
|
+
var windowsFilePathExp = /^\/?.*?:(\/.*)/;
|
18341
|
+
|
18342
|
+
var firstPathSegmentMatch;
|
18343
|
+
|
18344
|
+
//Get the relative path from the input URL.
|
18345
|
+
if (url.indexOf(base) === 0) {
|
18346
|
+
url = url.replace(base, '');
|
18347
|
+
}
|
18348
|
+
|
18349
|
+
/*
|
18350
|
+
* The input URL intentionally contains a
|
18351
|
+
* first path segment that ends with a colon.
|
18352
|
+
*/
|
18353
|
+
if (windowsFilePathExp.exec(url)) {
|
18354
|
+
return path;
|
18355
|
+
}
|
18356
|
+
|
18357
|
+
firstPathSegmentMatch = windowsFilePathExp.exec(path);
|
18358
|
+
return firstPathSegmentMatch ? firstPathSegmentMatch[1] : path;
|
18359
|
+
}
|
18326
18360
|
};
|
18327
18361
|
|
18328
18362
|
/**
|
@@ -21749,6 +21783,79 @@ function $RootScopeProvider(){
|
|
21749
21783
|
}];
|
21750
21784
|
}
|
21751
21785
|
|
21786
|
+
/**
|
21787
|
+
* @description
|
21788
|
+
* Private service to sanitize uris for links and images. Used by $compile and $sanitize.
|
21789
|
+
*/
|
21790
|
+
function $$SanitizeUriProvider() {
|
21791
|
+
var aHrefSanitizationWhitelist = /^\s*(https?|ftp|mailto|tel|file):/,
|
21792
|
+
imgSrcSanitizationWhitelist = /^\s*(https?|ftp|file):|data:image\//;
|
21793
|
+
|
21794
|
+
/**
|
21795
|
+
* @description
|
21796
|
+
* Retrieves or overrides the default regular expression that is used for whitelisting of safe
|
21797
|
+
* urls during a[href] sanitization.
|
21798
|
+
*
|
21799
|
+
* The sanitization is a security measure aimed at prevent XSS attacks via html links.
|
21800
|
+
*
|
21801
|
+
* Any url about to be assigned to a[href] via data-binding is first normalized and turned into
|
21802
|
+
* an absolute url. Afterwards, the url is matched against the `aHrefSanitizationWhitelist`
|
21803
|
+
* regular expression. If a match is found, the original url is written into the dom. Otherwise,
|
21804
|
+
* the absolute url is prefixed with `'unsafe:'` string and only then is it written into the DOM.
|
21805
|
+
*
|
21806
|
+
* @param {RegExp=} regexp New regexp to whitelist urls with.
|
21807
|
+
* @returns {RegExp|ng.$compileProvider} Current RegExp if called without value or self for
|
21808
|
+
* chaining otherwise.
|
21809
|
+
*/
|
21810
|
+
this.aHrefSanitizationWhitelist = function(regexp) {
|
21811
|
+
if (isDefined(regexp)) {
|
21812
|
+
aHrefSanitizationWhitelist = regexp;
|
21813
|
+
return this;
|
21814
|
+
}
|
21815
|
+
return aHrefSanitizationWhitelist;
|
21816
|
+
};
|
21817
|
+
|
21818
|
+
|
21819
|
+
/**
|
21820
|
+
* @description
|
21821
|
+
* Retrieves or overrides the default regular expression that is used for whitelisting of safe
|
21822
|
+
* urls during img[src] sanitization.
|
21823
|
+
*
|
21824
|
+
* The sanitization is a security measure aimed at prevent XSS attacks via html links.
|
21825
|
+
*
|
21826
|
+
* Any url about to be assigned to img[src] via data-binding is first normalized and turned into
|
21827
|
+
* an absolute url. Afterwards, the url is matched against the `imgSrcSanitizationWhitelist`
|
21828
|
+
* regular expression. If a match is found, the original url is written into the dom. Otherwise,
|
21829
|
+
* the absolute url is prefixed with `'unsafe:'` string and only then is it written into the DOM.
|
21830
|
+
*
|
21831
|
+
* @param {RegExp=} regexp New regexp to whitelist urls with.
|
21832
|
+
* @returns {RegExp|ng.$compileProvider} Current RegExp if called without value or self for
|
21833
|
+
* chaining otherwise.
|
21834
|
+
*/
|
21835
|
+
this.imgSrcSanitizationWhitelist = function(regexp) {
|
21836
|
+
if (isDefined(regexp)) {
|
21837
|
+
imgSrcSanitizationWhitelist = regexp;
|
21838
|
+
return this;
|
21839
|
+
}
|
21840
|
+
return imgSrcSanitizationWhitelist;
|
21841
|
+
};
|
21842
|
+
|
21843
|
+
this.$get = function() {
|
21844
|
+
return function sanitizeUri(uri, isImage) {
|
21845
|
+
var regex = isImage ? imgSrcSanitizationWhitelist : aHrefSanitizationWhitelist;
|
21846
|
+
var normalizedVal;
|
21847
|
+
// NOTE: urlResolve() doesn't support IE < 8 so we don't sanitize for that case.
|
21848
|
+
if (!msie || msie >= 8 ) {
|
21849
|
+
normalizedVal = urlResolve(uri).href;
|
21850
|
+
if (normalizedVal !== '' && !normalizedVal.match(regex)) {
|
21851
|
+
return 'unsafe:'+normalizedVal;
|
21852
|
+
}
|
21853
|
+
}
|
21854
|
+
return uri;
|
21855
|
+
};
|
21856
|
+
};
|
21857
|
+
}
|
21858
|
+
|
21752
21859
|
var $sceMinErr = minErr('$sce');
|
21753
21860
|
|
21754
21861
|
var SCE_CONTEXTS = {
|
@@ -23098,11 +23205,6 @@ function $TimeoutProvider() {
|
|
23098
23205
|
// exactly the behavior needed here. There is little value is mocking these out for this
|
23099
23206
|
// service.
|
23100
23207
|
var urlParsingNode = document.createElement("a");
|
23101
|
-
/*
|
23102
|
-
Matches paths for file protocol on windows,
|
23103
|
-
such as /C:/foo/bar, and captures only /foo/bar.
|
23104
|
-
*/
|
23105
|
-
var windowsFilePathExp = /^\/?.*?:(\/.*)/;
|
23106
23208
|
var originUrl = urlResolve(window.location.href, true);
|
23107
23209
|
|
23108
23210
|
|
@@ -23159,8 +23261,7 @@ var originUrl = urlResolve(window.location.href, true);
|
|
23159
23261
|
*
|
23160
23262
|
*/
|
23161
23263
|
function urlResolve(url, base) {
|
23162
|
-
var href = url
|
23163
|
-
pathname;
|
23264
|
+
var href = url;
|
23164
23265
|
|
23165
23266
|
if (msie) {
|
23166
23267
|
// Normalize before parse. Refer Implementation Notes on why this is
|
@@ -23171,21 +23272,6 @@ function urlResolve(url, base) {
|
|
23171
23272
|
|
23172
23273
|
urlParsingNode.setAttribute('href', href);
|
23173
23274
|
|
23174
|
-
/*
|
23175
|
-
* In Windows, on an anchor node on documents loaded from
|
23176
|
-
* the filesystem, the browser will return a pathname
|
23177
|
-
* prefixed with the drive name ('/C:/path') when a
|
23178
|
-
* pathname without a drive is set:
|
23179
|
-
* * a.setAttribute('href', '/foo')
|
23180
|
-
* * a.pathname === '/C:/foo' //true
|
23181
|
-
*
|
23182
|
-
* Inside of Angular, we're always using pathnames that
|
23183
|
-
* do not include drive names for routing.
|
23184
|
-
*/
|
23185
|
-
|
23186
|
-
pathname = removeWindowsDriveName(urlParsingNode.pathname, url, base);
|
23187
|
-
pathname = (pathname.charAt(0) === '/') ? pathname : '/' + pathname;
|
23188
|
-
|
23189
23275
|
// urlParsingNode provides the UrlUtils interface - http://url.spec.whatwg.org/#urlutils
|
23190
23276
|
return {
|
23191
23277
|
href: urlParsingNode.href,
|
@@ -23195,11 +23281,12 @@ function urlResolve(url, base) {
|
|
23195
23281
|
hash: urlParsingNode.hash ? urlParsingNode.hash.replace(/^#/, '') : '',
|
23196
23282
|
hostname: urlParsingNode.hostname,
|
23197
23283
|
port: urlParsingNode.port,
|
23198
|
-
pathname: pathname
|
23284
|
+
pathname: (urlParsingNode.pathname.charAt(0) === '/')
|
23285
|
+
? urlParsingNode.pathname
|
23286
|
+
: '/' + urlParsingNode.pathname
|
23199
23287
|
};
|
23200
23288
|
}
|
23201
23289
|
|
23202
|
-
|
23203
23290
|
/**
|
23204
23291
|
* Parse a request URL and determine whether this is a same-origin request as the application document.
|
23205
23292
|
*
|
@@ -23213,26 +23300,6 @@ function urlIsSameOrigin(requestUrl) {
|
|
23213
23300
|
parsed.host === originUrl.host);
|
23214
23301
|
}
|
23215
23302
|
|
23216
|
-
function removeWindowsDriveName (path, url, base) {
|
23217
|
-
var firstPathSegmentMatch;
|
23218
|
-
|
23219
|
-
//Get the relative path from the input URL.
|
23220
|
-
if (url.indexOf(base) === 0) {
|
23221
|
-
url = url.replace(base, '');
|
23222
|
-
}
|
23223
|
-
|
23224
|
-
/*
|
23225
|
-
* The input URL intentionally contains a
|
23226
|
-
* first path segment that ends with a colon.
|
23227
|
-
*/
|
23228
|
-
if (windowsFilePathExp.exec(url)) {
|
23229
|
-
return path;
|
23230
|
-
}
|
23231
|
-
|
23232
|
-
firstPathSegmentMatch = windowsFilePathExp.exec(path);
|
23233
|
-
return firstPathSegmentMatch ? firstPathSegmentMatch[1] : path;
|
23234
|
-
}
|
23235
|
-
|
23236
23303
|
/**
|
23237
23304
|
* @ngdoc object
|
23238
23305
|
* @name ng.$window
|
@@ -25560,15 +25627,15 @@ function textInputType(scope, element, attr, ctrl, $sniffer, $browser) {
|
|
25560
25627
|
deferListener();
|
25561
25628
|
});
|
25562
25629
|
|
25563
|
-
// if user paste into input using mouse, we need "change" event to catch it
|
25564
|
-
element.on('change', listener);
|
25565
|
-
|
25566
25630
|
// if user modifies input value using context menu in IE, we need "paste" and "cut" events to catch it
|
25567
25631
|
if ($sniffer.hasEvent('paste')) {
|
25568
25632
|
element.on('paste cut', deferListener);
|
25569
25633
|
}
|
25570
25634
|
}
|
25571
25635
|
|
25636
|
+
// if user paste into input using mouse on older browser
|
25637
|
+
// or form autocomplete on newer browser, we need "change" event to catch it
|
25638
|
+
element.on('change', listener);
|
25572
25639
|
|
25573
25640
|
ctrl.$render = function() {
|
25574
25641
|
element.val(ctrl.$isEmpty(ctrl.$viewValue) ? '' : ctrl.$viewValue);
|