angular-gem 1.2.2 → 1.2.3

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,615 @@
1
+ /**
2
+ * @license AngularJS v1.2.3
3
+ * (c) 2010-2014 Google, Inc. http://angularjs.org
4
+ * License: MIT
5
+ */
6
+ (function(window, angular, undefined) {'use strict';
7
+
8
+ var $sanitizeMinErr = angular.$$minErr('$sanitize');
9
+
10
+ /**
11
+ * @ngdoc overview
12
+ * @name ngSanitize
13
+ * @description
14
+ *
15
+ * # ngSanitize
16
+ *
17
+ * The `ngSanitize` module provides functionality to sanitize HTML.
18
+ *
19
+ * {@installModule sanitize}
20
+ *
21
+ * <div doc-module-components="ngSanitize"></div>
22
+ *
23
+ * See {@link ngSanitize.$sanitize `$sanitize`} for usage.
24
+ */
25
+
26
+ /*
27
+ * HTML Parser By Misko Hevery (misko@hevery.com)
28
+ * based on: HTML Parser By John Resig (ejohn.org)
29
+ * Original code by Erik Arvidsson, Mozilla Public License
30
+ * http://erik.eae.net/simplehtmlparser/simplehtmlparser.js
31
+ *
32
+ * // Use like so:
33
+ * htmlParser(htmlString, {
34
+ * start: function(tag, attrs, unary) {},
35
+ * end: function(tag) {},
36
+ * chars: function(text) {},
37
+ * comment: function(text) {}
38
+ * });
39
+ *
40
+ */
41
+
42
+
43
+ /**
44
+ * @ngdoc service
45
+ * @name ngSanitize.$sanitize
46
+ * @function
47
+ *
48
+ * @description
49
+ * The input is sanitized by parsing the html into tokens. All safe tokens (from a whitelist) are
50
+ * then serialized back to properly escaped html string. This means that no unsafe input can make
51
+ * it into the returned string, however, since our parser is more strict than a typical browser
52
+ * parser, it's possible that some obscure input, which would be recognized as valid HTML by a
53
+ * browser, won't make it through the sanitizer.
54
+ * The whitelist is configured using the functions `aHrefSanitizationWhitelist` and
55
+ * `imgSrcSanitizationWhitelist` of {@link ng.$compileProvider `$compileProvider`}.
56
+ *
57
+ * @param {string} html Html input.
58
+ * @returns {string} Sanitized html.
59
+ *
60
+ * @example
61
+ <doc:example module="ngSanitize">
62
+ <doc:source>
63
+ <script>
64
+ function Ctrl($scope, $sce) {
65
+ $scope.snippet =
66
+ '<p style="color:blue">an html\n' +
67
+ '<em onmouseover="this.textContent=\'PWN3D!\'">click here</em>\n' +
68
+ 'snippet</p>';
69
+ $scope.deliberatelyTrustDangerousSnippet = function() {
70
+ return $sce.trustAsHtml($scope.snippet);
71
+ };
72
+ }
73
+ </script>
74
+ <div ng-controller="Ctrl">
75
+ Snippet: <textarea ng-model="snippet" cols="60" rows="3"></textarea>
76
+ <table>
77
+ <tr>
78
+ <td>Directive</td>
79
+ <td>How</td>
80
+ <td>Source</td>
81
+ <td>Rendered</td>
82
+ </tr>
83
+ <tr id="bind-html-with-sanitize">
84
+ <td>ng-bind-html</td>
85
+ <td>Automatically uses $sanitize</td>
86
+ <td><pre>&lt;div ng-bind-html="snippet"&gt;<br/>&lt;/div&gt;</pre></td>
87
+ <td><div ng-bind-html="snippet"></div></td>
88
+ </tr>
89
+ <tr id="bind-html-with-trust">
90
+ <td>ng-bind-html</td>
91
+ <td>Bypass $sanitize by explicitly trusting the dangerous value</td>
92
+ <td>
93
+ <pre>&lt;div ng-bind-html="deliberatelyTrustDangerousSnippet()"&gt;
94
+ &lt;/div&gt;</pre>
95
+ </td>
96
+ <td><div ng-bind-html="deliberatelyTrustDangerousSnippet()"></div></td>
97
+ </tr>
98
+ <tr id="bind-default">
99
+ <td>ng-bind</td>
100
+ <td>Automatically escapes</td>
101
+ <td><pre>&lt;div ng-bind="snippet"&gt;<br/>&lt;/div&gt;</pre></td>
102
+ <td><div ng-bind="snippet"></div></td>
103
+ </tr>
104
+ </table>
105
+ </div>
106
+ </doc:source>
107
+ <doc:scenario>
108
+ it('should sanitize the html snippet by default', function() {
109
+ expect(using('#bind-html-with-sanitize').element('div').html()).
110
+ toBe('<p>an html\n<em>click here</em>\nsnippet</p>');
111
+ });
112
+
113
+ it('should inline raw snippet if bound to a trusted value', function() {
114
+ expect(using('#bind-html-with-trust').element("div").html()).
115
+ toBe("<p style=\"color:blue\">an html\n" +
116
+ "<em onmouseover=\"this.textContent='PWN3D!'\">click here</em>\n" +
117
+ "snippet</p>");
118
+ });
119
+
120
+ it('should escape snippet without any filter', function() {
121
+ expect(using('#bind-default').element('div').html()).
122
+ toBe("&lt;p style=\"color:blue\"&gt;an html\n" +
123
+ "&lt;em onmouseover=\"this.textContent='PWN3D!'\"&gt;click here&lt;/em&gt;\n" +
124
+ "snippet&lt;/p&gt;");
125
+ });
126
+
127
+ it('should update', function() {
128
+ input('snippet').enter('new <b onclick="alert(1)">text</b>');
129
+ expect(using('#bind-html-with-sanitize').element('div').html()).toBe('new <b>text</b>');
130
+ expect(using('#bind-html-with-trust').element('div').html()).toBe(
131
+ 'new <b onclick="alert(1)">text</b>');
132
+ expect(using('#bind-default').element('div').html()).toBe(
133
+ "new &lt;b onclick=\"alert(1)\"&gt;text&lt;/b&gt;");
134
+ });
135
+ </doc:scenario>
136
+ </doc:example>
137
+ */
138
+ function $SanitizeProvider() {
139
+ this.$get = ['$$sanitizeUri', function($$sanitizeUri) {
140
+ return function(html) {
141
+ var buf = [];
142
+ htmlParser(html, htmlSanitizeWriter(buf, function(uri, isImage) {
143
+ return !/^unsafe/.test($$sanitizeUri(uri, isImage));
144
+ }));
145
+ return buf.join('');
146
+ };
147
+ }];
148
+ }
149
+
150
+ function sanitizeText(chars) {
151
+ var buf = [];
152
+ var writer = htmlSanitizeWriter(buf, angular.noop);
153
+ writer.chars(chars);
154
+ return buf.join('');
155
+ }
156
+
157
+
158
+ // Regular Expressions for parsing tags and attributes
159
+ var START_TAG_REGEXP =
160
+ /^<\s*([\w:-]+)((?:\s+[\w:-]+(?:\s*=\s*(?:(?:"[^"]*")|(?:'[^']*')|[^>\s]+))?)*)\s*(\/?)\s*>/,
161
+ END_TAG_REGEXP = /^<\s*\/\s*([\w:-]+)[^>]*>/,
162
+ ATTR_REGEXP = /([\w:-]+)(?:\s*=\s*(?:(?:"((?:[^"])*)")|(?:'((?:[^'])*)')|([^>\s]+)))?/g,
163
+ BEGIN_TAG_REGEXP = /^</,
164
+ BEGING_END_TAGE_REGEXP = /^<\s*\//,
165
+ COMMENT_REGEXP = /<!--(.*?)-->/g,
166
+ DOCTYPE_REGEXP = /<!DOCTYPE([^>]*?)>/i,
167
+ CDATA_REGEXP = /<!\[CDATA\[(.*?)]]>/g,
168
+ // Match everything outside of normal chars and " (quote character)
169
+ NON_ALPHANUMERIC_REGEXP = /([^\#-~| |!])/g;
170
+
171
+
172
+ // Good source of info about elements and attributes
173
+ // http://dev.w3.org/html5/spec/Overview.html#semantics
174
+ // http://simon.html5.org/html-elements
175
+
176
+ // Safe Void Elements - HTML5
177
+ // http://dev.w3.org/html5/spec/Overview.html#void-elements
178
+ var voidElements = makeMap("area,br,col,hr,img,wbr");
179
+
180
+ // Elements that you can, intentionally, leave open (and which close themselves)
181
+ // http://dev.w3.org/html5/spec/Overview.html#optional-tags
182
+ var optionalEndTagBlockElements = makeMap("colgroup,dd,dt,li,p,tbody,td,tfoot,th,thead,tr"),
183
+ optionalEndTagInlineElements = makeMap("rp,rt"),
184
+ optionalEndTagElements = angular.extend({},
185
+ optionalEndTagInlineElements,
186
+ optionalEndTagBlockElements);
187
+
188
+ // Safe Block Elements - HTML5
189
+ var blockElements = angular.extend({}, optionalEndTagBlockElements, makeMap("address,article," +
190
+ "aside,blockquote,caption,center,del,dir,div,dl,figure,figcaption,footer,h1,h2,h3,h4,h5," +
191
+ "h6,header,hgroup,hr,ins,map,menu,nav,ol,pre,script,section,table,ul"));
192
+
193
+ // Inline Elements - HTML5
194
+ var inlineElements = angular.extend({}, optionalEndTagInlineElements, makeMap("a,abbr,acronym,b," +
195
+ "bdi,bdo,big,br,cite,code,del,dfn,em,font,i,img,ins,kbd,label,map,mark,q,ruby,rp,rt,s," +
196
+ "samp,small,span,strike,strong,sub,sup,time,tt,u,var"));
197
+
198
+
199
+ // Special Elements (can contain anything)
200
+ var specialElements = makeMap("script,style");
201
+
202
+ var validElements = angular.extend({},
203
+ voidElements,
204
+ blockElements,
205
+ inlineElements,
206
+ optionalEndTagElements);
207
+
208
+ //Attributes that have href and hence need to be sanitized
209
+ var uriAttrs = makeMap("background,cite,href,longdesc,src,usemap");
210
+ var validAttrs = angular.extend({}, uriAttrs, makeMap(
211
+ 'abbr,align,alt,axis,bgcolor,border,cellpadding,cellspacing,class,clear,'+
212
+ 'color,cols,colspan,compact,coords,dir,face,headers,height,hreflang,hspace,'+
213
+ 'ismap,lang,language,nohref,nowrap,rel,rev,rows,rowspan,rules,'+
214
+ 'scope,scrolling,shape,span,start,summary,target,title,type,'+
215
+ 'valign,value,vspace,width'));
216
+
217
+ function makeMap(str) {
218
+ var obj = {}, items = str.split(','), i;
219
+ for (i = 0; i < items.length; i++) obj[items[i]] = true;
220
+ return obj;
221
+ }
222
+
223
+
224
+ /**
225
+ * @example
226
+ * htmlParser(htmlString, {
227
+ * start: function(tag, attrs, unary) {},
228
+ * end: function(tag) {},
229
+ * chars: function(text) {},
230
+ * comment: function(text) {}
231
+ * });
232
+ *
233
+ * @param {string} html string
234
+ * @param {object} handler
235
+ */
236
+ function htmlParser( html, handler ) {
237
+ var index, chars, match, stack = [], last = html;
238
+ stack.last = function() { return stack[ stack.length - 1 ]; };
239
+
240
+ while ( html ) {
241
+ chars = true;
242
+
243
+ // Make sure we're not in a script or style element
244
+ if ( !stack.last() || !specialElements[ stack.last() ] ) {
245
+
246
+ // Comment
247
+ if ( html.indexOf("<!--") === 0 ) {
248
+ // comments containing -- are not allowed unless they terminate the comment
249
+ index = html.indexOf("--", 4);
250
+
251
+ if ( index >= 0 && html.lastIndexOf("-->", index) === index) {
252
+ if (handler.comment) handler.comment( html.substring( 4, index ) );
253
+ html = html.substring( index + 3 );
254
+ chars = false;
255
+ }
256
+ // DOCTYPE
257
+ } else if ( DOCTYPE_REGEXP.test(html) ) {
258
+ match = html.match( DOCTYPE_REGEXP );
259
+
260
+ if ( match ) {
261
+ html = html.replace( match[0] , '');
262
+ chars = false;
263
+ }
264
+ // end tag
265
+ } else if ( BEGING_END_TAGE_REGEXP.test(html) ) {
266
+ match = html.match( END_TAG_REGEXP );
267
+
268
+ if ( match ) {
269
+ html = html.substring( match[0].length );
270
+ match[0].replace( END_TAG_REGEXP, parseEndTag );
271
+ chars = false;
272
+ }
273
+
274
+ // start tag
275
+ } else if ( BEGIN_TAG_REGEXP.test(html) ) {
276
+ match = html.match( START_TAG_REGEXP );
277
+
278
+ if ( match ) {
279
+ html = html.substring( match[0].length );
280
+ match[0].replace( START_TAG_REGEXP, parseStartTag );
281
+ chars = false;
282
+ }
283
+ }
284
+
285
+ if ( chars ) {
286
+ index = html.indexOf("<");
287
+
288
+ var text = index < 0 ? html : html.substring( 0, index );
289
+ html = index < 0 ? "" : html.substring( index );
290
+
291
+ if (handler.chars) handler.chars( decodeEntities(text) );
292
+ }
293
+
294
+ } else {
295
+ html = html.replace(new RegExp("(.*)<\\s*\\/\\s*" + stack.last() + "[^>]*>", 'i'),
296
+ function(all, text){
297
+ text = text.replace(COMMENT_REGEXP, "$1").replace(CDATA_REGEXP, "$1");
298
+
299
+ if (handler.chars) handler.chars( decodeEntities(text) );
300
+
301
+ return "";
302
+ });
303
+
304
+ parseEndTag( "", stack.last() );
305
+ }
306
+
307
+ if ( html == last ) {
308
+ throw $sanitizeMinErr('badparse', "The sanitizer was unable to parse the following block " +
309
+ "of html: {0}", html);
310
+ }
311
+ last = html;
312
+ }
313
+
314
+ // Clean up any remaining tags
315
+ parseEndTag();
316
+
317
+ function parseStartTag( tag, tagName, rest, unary ) {
318
+ tagName = angular.lowercase(tagName);
319
+ if ( blockElements[ tagName ] ) {
320
+ while ( stack.last() && inlineElements[ stack.last() ] ) {
321
+ parseEndTag( "", stack.last() );
322
+ }
323
+ }
324
+
325
+ if ( optionalEndTagElements[ tagName ] && stack.last() == tagName ) {
326
+ parseEndTag( "", tagName );
327
+ }
328
+
329
+ unary = voidElements[ tagName ] || !!unary;
330
+
331
+ if ( !unary )
332
+ stack.push( tagName );
333
+
334
+ var attrs = {};
335
+
336
+ rest.replace(ATTR_REGEXP,
337
+ function(match, name, doubleQuotedValue, singleQuotedValue, unquotedValue) {
338
+ var value = doubleQuotedValue
339
+ || singleQuotedValue
340
+ || unquotedValue
341
+ || '';
342
+
343
+ attrs[name] = decodeEntities(value);
344
+ });
345
+ if (handler.start) handler.start( tagName, attrs, unary );
346
+ }
347
+
348
+ function parseEndTag( tag, tagName ) {
349
+ var pos = 0, i;
350
+ tagName = angular.lowercase(tagName);
351
+ if ( tagName )
352
+ // Find the closest opened tag of the same type
353
+ for ( pos = stack.length - 1; pos >= 0; pos-- )
354
+ if ( stack[ pos ] == tagName )
355
+ break;
356
+
357
+ if ( pos >= 0 ) {
358
+ // Close all the open elements, up the stack
359
+ for ( i = stack.length - 1; i >= pos; i-- )
360
+ if (handler.end) handler.end( stack[ i ] );
361
+
362
+ // Remove the open elements from the stack
363
+ stack.length = pos;
364
+ }
365
+ }
366
+ }
367
+
368
+ /**
369
+ * decodes all entities into regular string
370
+ * @param value
371
+ * @returns {string} A string with decoded entities.
372
+ */
373
+ var hiddenPre=document.createElement("pre");
374
+ function decodeEntities(value) {
375
+ if (!value) {
376
+ return '';
377
+ }
378
+ // Note: IE8 does not preserve spaces at the start/end of innerHTML
379
+ var spaceRe = /^(\s*)([\s\S]*?)(\s*)$/;
380
+ var parts = spaceRe.exec(value);
381
+ parts[0] = '';
382
+ if (parts[2]) {
383
+ hiddenPre.innerHTML=parts[2].replace(/</g,"&lt;");
384
+ parts[2] = hiddenPre.innerText || hiddenPre.textContent;
385
+ }
386
+ return parts.join('');
387
+ }
388
+
389
+ /**
390
+ * Escapes all potentially dangerous characters, so that the
391
+ * resulting string can be safely inserted into attribute or
392
+ * element text.
393
+ * @param value
394
+ * @returns escaped text
395
+ */
396
+ function encodeEntities(value) {
397
+ return value.
398
+ replace(/&/g, '&amp;').
399
+ replace(NON_ALPHANUMERIC_REGEXP, function(value){
400
+ return '&#' + value.charCodeAt(0) + ';';
401
+ }).
402
+ replace(/</g, '&lt;').
403
+ replace(/>/g, '&gt;');
404
+ }
405
+
406
+ /**
407
+ * create an HTML/XML writer which writes to buffer
408
+ * @param {Array} buf use buf.jain('') to get out sanitized html string
409
+ * @returns {object} in the form of {
410
+ * start: function(tag, attrs, unary) {},
411
+ * end: function(tag) {},
412
+ * chars: function(text) {},
413
+ * comment: function(text) {}
414
+ * }
415
+ */
416
+ function htmlSanitizeWriter(buf, uriValidator){
417
+ var ignore = false;
418
+ var out = angular.bind(buf, buf.push);
419
+ return {
420
+ start: function(tag, attrs, unary){
421
+ tag = angular.lowercase(tag);
422
+ if (!ignore && specialElements[tag]) {
423
+ ignore = tag;
424
+ }
425
+ if (!ignore && validElements[tag] === true) {
426
+ out('<');
427
+ out(tag);
428
+ angular.forEach(attrs, function(value, key){
429
+ var lkey=angular.lowercase(key);
430
+ var isImage = (tag === 'img' && lkey === 'src') || (lkey === 'background');
431
+ if (validAttrs[lkey] === true &&
432
+ (uriAttrs[lkey] !== true || uriValidator(value, isImage))) {
433
+ out(' ');
434
+ out(key);
435
+ out('="');
436
+ out(encodeEntities(value));
437
+ out('"');
438
+ }
439
+ });
440
+ out(unary ? '/>' : '>');
441
+ }
442
+ },
443
+ end: function(tag){
444
+ tag = angular.lowercase(tag);
445
+ if (!ignore && validElements[tag] === true) {
446
+ out('</');
447
+ out(tag);
448
+ out('>');
449
+ }
450
+ if (tag == ignore) {
451
+ ignore = false;
452
+ }
453
+ },
454
+ chars: function(chars){
455
+ if (!ignore) {
456
+ out(encodeEntities(chars));
457
+ }
458
+ }
459
+ };
460
+ }
461
+
462
+
463
+ // define ngSanitize module and register $sanitize service
464
+ angular.module('ngSanitize', []).provider('$sanitize', $SanitizeProvider);
465
+
466
+ /* global sanitizeText: false */
467
+
468
+ /**
469
+ * @ngdoc filter
470
+ * @name ngSanitize.filter:linky
471
+ * @function
472
+ *
473
+ * @description
474
+ * Finds links in text input and turns them into html links. Supports http/https/ftp/mailto and
475
+ * plain email address links.
476
+ *
477
+ * Requires the {@link ngSanitize `ngSanitize`} module to be installed.
478
+ *
479
+ * @param {string} text Input text.
480
+ * @param {string} target Window (_blank|_self|_parent|_top) or named frame to open links in.
481
+ * @returns {string} Html-linkified text.
482
+ *
483
+ * @usage
484
+ <span ng-bind-html="linky_expression | linky"></span>
485
+ *
486
+ * @example
487
+ <doc:example module="ngSanitize">
488
+ <doc:source>
489
+ <script>
490
+ function Ctrl($scope) {
491
+ $scope.snippet =
492
+ 'Pretty text with some links:\n'+
493
+ 'http://angularjs.org/,\n'+
494
+ 'mailto:us@somewhere.org,\n'+
495
+ 'another@somewhere.org,\n'+
496
+ 'and one more: ftp://127.0.0.1/.';
497
+ $scope.snippetWithTarget = 'http://angularjs.org/';
498
+ }
499
+ </script>
500
+ <div ng-controller="Ctrl">
501
+ Snippet: <textarea ng-model="snippet" cols="60" rows="3"></textarea>
502
+ <table>
503
+ <tr>
504
+ <td>Filter</td>
505
+ <td>Source</td>
506
+ <td>Rendered</td>
507
+ </tr>
508
+ <tr id="linky-filter">
509
+ <td>linky filter</td>
510
+ <td>
511
+ <pre>&lt;div ng-bind-html="snippet | linky"&gt;<br>&lt;/div&gt;</pre>
512
+ </td>
513
+ <td>
514
+ <div ng-bind-html="snippet | linky"></div>
515
+ </td>
516
+ </tr>
517
+ <tr id="linky-target">
518
+ <td>linky target</td>
519
+ <td>
520
+ <pre>&lt;div ng-bind-html="snippetWithTarget | linky:'_blank'"&gt;<br>&lt;/div&gt;</pre>
521
+ </td>
522
+ <td>
523
+ <div ng-bind-html="snippetWithTarget | linky:'_blank'"></div>
524
+ </td>
525
+ </tr>
526
+ <tr id="escaped-html">
527
+ <td>no filter</td>
528
+ <td><pre>&lt;div ng-bind="snippet"&gt;<br>&lt;/div&gt;</pre></td>
529
+ <td><div ng-bind="snippet"></div></td>
530
+ </tr>
531
+ </table>
532
+ </doc:source>
533
+ <doc:scenario>
534
+ it('should linkify the snippet with urls', function() {
535
+ expect(using('#linky-filter').binding('snippet | linky')).
536
+ toBe('Pretty text with some links:&#10;' +
537
+ '<a href="http://angularjs.org/">http://angularjs.org/</a>,&#10;' +
538
+ '<a href="mailto:us@somewhere.org">us@somewhere.org</a>,&#10;' +
539
+ '<a href="mailto:another@somewhere.org">another@somewhere.org</a>,&#10;' +
540
+ 'and one more: <a href="ftp://127.0.0.1/">ftp://127.0.0.1/</a>.');
541
+ });
542
+
543
+ it ('should not linkify snippet without the linky filter', function() {
544
+ expect(using('#escaped-html').binding('snippet')).
545
+ toBe("Pretty text with some links:\n" +
546
+ "http://angularjs.org/,\n" +
547
+ "mailto:us@somewhere.org,\n" +
548
+ "another@somewhere.org,\n" +
549
+ "and one more: ftp://127.0.0.1/.");
550
+ });
551
+
552
+ it('should update', function() {
553
+ input('snippet').enter('new http://link.');
554
+ expect(using('#linky-filter').binding('snippet | linky')).
555
+ toBe('new <a href="http://link">http://link</a>.');
556
+ expect(using('#escaped-html').binding('snippet')).toBe('new http://link.');
557
+ });
558
+
559
+ it('should work with the target property', function() {
560
+ expect(using('#linky-target').binding("snippetWithTarget | linky:'_blank'")).
561
+ toBe('<a target="_blank" href="http://angularjs.org/">http://angularjs.org/</a>');
562
+ });
563
+ </doc:scenario>
564
+ </doc:example>
565
+ */
566
+ angular.module('ngSanitize').filter('linky', ['$sanitize', function($sanitize) {
567
+ var LINKY_URL_REGEXP =
568
+ /((ftp|https?):\/\/|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>]/,
569
+ MAILTO_REGEXP = /^mailto:/;
570
+
571
+ return function(text, target) {
572
+ if (!text) return text;
573
+ var match;
574
+ var raw = text;
575
+ var html = [];
576
+ var url;
577
+ var i;
578
+ while ((match = raw.match(LINKY_URL_REGEXP))) {
579
+ // We can not end in these as they are sometimes found at the end of the sentence
580
+ url = match[0];
581
+ // if we did not match ftp/http/mailto then assume mailto
582
+ if (match[2] == match[3]) url = 'mailto:' + url;
583
+ i = match.index;
584
+ addText(raw.substr(0, i));
585
+ addLink(url, match[0].replace(MAILTO_REGEXP, ''));
586
+ raw = raw.substring(i + match[0].length);
587
+ }
588
+ addText(raw);
589
+ return $sanitize(html.join(''));
590
+
591
+ function addText(text) {
592
+ if (!text) {
593
+ return;
594
+ }
595
+ html.push(sanitizeText(text));
596
+ }
597
+
598
+ function addLink(url, text) {
599
+ html.push('<a ');
600
+ if (angular.isDefined(target)) {
601
+ html.push('target="');
602
+ html.push(target);
603
+ html.push('" ');
604
+ }
605
+ html.push('href="');
606
+ html.push(url);
607
+ html.push('">');
608
+ addText(text);
609
+ html.push('</a>');
610
+ }
611
+ };
612
+ }]);
613
+
614
+
615
+ })(window, window.angular);