@angular-wave/angular.ts 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.eslintignore +1 -0
- package/.eslintrc.cjs +29 -0
- package/.github/workflows/playwright.yml +27 -0
- package/CHANGELOG.md +17974 -0
- package/CODE_OF_CONDUCT.md +3 -0
- package/CONTRIBUTING.md +246 -0
- package/DEVELOPERS.md +488 -0
- package/LICENSE +22 -0
- package/Makefile +31 -0
- package/README.md +115 -0
- package/RELEASE.md +98 -0
- package/SECURITY.md +16 -0
- package/TRIAGING.md +135 -0
- package/css/angular.css +22 -0
- package/dist/angular-ts.cjs.js +36843 -0
- package/dist/angular-ts.esm.js +36841 -0
- package/dist/angular-ts.umd.js +36848 -0
- package/dist/build/angular-animate.js +4272 -0
- package/dist/build/angular-aria.js +426 -0
- package/dist/build/angular-message-format.js +1072 -0
- package/dist/build/angular-messages.js +829 -0
- package/dist/build/angular-mocks.js +3757 -0
- package/dist/build/angular-parse-ext.js +1275 -0
- package/dist/build/angular-resource.js +911 -0
- package/dist/build/angular-route.js +1266 -0
- package/dist/build/angular-sanitize.js +891 -0
- package/dist/build/angular-touch.js +368 -0
- package/dist/build/angular.js +36600 -0
- package/e2e/unit.spec.ts +15 -0
- package/images/android-chrome-192x192.png +0 -0
- package/images/android-chrome-512x512.png +0 -0
- package/images/apple-touch-icon.png +0 -0
- package/images/favicon-16x16.png +0 -0
- package/images/favicon-32x32.png +0 -0
- package/images/favicon.ico +0 -0
- package/images/site.webmanifest +1 -0
- package/index.html +104 -0
- package/package.json +47 -0
- package/playwright.config.ts +78 -0
- package/public/circle.html +1 -0
- package/public/my_child_directive.html +1 -0
- package/public/my_directive.html +1 -0
- package/public/my_other_directive.html +1 -0
- package/public/test.html +1 -0
- package/rollup.config.js +31 -0
- package/src/animations/animateCache.js +55 -0
- package/src/animations/animateChildrenDirective.js +105 -0
- package/src/animations/animateCss.js +1139 -0
- package/src/animations/animateCssDriver.js +291 -0
- package/src/animations/animateJs.js +367 -0
- package/src/animations/animateJsDriver.js +67 -0
- package/src/animations/animateQueue.js +851 -0
- package/src/animations/animation.js +506 -0
- package/src/animations/module.js +779 -0
- package/src/animations/ngAnimateSwap.js +119 -0
- package/src/animations/rafScheduler.js +50 -0
- package/src/animations/shared.js +378 -0
- package/src/constants.js +20 -0
- package/src/core/animate.js +845 -0
- package/src/core/animateCss.js +73 -0
- package/src/core/animateRunner.js +195 -0
- package/src/core/attributes.js +199 -0
- package/src/core/cache.js +45 -0
- package/src/core/compile.js +4727 -0
- package/src/core/controller.js +225 -0
- package/src/core/exceptionHandler.js +63 -0
- package/src/core/filter.js +146 -0
- package/src/core/interpolate.js +442 -0
- package/src/core/interval.js +188 -0
- package/src/core/intervalFactory.js +57 -0
- package/src/core/location.js +1086 -0
- package/src/core/parser/parse.js +2562 -0
- package/src/core/parser/parse.md +13 -0
- package/src/core/q.js +746 -0
- package/src/core/rootScope.js +1596 -0
- package/src/core/sanitizeUri.js +85 -0
- package/src/core/sce.js +1161 -0
- package/src/core/taskTrackerFactory.js +125 -0
- package/src/core/timeout.js +121 -0
- package/src/core/urlUtils.js +187 -0
- package/src/core/utils.js +1349 -0
- package/src/directive/a.js +37 -0
- package/src/directive/attrs.js +283 -0
- package/src/directive/bind.js +51 -0
- package/src/directive/bind.md +142 -0
- package/src/directive/change.js +12 -0
- package/src/directive/change.md +25 -0
- package/src/directive/cloak.js +12 -0
- package/src/directive/cloak.md +24 -0
- package/src/directive/events.js +75 -0
- package/src/directive/events.md +166 -0
- package/src/directive/form.js +725 -0
- package/src/directive/init.js +15 -0
- package/src/directive/init.md +41 -0
- package/src/directive/input.js +1783 -0
- package/src/directive/list.js +46 -0
- package/src/directive/list.md +22 -0
- package/src/directive/ngClass.js +249 -0
- package/src/directive/ngController.js +64 -0
- package/src/directive/ngCsp.js +82 -0
- package/src/directive/ngIf.js +134 -0
- package/src/directive/ngInclude.js +217 -0
- package/src/directive/ngModel.js +1356 -0
- package/src/directive/ngModelOptions.js +509 -0
- package/src/directive/ngOptions.js +670 -0
- package/src/directive/ngRef.js +90 -0
- package/src/directive/ngRepeat.js +650 -0
- package/src/directive/ngShowHide.js +255 -0
- package/src/directive/ngSwitch.js +178 -0
- package/src/directive/ngTransclude.js +98 -0
- package/src/directive/non-bindable.js +11 -0
- package/src/directive/non-bindable.md +17 -0
- package/src/directive/script.js +30 -0
- package/src/directive/select.js +624 -0
- package/src/directive/style.js +25 -0
- package/src/directive/style.md +23 -0
- package/src/directive/validators.js +329 -0
- package/src/exts/aria.js +544 -0
- package/src/exts/messages.js +852 -0
- package/src/filters/filter.js +207 -0
- package/src/filters/filter.md +69 -0
- package/src/filters/filters.js +239 -0
- package/src/filters/json.md +16 -0
- package/src/filters/limit-to.js +43 -0
- package/src/filters/limit-to.md +19 -0
- package/src/filters/order-by.js +183 -0
- package/src/filters/order-by.md +83 -0
- package/src/index.js +13 -0
- package/src/injector.js +1034 -0
- package/src/jqLite.js +1117 -0
- package/src/loader.js +1320 -0
- package/src/public.js +215 -0
- package/src/routeToRegExp.js +41 -0
- package/src/services/anchorScroll.js +135 -0
- package/src/services/browser.js +321 -0
- package/src/services/cacheFactory.js +398 -0
- package/src/services/cookieReader.js +72 -0
- package/src/services/document.js +64 -0
- package/src/services/http.js +1537 -0
- package/src/services/httpBackend.js +206 -0
- package/src/services/log.js +160 -0
- package/src/services/templateRequest.js +139 -0
- package/test/angular.spec.js +2153 -0
- package/test/aria/aria.spec.js +1245 -0
- package/test/binding.spec.js +504 -0
- package/test/build-test.html +14 -0
- package/test/injector.spec.js +2327 -0
- package/test/jasmine/jasmine-5.1.2/boot0.js +65 -0
- package/test/jasmine/jasmine-5.1.2/boot1.js +133 -0
- package/test/jasmine/jasmine-5.1.2/jasmine-html.js +963 -0
- package/test/jasmine/jasmine-5.1.2/jasmine.css +320 -0
- package/test/jasmine/jasmine-5.1.2/jasmine.js +10824 -0
- package/test/jasmine/jasmine-5.1.2/jasmine_favicon.png +0 -0
- package/test/jasmine/jasmine-browser.json +17 -0
- package/test/jasmine/jasmine.json +9 -0
- package/test/jqlite.spec.js +2133 -0
- package/test/loader.spec.js +219 -0
- package/test/messages/messages.spec.js +1146 -0
- package/test/min-err.spec.js +174 -0
- package/test/mock-test.html +13 -0
- package/test/module-test.html +15 -0
- package/test/ng/anomate.spec.js +606 -0
- package/test/ng/cache-factor.spec.js +334 -0
- package/test/ng/compile.spec.js +17956 -0
- package/test/ng/controller-provider.spec.js +227 -0
- package/test/ng/cookie-reader.spec.js +98 -0
- package/test/ng/directive/a.spec.js +192 -0
- package/test/ng/directive/bind.spec.js +334 -0
- package/test/ng/directive/boolean.spec.js +136 -0
- package/test/ng/directive/change.spec.js +71 -0
- package/test/ng/directive/class.spec.js +858 -0
- package/test/ng/directive/click.spec.js +38 -0
- package/test/ng/directive/cloak.spec.js +44 -0
- package/test/ng/directive/constoller.spec.js +194 -0
- package/test/ng/directive/element-style.spec.js +92 -0
- package/test/ng/directive/event.spec.js +282 -0
- package/test/ng/directive/form.spec.js +1518 -0
- package/test/ng/directive/href.spec.js +143 -0
- package/test/ng/directive/if.spec.js +402 -0
- package/test/ng/directive/include.spec.js +828 -0
- package/test/ng/directive/init.spec.js +68 -0
- package/test/ng/directive/input.spec.js +3810 -0
- package/test/ng/directive/list.spec.js +170 -0
- package/test/ng/directive/model-options.spec.js +1008 -0
- package/test/ng/directive/model.spec.js +1905 -0
- package/test/ng/directive/non-bindable.spec.js +55 -0
- package/test/ng/directive/options.spec.js +3583 -0
- package/test/ng/directive/ref.spec.js +575 -0
- package/test/ng/directive/repeat.spec.js +1675 -0
- package/test/ng/directive/script.spec.js +52 -0
- package/test/ng/directive/scrset.spec.js +67 -0
- package/test/ng/directive/select.spec.js +2541 -0
- package/test/ng/directive/show-hide.spec.js +253 -0
- package/test/ng/directive/src.spec.js +157 -0
- package/test/ng/directive/style.spec.js +178 -0
- package/test/ng/directive/switch.spec.js +647 -0
- package/test/ng/directive/validators.spec.js +717 -0
- package/test/ng/document.spec.js +52 -0
- package/test/ng/filter/filter.spec.js +714 -0
- package/test/ng/filter/filters.spec.js +35 -0
- package/test/ng/filter/limit-to.spec.js +251 -0
- package/test/ng/filter/order-by.spec.js +891 -0
- package/test/ng/filter.spec.js +149 -0
- package/test/ng/http-backend.spec.js +398 -0
- package/test/ng/http.spec.js +4071 -0
- package/test/ng/interpolate.spec.js +642 -0
- package/test/ng/interval.spec.js +343 -0
- package/test/ng/location.spec.js +3488 -0
- package/test/ng/on.spec.js +229 -0
- package/test/ng/parse.spec.js +4655 -0
- package/test/ng/prop.spec.js +805 -0
- package/test/ng/q.spec.js +2904 -0
- package/test/ng/root-element.spec.js +16 -0
- package/test/ng/sanitize-uri.spec.js +249 -0
- package/test/ng/sce.spec.js +660 -0
- package/test/ng/scope.spec.js +3442 -0
- package/test/ng/template-request.spec.js +236 -0
- package/test/ng/timeout.spec.js +351 -0
- package/test/ng/url-utils.spec.js +156 -0
- package/test/ng/utils.spec.js +144 -0
- package/test/original-test.html +21 -0
- package/test/public.spec.js +34 -0
- package/test/sanitize/bing-html.spec.js +36 -0
- package/test/server/express.js +158 -0
- package/test/test-utils.js +11 -0
- package/tsconfig.json +17 -0
- package/types/angular.d.ts +138 -0
- package/types/global.d.ts +9 -0
- package/types/index.d.ts +2357 -0
- package/types/jqlite.d.ts +558 -0
- package/vite.config.js +14 -0
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import { jqLite, dealoc } from "../../src/jqLite";
|
|
2
|
+
import { Angular } from "../../src/loader";
|
|
3
|
+
import { publishExternalAPI } from "../../src/public";
|
|
4
|
+
|
|
5
|
+
describe("$rootElement", () => {
|
|
6
|
+
let angular = new Angular();
|
|
7
|
+
publishExternalAPI();
|
|
8
|
+
|
|
9
|
+
it("should publish the bootstrap element into $rootElement", () => {
|
|
10
|
+
const element = jqLite("<div></div>");
|
|
11
|
+
const injector = angular.bootstrap(element);
|
|
12
|
+
|
|
13
|
+
expect(injector.get("$rootElement")[0]).toBe(element[0]);
|
|
14
|
+
dealoc(element);
|
|
15
|
+
});
|
|
16
|
+
});
|
|
@@ -0,0 +1,249 @@
|
|
|
1
|
+
import { SanitizeUriProvider } from "../../src/core/sanitizeUri";
|
|
2
|
+
|
|
3
|
+
describe("sanitizeUri", () => {
|
|
4
|
+
let sanitizeHref;
|
|
5
|
+
let sanitizeImg;
|
|
6
|
+
let sanitizeUriProvider;
|
|
7
|
+
let testUrl;
|
|
8
|
+
let $$sanitizeUri;
|
|
9
|
+
beforeEach(() => {
|
|
10
|
+
sanitizeUriProvider = new SanitizeUriProvider();
|
|
11
|
+
$$sanitizeUri = sanitizeUriProvider.$get();
|
|
12
|
+
|
|
13
|
+
sanitizeHref = function (uri) {
|
|
14
|
+
return $$sanitizeUri(uri, false);
|
|
15
|
+
};
|
|
16
|
+
sanitizeImg = function (uri) {
|
|
17
|
+
return $$sanitizeUri(uri, true);
|
|
18
|
+
};
|
|
19
|
+
});
|
|
20
|
+
|
|
21
|
+
function isEvilInCurrentBrowser(uri) {
|
|
22
|
+
const a = window.document.createElement("a");
|
|
23
|
+
a.setAttribute("href", uri);
|
|
24
|
+
return a.href.substring(0, 4) !== "http";
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
describe("img[src] sanitization", () => {
|
|
28
|
+
it("should sanitize javascript: urls", () => {
|
|
29
|
+
testUrl = "javascript:doEvilStuff()";
|
|
30
|
+
expect(sanitizeImg(testUrl)).toBe("unsafe:javascript:doEvilStuff()");
|
|
31
|
+
});
|
|
32
|
+
|
|
33
|
+
it("should sanitize javascript: urls with comments", () => {
|
|
34
|
+
testUrl = "javascript:alert(1)//data:image/";
|
|
35
|
+
expect(sanitizeImg(testUrl)).toBe(
|
|
36
|
+
"unsafe:javascript:alert(1)//data:image/",
|
|
37
|
+
);
|
|
38
|
+
});
|
|
39
|
+
|
|
40
|
+
it("should sanitize non-image data: urls", () => {
|
|
41
|
+
testUrl = "data:application/javascript;charset=US-ASCII,alert('evil!');";
|
|
42
|
+
expect(sanitizeImg(testUrl)).toBe(
|
|
43
|
+
"unsafe:data:application/javascript;charset=US-ASCII,alert('evil!');",
|
|
44
|
+
);
|
|
45
|
+
|
|
46
|
+
testUrl = "data:,foo";
|
|
47
|
+
expect(sanitizeImg(testUrl)).toBe("unsafe:data:,foo");
|
|
48
|
+
});
|
|
49
|
+
|
|
50
|
+
it("should sanitize mailto: urls", () => {
|
|
51
|
+
testUrl = "mailto:foo@bar.com";
|
|
52
|
+
expect(sanitizeImg(testUrl)).toBe("unsafe:mailto:foo@bar.com");
|
|
53
|
+
});
|
|
54
|
+
|
|
55
|
+
it("should sanitize obfuscated javascript: urls", () => {
|
|
56
|
+
// case-sensitive
|
|
57
|
+
testUrl = "JaVaScRiPt:doEvilStuff()";
|
|
58
|
+
expect(sanitizeImg(testUrl)).toBe("unsafe:javascript:doEvilStuff()");
|
|
59
|
+
|
|
60
|
+
// tab in protocol
|
|
61
|
+
testUrl = "java\u0009script:doEvilStuff()";
|
|
62
|
+
if (isEvilInCurrentBrowser(testUrl)) {
|
|
63
|
+
expect(sanitizeImg(testUrl)).toEqual("unsafe:javascript:doEvilStuff()");
|
|
64
|
+
}
|
|
65
|
+
|
|
66
|
+
// space before
|
|
67
|
+
testUrl = " javascript:doEvilStuff()";
|
|
68
|
+
expect(sanitizeImg(testUrl)).toBe("unsafe:javascript:doEvilStuff()");
|
|
69
|
+
|
|
70
|
+
// ws chars before
|
|
71
|
+
testUrl = " \u000e javascript:doEvilStuff()";
|
|
72
|
+
if (isEvilInCurrentBrowser(testUrl)) {
|
|
73
|
+
expect(sanitizeImg(testUrl)).toEqual("unsafe:javascript:doEvilStuff()");
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
// post-fixed with proper url
|
|
77
|
+
testUrl = "javascript:doEvilStuff(); http://make.me/look/good";
|
|
78
|
+
expect(sanitizeImg(testUrl)).toBe(
|
|
79
|
+
"unsafe:javascript:doEvilStuff(); http://make.me/look/good",
|
|
80
|
+
);
|
|
81
|
+
});
|
|
82
|
+
|
|
83
|
+
it("should sanitize ng-src bindings as well", () => {
|
|
84
|
+
testUrl = "javascript:doEvilStuff()";
|
|
85
|
+
expect(sanitizeImg(testUrl)).toBe("unsafe:javascript:doEvilStuff()");
|
|
86
|
+
});
|
|
87
|
+
|
|
88
|
+
it("should not sanitize valid urls", () => {
|
|
89
|
+
testUrl = "foo/bar";
|
|
90
|
+
expect(sanitizeImg(testUrl)).toBe("foo/bar");
|
|
91
|
+
|
|
92
|
+
testUrl = "/foo/bar";
|
|
93
|
+
expect(sanitizeImg(testUrl)).toBe("/foo/bar");
|
|
94
|
+
|
|
95
|
+
testUrl = "../foo/bar";
|
|
96
|
+
expect(sanitizeImg(testUrl)).toBe("../foo/bar");
|
|
97
|
+
|
|
98
|
+
testUrl = "#foo";
|
|
99
|
+
expect(sanitizeImg(testUrl)).toBe("#foo");
|
|
100
|
+
|
|
101
|
+
testUrl = "http://foo.com/bar";
|
|
102
|
+
expect(sanitizeImg(testUrl)).toBe("http://foo.com/bar");
|
|
103
|
+
|
|
104
|
+
testUrl = " http://foo.com/bar";
|
|
105
|
+
expect(sanitizeImg(testUrl)).toBe(" http://foo.com/bar");
|
|
106
|
+
|
|
107
|
+
testUrl = "https://foo.com/bar";
|
|
108
|
+
expect(sanitizeImg(testUrl)).toBe("https://foo.com/bar");
|
|
109
|
+
|
|
110
|
+
testUrl = "ftp://foo.com/bar";
|
|
111
|
+
expect(sanitizeImg(testUrl)).toBe("ftp://foo.com/bar");
|
|
112
|
+
|
|
113
|
+
testUrl = "file:///foo/bar.html";
|
|
114
|
+
expect(sanitizeImg(testUrl)).toBe("file:///foo/bar.html");
|
|
115
|
+
});
|
|
116
|
+
|
|
117
|
+
it("should not sanitize blob urls", () => {
|
|
118
|
+
testUrl = "blob:///foo/bar.html";
|
|
119
|
+
expect(sanitizeImg(testUrl)).toBe("blob:///foo/bar.html");
|
|
120
|
+
});
|
|
121
|
+
|
|
122
|
+
it("should not sanitize data: URIs for images", () => {
|
|
123
|
+
// image data uri
|
|
124
|
+
// ref: http://probablyprogramming.com/2009/03/15/the-tiniest-gif-ever
|
|
125
|
+
testUrl =
|
|
126
|
+
"data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==";
|
|
127
|
+
expect(sanitizeImg(testUrl)).toBe(
|
|
128
|
+
"data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==",
|
|
129
|
+
);
|
|
130
|
+
});
|
|
131
|
+
|
|
132
|
+
it("should allow reconfiguration of the src trusted URIs", () => {
|
|
133
|
+
let returnVal;
|
|
134
|
+
expect(
|
|
135
|
+
sanitizeUriProvider.imgSrcSanitizationTrustedUrlList() instanceof
|
|
136
|
+
RegExp,
|
|
137
|
+
).toBe(true);
|
|
138
|
+
returnVal =
|
|
139
|
+
sanitizeUriProvider.imgSrcSanitizationTrustedUrlList(/javascript:/);
|
|
140
|
+
expect(returnVal).toBe(sanitizeUriProvider);
|
|
141
|
+
|
|
142
|
+
testUrl = "javascript:doEvilStuff()";
|
|
143
|
+
expect(sanitizeImg(testUrl)).toBe("javascript:doEvilStuff()");
|
|
144
|
+
|
|
145
|
+
testUrl = "http://recon/figured";
|
|
146
|
+
expect(sanitizeImg(testUrl)).toBe("unsafe:http://recon/figured");
|
|
147
|
+
});
|
|
148
|
+
});
|
|
149
|
+
|
|
150
|
+
describe("a[href] sanitization", () => {
|
|
151
|
+
it("should sanitize javascript: urls", () => {
|
|
152
|
+
testUrl = "javascript:doEvilStuff()";
|
|
153
|
+
expect(sanitizeHref(testUrl)).toBe("unsafe:javascript:doEvilStuff()");
|
|
154
|
+
});
|
|
155
|
+
|
|
156
|
+
it("should sanitize data: urls", () => {
|
|
157
|
+
testUrl = "data:evilPayload";
|
|
158
|
+
expect(sanitizeHref(testUrl)).toBe("unsafe:data:evilPayload");
|
|
159
|
+
});
|
|
160
|
+
|
|
161
|
+
it("should sanitize obfuscated javascript: urls", () => {
|
|
162
|
+
// case-sensitive
|
|
163
|
+
testUrl = "JaVaScRiPt:doEvilStuff()";
|
|
164
|
+
expect(sanitizeHref(testUrl)).toBe("unsafe:javascript:doEvilStuff()");
|
|
165
|
+
|
|
166
|
+
// tab in protocol
|
|
167
|
+
testUrl = "java\u0009script:doEvilStuff()";
|
|
168
|
+
if (isEvilInCurrentBrowser(testUrl)) {
|
|
169
|
+
expect(sanitizeHref(testUrl)).toEqual(
|
|
170
|
+
"unsafe:javascript:doEvilStuff()",
|
|
171
|
+
);
|
|
172
|
+
}
|
|
173
|
+
|
|
174
|
+
// space before
|
|
175
|
+
testUrl = " javascript:doEvilStuff()";
|
|
176
|
+
expect(sanitizeHref(testUrl)).toBe("unsafe:javascript:doEvilStuff()");
|
|
177
|
+
|
|
178
|
+
// ws chars before
|
|
179
|
+
testUrl = " \u000e javascript:doEvilStuff()";
|
|
180
|
+
if (isEvilInCurrentBrowser(testUrl)) {
|
|
181
|
+
expect(sanitizeHref(testUrl)).toEqual(
|
|
182
|
+
"unsafe:javascript:doEvilStuff()",
|
|
183
|
+
);
|
|
184
|
+
}
|
|
185
|
+
|
|
186
|
+
// post-fixed with proper url
|
|
187
|
+
testUrl = "javascript:doEvilStuff(); http://make.me/look/good";
|
|
188
|
+
expect(sanitizeHref(testUrl)).toBe(
|
|
189
|
+
"unsafe:javascript:doEvilStuff(); http://make.me/look/good",
|
|
190
|
+
);
|
|
191
|
+
});
|
|
192
|
+
|
|
193
|
+
it("should sanitize ngHref bindings as well", () => {
|
|
194
|
+
testUrl = "javascript:doEvilStuff()";
|
|
195
|
+
expect(sanitizeHref(testUrl)).toBe("unsafe:javascript:doEvilStuff()");
|
|
196
|
+
});
|
|
197
|
+
|
|
198
|
+
it("should not sanitize valid urls", () => {
|
|
199
|
+
testUrl = "foo/bar";
|
|
200
|
+
expect(sanitizeHref(testUrl)).toBe("foo/bar");
|
|
201
|
+
|
|
202
|
+
testUrl = "/foo/bar";
|
|
203
|
+
expect(sanitizeHref(testUrl)).toBe("/foo/bar");
|
|
204
|
+
|
|
205
|
+
testUrl = "../foo/bar";
|
|
206
|
+
expect(sanitizeHref(testUrl)).toBe("../foo/bar");
|
|
207
|
+
|
|
208
|
+
testUrl = "#foo";
|
|
209
|
+
expect(sanitizeHref(testUrl)).toBe("#foo");
|
|
210
|
+
|
|
211
|
+
testUrl = "http://foo/bar";
|
|
212
|
+
expect(sanitizeHref(testUrl)).toBe("http://foo/bar");
|
|
213
|
+
|
|
214
|
+
testUrl = " http://foo/bar";
|
|
215
|
+
expect(sanitizeHref(testUrl)).toBe(" http://foo/bar");
|
|
216
|
+
|
|
217
|
+
testUrl = "https://foo/bar";
|
|
218
|
+
expect(sanitizeHref(testUrl)).toBe("https://foo/bar");
|
|
219
|
+
|
|
220
|
+
testUrl = "ftp://foo/bar";
|
|
221
|
+
expect(sanitizeHref(testUrl)).toBe("ftp://foo/bar");
|
|
222
|
+
|
|
223
|
+
testUrl = "sftp://foo/bar";
|
|
224
|
+
expect(sanitizeHref(testUrl)).toBe("sftp://foo/bar");
|
|
225
|
+
|
|
226
|
+
testUrl = "mailto:foo@bar.com";
|
|
227
|
+
expect(sanitizeHref(testUrl)).toBe("mailto:foo@bar.com");
|
|
228
|
+
|
|
229
|
+
testUrl = "file:///foo/bar.html";
|
|
230
|
+
expect(sanitizeHref(testUrl)).toBe("file:///foo/bar.html");
|
|
231
|
+
});
|
|
232
|
+
|
|
233
|
+
it("should allow reconfiguration of the href trusted URIs", () => {
|
|
234
|
+
let returnVal;
|
|
235
|
+
expect(
|
|
236
|
+
sanitizeUriProvider.aHrefSanitizationTrustedUrlList() instanceof RegExp,
|
|
237
|
+
).toBe(true);
|
|
238
|
+
returnVal =
|
|
239
|
+
sanitizeUriProvider.aHrefSanitizationTrustedUrlList(/javascript:/);
|
|
240
|
+
expect(returnVal).toBe(sanitizeUriProvider);
|
|
241
|
+
|
|
242
|
+
testUrl = "javascript:doEvilStuff()";
|
|
243
|
+
expect(sanitizeHref(testUrl)).toBe("javascript:doEvilStuff()");
|
|
244
|
+
|
|
245
|
+
testUrl = "http://recon/figured";
|
|
246
|
+
expect(sanitizeHref(testUrl)).toBe("unsafe:http://recon/figured");
|
|
247
|
+
});
|
|
248
|
+
});
|
|
249
|
+
});
|