fix($sanitize): sanitize javascript urls with comments

Closes #8274
This commit is contained in:
Brian Ford
2014-08-19 13:44:48 -07:00
parent cd0507bc3a
commit 4f3870500d
2 changed files with 7 additions and 2 deletions
+1 -1
View File
@@ -6,7 +6,7 @@
*/
function $$SanitizeUriProvider() {
var aHrefSanitizationWhitelist = /^\s*(https?|ftp|mailto|tel|file):/,
imgSrcSanitizationWhitelist = /^\s*(https?|ftp|file):|data:image\//;
imgSrcSanitizationWhitelist = /^\s*((https?|ftp|file):|data:image\/)/;
/**
* @description
+6 -1
View File
@@ -30,6 +30,11 @@ describe('sanitizeUri', function() {
expect(sanitizeImg(testUrl)).toBe('unsafe:javascript:doEvilStuff()');
});
it('should sanitize javascript: urls with comments', function() {
testUrl = "javascript:alert(1)//data:image/";
expect(sanitizeImg(testUrl)).toBe('unsafe:javascript:alert(1)//data:image/');
});
it('should sanitize non-image data: urls', function() {
testUrl = "data:application/javascript;charset=US-ASCII,alert('evil!');";
expect(sanitizeImg(testUrl)).toBe("unsafe:data:application/javascript;charset=US-ASCII,alert('evil!');");
@@ -235,4 +240,4 @@ describe('sanitizeUri', function() {
});
});
});