feat($sanitize, $compileProvider, linky): add support for the "sftp" protocol in links
Add support for the sftp protocol in the linky filter and the "aHrefSanitizationWhitelist" that is used by $sanitize and can be configured in the $compileProvider. Closes #16102
This commit is contained in:
@@ -6,7 +6,7 @@
|
||||
* Private service to sanitize uris for links and images. Used by $compile and $sanitize.
|
||||
*/
|
||||
function $$SanitizeUriProvider() {
|
||||
var aHrefSanitizationWhitelist = /^\s*(https?|ftp|mailto|tel|file):/,
|
||||
var aHrefSanitizationWhitelist = /^\s*(https?|s?ftp|mailto|tel|file):/,
|
||||
imgSrcSanitizationWhitelist = /^\s*((https?|ftp|file|blob):|data:image\/)/;
|
||||
|
||||
/**
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
* @kind function
|
||||
*
|
||||
* @description
|
||||
* Finds links in text input and turns them into html links. Supports `http/https/ftp/mailto` and
|
||||
* Finds links in text input and turns them into html links. Supports `http/https/ftp/sftp/mailto` and
|
||||
* plain email address links.
|
||||
*
|
||||
* Requires the {@link ngSanitize `ngSanitize`} module to be installed.
|
||||
@@ -129,7 +129,7 @@
|
||||
*/
|
||||
angular.module('ngSanitize').filter('linky', ['$sanitize', function($sanitize) {
|
||||
var LINKY_URL_REGEXP =
|
||||
/((ftp|https?):\/\/|(www\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"\u201d\u2019]/i,
|
||||
/((s?ftp|https?):\/\/|(www\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"\u201d\u2019]/i,
|
||||
MAILTO_REGEXP = /^mailto:/i;
|
||||
|
||||
var linkyMinErr = angular.$$minErr('linky');
|
||||
|
||||
@@ -153,7 +153,7 @@ describe('$compile', function() {
|
||||
|
||||
it('should allow aHrefSanitizationWhitelist to be configured', function() {
|
||||
module(function($compileProvider) {
|
||||
expect($compileProvider.aHrefSanitizationWhitelist()).toEqual(/^\s*(https?|ftp|mailto|tel|file):/); // the default
|
||||
expect($compileProvider.aHrefSanitizationWhitelist()).toEqual(/^\s*(https?|s?ftp|mailto|tel|file):/); // the default
|
||||
$compileProvider.aHrefSanitizationWhitelist(/other/);
|
||||
expect($compileProvider.aHrefSanitizationWhitelist()).toEqual(/other/);
|
||||
});
|
||||
|
||||
@@ -216,6 +216,9 @@ describe('sanitizeUri', function() {
|
||||
testUrl = 'ftp://foo/bar';
|
||||
expect(sanitizeHref(testUrl)).toBe('ftp://foo/bar');
|
||||
|
||||
testUrl = 'sftp://foo/bar';
|
||||
expect(sanitizeHref(testUrl)).toBe('sftp://foo/bar');
|
||||
|
||||
testUrl = 'mailto:foo@bar.com';
|
||||
expect(sanitizeHref(testUrl)).toBe('mailto:foo@bar.com');
|
||||
|
||||
|
||||
@@ -58,6 +58,10 @@ describe('linky', function() {
|
||||
expect(linky('HTTP://example.com')).toEqual('<a href="HTTP://example.com">HTTP://example.com</a>');
|
||||
expect(linky('HTTPS://www.example.com')).toEqual('<a href="HTTPS://www.example.com">HTTPS://www.example.com</a>');
|
||||
expect(linky('HTTPS://example.com')).toEqual('<a href="HTTPS://example.com">HTTPS://example.com</a>');
|
||||
expect(linky('FTP://www.example.com')).toEqual('<a href="FTP://www.example.com">FTP://www.example.com</a>');
|
||||
expect(linky('FTP://example.com')).toEqual('<a href="FTP://example.com">FTP://example.com</a>');
|
||||
expect(linky('SFTP://www.example.com')).toEqual('<a href="SFTP://www.example.com">SFTP://www.example.com</a>');
|
||||
expect(linky('SFTP://example.com')).toEqual('<a href="SFTP://example.com">SFTP://example.com</a>');
|
||||
});
|
||||
|
||||
it('should handle www.', function() {
|
||||
|
||||
@@ -270,7 +270,8 @@ describe('HTML', function() {
|
||||
|
||||
// See https://github.com/cure53/DOMPurify/blob/a992d3a75031cb8bb032e5ea8399ba972bdf9a65/src/purify.js#L439-L449
|
||||
it('should not allow JavaScript execution when creating inert document', inject(function($sanitize) {
|
||||
var doc = $sanitize('<svg><g onload="window.xxx = 100"></g></svg>');
|
||||
$sanitize('<svg><g onload="window.xxx = 100"></g></svg>');
|
||||
|
||||
expect(window.xxx).toBe(undefined);
|
||||
delete window.xxx;
|
||||
}));
|
||||
|
||||
Reference in New Issue
Block a user