fix(ngHref): allow numbers and other objects in interpolation

Interpolated content in ngHref must be stringified before being passed to $$sanitizeUri by $sce. Before 1.7.x, the sanitization had happened on the already interpolated value inside $compile.

Closes #16652
Fixes #16626
This commit is contained in:
Martin Staffa
2018-08-20 20:04:28 +02:00
committed by GitHub
parent ad7ea95386
commit 837e519acc
2 changed files with 37 additions and 1 deletions
+1 -1
View File
@@ -440,7 +440,7 @@ function $SceDelegateProvider() {
// If we get here, then we will either sanitize the value or throw an exception.
if (type === SCE_CONTEXTS.MEDIA_URL || type === SCE_CONTEXTS.URL) {
// we attempt to sanitize non-resource URLs
return $$sanitizeUri(maybeTrusted, type === SCE_CONTEXTS.MEDIA_URL);
return $$sanitizeUri(maybeTrusted.toString(), type === SCE_CONTEXTS.MEDIA_URL);
} else if (type === SCE_CONTEXTS.RESOURCE_URL) {
if (isResourceUrlAllowedByPolicy(maybeTrusted)) {
return maybeTrusted;
+36
View File
@@ -79,6 +79,42 @@ describe('ngHref', function() {
}));
}
it('should bind numbers', inject(function($rootScope, $compile) {
element = $compile('<a ng-href="{{1234}}"></a>')($rootScope);
$rootScope.$digest();
expect(element.attr('href')).toEqual('1234');
}));
it('should bind and sanitize the result of a (custom) toString() function', inject(function($rootScope, $compile) {
$rootScope.value = {};
element = $compile('<a ng-href="{{value}}"></a>')($rootScope);
$rootScope.$digest();
expect(element.attr('href')).toEqual('[object Object]');
function SafeClass() {}
SafeClass.prototype.toString = function() {
return 'custom value';
};
$rootScope.value = new SafeClass();
$rootScope.$digest();
expect(element.attr('href')).toEqual('custom value');
function UnsafeClass() {}
UnsafeClass.prototype.toString = function() {
return 'javascript:alert(1);';
};
$rootScope.value = new UnsafeClass();
$rootScope.$digest();
expect(element.attr('href')).toEqual('unsafe:javascript:alert(1);');
}));
if (isDefined(window.SVGElement)) {
describe('SVGAElement', function() {
it('should interpolate the expression and bind to xlink:href', inject(function($compile, $rootScope) {