fix(ngHref): allow numbers and other objects in interpolation
Interpolated content in ngHref must be stringified before being passed to $$sanitizeUri by $sce. Before 1.7.x, the sanitization had happened on the already interpolated value inside $compile. Closes #16652 Fixes #16626
This commit is contained in:
+1
-1
@@ -440,7 +440,7 @@ function $SceDelegateProvider() {
|
||||
// If we get here, then we will either sanitize the value or throw an exception.
|
||||
if (type === SCE_CONTEXTS.MEDIA_URL || type === SCE_CONTEXTS.URL) {
|
||||
// we attempt to sanitize non-resource URLs
|
||||
return $$sanitizeUri(maybeTrusted, type === SCE_CONTEXTS.MEDIA_URL);
|
||||
return $$sanitizeUri(maybeTrusted.toString(), type === SCE_CONTEXTS.MEDIA_URL);
|
||||
} else if (type === SCE_CONTEXTS.RESOURCE_URL) {
|
||||
if (isResourceUrlAllowedByPolicy(maybeTrusted)) {
|
||||
return maybeTrusted;
|
||||
|
||||
@@ -79,6 +79,42 @@ describe('ngHref', function() {
|
||||
}));
|
||||
}
|
||||
|
||||
|
||||
it('should bind numbers', inject(function($rootScope, $compile) {
|
||||
element = $compile('<a ng-href="{{1234}}"></a>')($rootScope);
|
||||
$rootScope.$digest();
|
||||
expect(element.attr('href')).toEqual('1234');
|
||||
}));
|
||||
|
||||
|
||||
it('should bind and sanitize the result of a (custom) toString() function', inject(function($rootScope, $compile) {
|
||||
$rootScope.value = {};
|
||||
element = $compile('<a ng-href="{{value}}"></a>')($rootScope);
|
||||
$rootScope.$digest();
|
||||
expect(element.attr('href')).toEqual('[object Object]');
|
||||
|
||||
function SafeClass() {}
|
||||
|
||||
SafeClass.prototype.toString = function() {
|
||||
return 'custom value';
|
||||
};
|
||||
|
||||
$rootScope.value = new SafeClass();
|
||||
$rootScope.$digest();
|
||||
expect(element.attr('href')).toEqual('custom value');
|
||||
|
||||
function UnsafeClass() {}
|
||||
|
||||
UnsafeClass.prototype.toString = function() {
|
||||
return 'javascript:alert(1);';
|
||||
};
|
||||
|
||||
$rootScope.value = new UnsafeClass();
|
||||
$rootScope.$digest();
|
||||
expect(element.attr('href')).toEqual('unsafe:javascript:alert(1);');
|
||||
}));
|
||||
|
||||
|
||||
if (isDefined(window.SVGElement)) {
|
||||
describe('SVGAElement', function() {
|
||||
it('should interpolate the expression and bind to xlink:href', inject(function($compile, $rootScope) {
|
||||
|
||||
Reference in New Issue
Block a user