Skip to content
This repository has been archived by the owner on Apr 12, 2024. It is now read-only.

Commit

Permalink
feat($sanitize, $compileProvider, linky): add support for the "sftp" …
Browse files Browse the repository at this point in the history
…protocol in links

Add support for the sftp protocol in the linky filter and the "aHrefSanitizationWhitelist" that is used by $sanitize and can be configured in the $compileProvider.

Closes #16102
  • Loading branch information
XFree authored and Narretz committed Oct 11, 2017
1 parent 8fb8d52 commit a675ea0
Show file tree
Hide file tree
Showing 6 changed files with 13 additions and 5 deletions.
2 changes: 1 addition & 1 deletion src/ng/sanitizeUri.js
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
* Private service to sanitize uris for links and images. Used by $compile and $sanitize.
*/
function $$SanitizeUriProvider() {
var aHrefSanitizationWhitelist = /^\s*(https?|ftp|mailto|tel|file):/,
var aHrefSanitizationWhitelist = /^\s*(https?|s?ftp|mailto|tel|file):/,
imgSrcSanitizationWhitelist = /^\s*((https?|ftp|file|blob):|data:image\/)/;

/**
Expand Down
4 changes: 2 additions & 2 deletions src/ngSanitize/filter/linky.js
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
* @kind function
*
* @description
* Finds links in text input and turns them into html links. Supports `http/https/ftp/mailto` and
* Finds links in text input and turns them into html links. Supports `http/https/ftp/sftp/mailto` and
* plain email address links.
*
* Requires the {@link ngSanitize `ngSanitize`} module to be installed.
Expand Down Expand Up @@ -129,7 +129,7 @@
*/
angular.module('ngSanitize').filter('linky', ['$sanitize', function($sanitize) {
var LINKY_URL_REGEXP =
/((ftp|https?):\/\/|(www\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"\u201d\u2019]/i,
/((s?ftp|https?):\/\/|(www\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"\u201d\u2019]/i,
MAILTO_REGEXP = /^mailto:/i;

var linkyMinErr = angular.$$minErr('linky');
Expand Down
2 changes: 1 addition & 1 deletion test/ng/compileSpec.js
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ describe('$compile', function() {

it('should allow aHrefSanitizationWhitelist to be configured', function() {
module(function($compileProvider) {
expect($compileProvider.aHrefSanitizationWhitelist()).toEqual(/^\s*(https?|ftp|mailto|tel|file):/); // the default
expect($compileProvider.aHrefSanitizationWhitelist()).toEqual(/^\s*(https?|s?ftp|mailto|tel|file):/); // the default
$compileProvider.aHrefSanitizationWhitelist(/other/);
expect($compileProvider.aHrefSanitizationWhitelist()).toEqual(/other/);
});
Expand Down
3 changes: 3 additions & 0 deletions test/ng/sanitizeUriSpec.js
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,9 @@ describe('sanitizeUri', function() {
testUrl = 'ftp://foo/bar';
expect(sanitizeHref(testUrl)).toBe('ftp://foo/bar');

testUrl = 'sftp://foo/bar';
expect(sanitizeHref(testUrl)).toBe('sftp://foo/bar');

testUrl = 'mailto:[email protected]';
expect(sanitizeHref(testUrl)).toBe('mailto:[email protected]');

Expand Down
4 changes: 4 additions & 0 deletions test/ngSanitize/filter/linkySpec.js
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,10 @@ describe('linky', function() {
expect(linky('HTTP://example.com')).toEqual('<a href="HTTP://example.com">HTTP://example.com</a>');
expect(linky('HTTPS://www.example.com')).toEqual('<a href="HTTPS://www.example.com">HTTPS://www.example.com</a>');
expect(linky('HTTPS://example.com')).toEqual('<a href="HTTPS://example.com">HTTPS://example.com</a>');
expect(linky('FTP://www.example.com')).toEqual('<a href="FTP://www.example.com">FTP://www.example.com</a>');
expect(linky('FTP://example.com')).toEqual('<a href="FTP://example.com">FTP://example.com</a>');
expect(linky('SFTP://www.example.com')).toEqual('<a href="SFTP://www.example.com">SFTP://www.example.com</a>');
expect(linky('SFTP://example.com')).toEqual('<a href="SFTP://example.com">SFTP://example.com</a>');
});

it('should handle www.', function() {
Expand Down
3 changes: 2 additions & 1 deletion test/ngSanitize/sanitizeSpec.js
Original file line number Diff line number Diff line change
Expand Up @@ -270,7 +270,8 @@ describe('HTML', function() {

// See https://github.com/cure53/DOMPurify/blob/a992d3a75031cb8bb032e5ea8399ba972bdf9a65/src/purify.js#L439-L449
it('should not allow JavaScript execution when creating inert document', inject(function($sanitize) {
var doc = $sanitize('<svg><g onload="window.xxx = 100"></g></svg>');
$sanitize('<svg><g onload="window.xxx = 100"></g></svg>');

expect(window.xxx).toBe(undefined);
delete window.xxx;
}));
Expand Down

0 comments on commit a675ea0

Please sign in to comment.