Skip to content
This repository has been archived by the owner on Apr 12, 2024. It is now read-only.

Commit

Permalink
fix($sanitize): sanitize javascript urls with comments
Browse files Browse the repository at this point in the history 
Closes #8274
  • Loading branch information
@btford
btford committed Aug 19, 2014
1 parent 6fdaa3d commit b7e82a3
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/ng/sanitizeUri.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
*/
function $$SanitizeUriProvider() {
var aHrefSanitizationWhitelist = /^\s*(https?|ftp|mailto|tel|file):/,
imgSrcSanitizationWhitelist = /^\s*(https?|ftp|file|blob):|data:image\//;
imgSrcSanitizationWhitelist = /^\s*((https?|ftp|file|blob):|data:image\/)/;

/**
* @description
Expand Down
5 changes: 5 additions & 0 deletions test/ng/sanitizeUriSpec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ describe('sanitizeUri', function() {
expect(sanitizeImg(testUrl)).toBe('unsafe:javascript:doEvilStuff()');
});

it('should sanitize javascript: urls with comments', function() {
testUrl = "javascript:alert(1)//data:image/";
expect(sanitizeImg(testUrl)).toBe('unsafe:javascript:alert(1)//data:image/');
});

it('should sanitize non-image data: urls', function() {
testUrl = "data:application/javascript;charset=US-ASCII,alert('evil!');";
expect(sanitizeImg(testUrl)).toBe("unsafe:data:application/javascript;charset=US-ASCII,alert('evil!');");
Expand Down

0 comments on commit b7e82a3

Please sign in to comment.