cargdev/angular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): trust resource URLs as URLs. (#10220)

Browse Source 
Resource URLs are strictly "more" trustworthy than plain URLs, so trusting them maintains the same level of security while avoiding to break people when we downgrade a resource URL context to a plain URL context.
This commit is contained in:
Martin Probst
2016-07-21 17:44:59 -07:00
committed by Victor Berchet
parent 00aa7a76b6
commit 51f3d22e4f
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
modules/@angular/platform-browser/test/security/dom_sanitization_service_spec.ts Normal file
View File

@ -0,0 +1,22 @@
/**
* @license
* Copyright Google Inc. All Rights Reserved.
*
* Use of this source code is governed by an MIT-style license that can be
* found in the LICENSE file at https://angular.io/license
*/
import {SecurityContext} from '@angular/core';
import * as t from '@angular/core/testing/testing_internal';
import {DomSanitizationServiceImpl} from '../../src/security/dom_sanitization_service';
export function main() {
t.describe('DOM Sanitization Service', () => {
t.it('accepts resource URL values for resource contexts', () => {
const svc = new DomSanitizationServiceImpl();
const resourceUrl = svc.bypassSecurityTrustResourceUrl('http://hello/world');
t.expect(svc.sanitize(SecurityContext.URL, resourceUrl)).toBe('http://hello/world');
});
});
}