cargdev/angular
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity

style(lint): re-format modules/@angular

Browse Source
This commit is contained in:
Alex Eagle
2016-06-08 16:38:52 -07:00
parent bbed364e7b
commit f39c9c9e75
589 changed files with 21829 additions and 24259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
modules/@angular/platform-browser/src/security/dom_sanitization_service.ts
View File

@ -1,13 +1,14 @@
import {Injectable} from '@angular/core';
import {SecurityContext, SanitizationService} from '../../core_private';
import {SanitizationService, SecurityContext} from '../../core_private';
import {sanitizeHtml} from './html_sanitizer';
import {sanitizeUrl} from './url_sanitizer';
import {sanitizeStyle} from './style_sanitizer';
import {sanitizeUrl} from './url_sanitizer';
export {SecurityContext};
/** Marker interface for a value that's safe to use in a particular context. */
export interface SafeValue {}
/** Marker interface for a value that's safe to use as HTML. */

42
modules/@angular/platform-browser/src/security/html_sanitizer.ts
View File

@ -1,8 +1,9 @@
import {getDOM, DomAdapter} from '../dom/dom_adapter';
import {DomAdapter, getDOM} from '../dom/dom_adapter';
import {assertionsEnabled} from '../facade/lang';
import {sanitizeUrl} from './url_sanitizer';
/** A <body> element that can be safely used to parse untrusted HTML. Lazily initialized below. */
let inertElement: HTMLElement = null;
/** Lazily initialized to make sure the DOM adapter gets set before use. */
@ -36,7 +37,7 @@ function tagSet(tags: string): {[k: string]: boolean} {
return res;
}
function merge(...sets: { [k: string]: boolean }[]): {[k: string]: boolean} {
function merge(...sets: {[k: string]: boolean}[]): {[k: string]: boolean} {
let res: {[k: string]: boolean} = {};
for (let s of sets) {
for (let v in s) {
@ -72,9 +73,10 @@ const BLOCK_ELEMENTS = merge(
// Inline Elements - HTML5
const INLINE_ELEMENTS = merge(
OPTIONAL_END_TAG_INLINE_ELEMENTS,
tagSet('a,abbr,acronym,b,' +
'bdi,bdo,big,br,cite,code,del,dfn,em,font,i,img,ins,kbd,label,map,mark,q,ruby,rp,rt,s,' +
'samp,small,span,strike,strong,sub,sup,time,tt,u,var'));
tagSet(
'a,abbr,acronym,b,' +
'bdi,bdo,big,br,cite,code,del,dfn,em,font,i,img,ins,kbd,label,map,mark,q,ruby,rp,rt,s,' +
'samp,small,span,strike,strong,sub,sup,time,tt,u,var'));
const VALID_ELEMENTS =
merge(VOID_ELEMENTS, BLOCK_ELEMENTS, INLINE_ELEMENTS, OPTIONAL_END_TAG_ELEMENTS);
@ -82,12 +84,12 @@ const VALID_ELEMENTS =
// Attributes that have href and hence need to be sanitized
const URI_ATTRS = tagSet('background,cite,href,longdesc,src,xlink:href');
const HTML_ATTRS =
tagSet('abbr,align,alt,axis,bgcolor,border,cellpadding,cellspacing,class,clear,' +
'color,cols,colspan,compact,coords,dir,face,headers,height,hreflang,hspace,' +
'ismap,lang,language,nohref,nowrap,rel,rev,rows,rowspan,rules,' +
'scope,scrolling,shape,size,span,start,summary,tabindex,target,title,type,' +
'valign,value,vspace,width');
const HTML_ATTRS = tagSet(
'abbr,align,alt,axis,bgcolor,border,cellpadding,cellspacing,class,clear,' +
'color,cols,colspan,compact,coords,dir,face,headers,height,hreflang,hspace,' +
'ismap,lang,language,nohref,nowrap,rel,rev,rows,rowspan,rules,' +
'scope,scrolling,shape,size,span,start,summary,tabindex,target,title,type,' +
'valign,value,vspace,width');
// NB: This currently conciously doesn't support SVG. SVG sanitization has had several security
// issues in the past, so it seems safer to leave it out if possible. If support for binding SVG via
@ -183,14 +185,16 @@ const NON_ALPHANUMERIC_REGEXP = /([^\#-~ |!])/g;
*/
function encodeEntities(value: any /** TODO #9100 */) {
return value.replace(/&/g, '&amp;')
.replace(SURROGATE_PAIR_REGEXP,
function(match: any /** TODO #9100 */) {
let hi = match.charCodeAt(0);
let low = match.charCodeAt(1);
return '&#' + (((hi - 0xD800) * 0x400) + (low - 0xDC00) + 0x10000) + ';';
})
.replace(NON_ALPHANUMERIC_REGEXP,
function(match: any /** TODO #9100 */) { return '&#' + match.charCodeAt(0) + ';'; })
.replace(
SURROGATE_PAIR_REGEXP,
function(match: any /** TODO #9100 */) {
let hi = match.charCodeAt(0);
let low = match.charCodeAt(1);
return '&#' + (((hi - 0xD800) * 0x400) + (low - 0xDC00) + 0x10000) + ';';
})
.replace(
NON_ALPHANUMERIC_REGEXP,
function(match: any /** TODO #9100 */) { return '&#' + match.charCodeAt(0) + ';'; })
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;');
}

3
modules/@angular/platform-browser/src/security/url_sanitizer.ts
View File

@ -30,7 +30,8 @@ import {assertionsEnabled} from '../facade/lang';
const SAFE_URL_PATTERN = /^(?:(?:https?|mailto|ftp|tel|file):|[^&:/?#]*(?:[/?#]|$))/gi;
/** A pattern that matches safe data URLs. Only matches image and video types. */
const DATA_URL_PATTERN = /^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm));base64,[a-z0-9+\/]+=*$/i;
const DATA_URL_PATTERN =
/^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm));base64,[a-z0-9+\/]+=*$/i;
export function sanitizeUrl(url: string): string {
url = String(url);