diff options
author | Rajat Vig <rajat.vig@gmail.com> | 2015-09-15 13:54:02 -0700 |
---|---|---|
committer | Rajat Vig <rajat.vig@gmail.com> | 2015-09-15 13:54:02 -0700 |
commit | dae416b8c8fafd8f7563169aae5c659440eba728 (patch) | |
tree | 08818d2ec4335f04c360463cde98373370df5ed3 /xstatic/pkg/angular/data/angular-sanitize.js | |
parent | 5a82b2238ec093ce200724061dda30dcba69035d (diff) | |
download | xstatic-angular-dae416b8c8fafd8f7563169aae5c659440eba728.tar.gz |
Update Angular to 1.3.18 from 1.3.7
Change-Id: Ieab642e1b6bac7514ab743fe59ddaa1cec560a2b
Diffstat (limited to 'xstatic/pkg/angular/data/angular-sanitize.js')
-rw-r--r-- | xstatic/pkg/angular/data/angular-sanitize.js | 57 |
1 files changed, 28 insertions, 29 deletions
diff --git a/xstatic/pkg/angular/data/angular-sanitize.js b/xstatic/pkg/angular/data/angular-sanitize.js index 4b0edac..e128391 100644 --- a/xstatic/pkg/angular/data/angular-sanitize.js +++ b/xstatic/pkg/angular/data/angular-sanitize.js @@ -1,10 +1,21 @@ /** - * @license AngularJS v1.3.7 + * @license AngularJS v1.3.18 * (c) 2010-2014 Google, Inc. http://angularjs.org * License: MIT */ (function(window, angular, undefined) {'use strict'; +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * Any commits to this file should be reviewed with security in mind. * + * Changes to this file can potentially create security vulnerabilities. * + * An approval from 2 Core members with history of modifying * + * this file is required. * + * * + * Does the change somehow allow for arbitrary javascript to be executed? * + * Or allows for someone to change the prototype of built-in objects? * + * Or gives undesired access to variables likes document or window? * + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ + var $sanitizeMinErr = angular.$$minErr('$sanitize'); /** @@ -276,14 +287,14 @@ function htmlParser(html, handler) { } } var index, chars, match, stack = [], last = html, text; - stack.last = function() { return stack[ stack.length - 1 ]; }; + stack.last = function() { return stack[stack.length - 1]; }; while (html) { text = ''; chars = true; // Make sure we're not in a script or style element - if (!stack.last() || !specialElements[ stack.last() ]) { + if (!stack.last() || !specialElements[stack.last()]) { // Comment if (html.indexOf("<!--") === 0) { @@ -341,7 +352,8 @@ function htmlParser(html, handler) { } } else { - html = html.replace(new RegExp("(.*)<\\s*\\/\\s*" + stack.last() + "[^>]*>", 'i'), + // IE versions 9 and 10 do not understand the regex '[^]', so using a workaround with [\W\w]. + html = html.replace(new RegExp("([\\W\\w]*)<\\s*\\/\\s*" + stack.last() + "[^>]*>", 'i'), function(all, text) { text = text.replace(COMMENT_REGEXP, "$1").replace(CDATA_REGEXP, "$1"); @@ -365,17 +377,17 @@ function htmlParser(html, handler) { function parseStartTag(tag, tagName, rest, unary) { tagName = angular.lowercase(tagName); - if (blockElements[ tagName ]) { - while (stack.last() && inlineElements[ stack.last() ]) { + if (blockElements[tagName]) { + while (stack.last() && inlineElements[stack.last()]) { parseEndTag("", stack.last()); } } - if (optionalEndTagElements[ tagName ] && stack.last() == tagName) { + if (optionalEndTagElements[tagName] && stack.last() == tagName) { parseEndTag("", tagName); } - unary = voidElements[ tagName ] || !!unary; + unary = voidElements[tagName] || !!unary; if (!unary) stack.push(tagName); @@ -400,13 +412,13 @@ function htmlParser(html, handler) { if (tagName) // Find the closest opened tag of the same type for (pos = stack.length - 1; pos >= 0; pos--) - if (stack[ pos ] == tagName) + if (stack[pos] == tagName) break; if (pos >= 0) { // Close all the open elements, up the stack for (i = stack.length - 1; i >= pos; i--) - if (handler.end) handler.end(stack[ i ]); + if (handler.end) handler.end(stack[i]); // Remove the open elements from the stack stack.length = pos; @@ -415,7 +427,6 @@ function htmlParser(html, handler) { } var hiddenPre=document.createElement("pre"); -var spaceRe = /^(\s*)([\s\S]*?)(\s*)$/; /** * decodes all entities into regular string * @param value @@ -424,22 +435,10 @@ var spaceRe = /^(\s*)([\s\S]*?)(\s*)$/; function decodeEntities(value) { if (!value) { return ''; } - // Note: IE8 does not preserve spaces at the start/end of innerHTML - // so we must capture them and reattach them afterward - var parts = spaceRe.exec(value); - var spaceBefore = parts[1]; - var spaceAfter = parts[3]; - var content = parts[2]; - if (content) { - hiddenPre.innerHTML=content.replace(/</g,"<"); - // innerText depends on styling as it doesn't display hidden elements. - // Therefore, it's better to use textContent not to cause unnecessary - // reflows. However, IE<9 don't support textContent so the innerText - // fallback is necessary. - content = 'textContent' in hiddenPre ? - hiddenPre.textContent : hiddenPre.innerText; - } - return spaceBefore + content + spaceAfter; + hiddenPre.innerHTML = value.replace(/</g,"<"); + // innerText depends on styling as it doesn't display hidden elements. + // Therefore, it's better to use textContent not to cause unnecessary reflows. + return hiddenPre.textContent; } /** @@ -628,8 +627,8 @@ angular.module('ngSanitize', []).provider('$sanitize', $SanitizeProvider); */ angular.module('ngSanitize').filter('linky', ['$sanitize', function($sanitize) { var LINKY_URL_REGEXP = - /((ftp|https?):\/\/|(www\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"”’]/, - MAILTO_REGEXP = /^mailto:/; + /((ftp|https?):\/\/|(www\.)|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"”’]/i, + MAILTO_REGEXP = /^mailto:/i; return function(text, target) { if (!text) return text; |