/**
- * @license AngularJS v1.2.16
+ * @license AngularJS v1.2.32
* (c) 2010-2014 Google, Inc. http://angularjs.org
* License: MIT
*/
/**
* @ngdoc service
* @name $sanitize
- * @function
+ * @kind function
*
* @description
* The input is sanitized by parsing the html into tokens. All safe tokens (from a whitelist) are
* @returns {string} Sanitized html.
*
* @example
- <example module="ngSanitize" deps="angular-sanitize.js">
+ <example module="sanitizeExample" deps="angular-sanitize.js">
<file name="index.html">
<script>
- function Ctrl($scope, $sce) {
- $scope.snippet =
- '<p style="color:blue">an html\n' +
- '<em onmouseover="this.textContent=\'PWN3D!\'">click here</em>\n' +
- 'snippet</p>';
- $scope.deliberatelyTrustDangerousSnippet = function() {
- return $sce.trustAsHtml($scope.snippet);
- };
- }
+ angular.module('sanitizeExample', ['ngSanitize'])
+ .controller('ExampleController', ['$scope', '$sce', function($scope, $sce) {
+ $scope.snippet =
+ '<p style="color:blue">an html\n' +
+ '<em onmouseover="this.textContent=\'PWN3D!\'">click here</em>\n' +
+ 'snippet</p>';
+ $scope.deliberatelyTrustDangerousSnippet = function() {
+ return $sce.trustAsHtml($scope.snippet);
+ };
+ }]);
</script>
- <div ng-controller="Ctrl">
+ <div ng-controller="ExampleController">
Snippet: <textarea ng-model="snippet" cols="60" rows="3"></textarea>
<table>
<tr>
// Regular Expressions for parsing tags and attributes
var START_TAG_REGEXP =
- /^<\s*([\w:-]+)((?:\s+[\w:-]+(?:\s*=\s*(?:(?:"[^"]*")|(?:'[^']*')|[^>\s]+))?)*)\s*(\/?)\s*>/,
- END_TAG_REGEXP = /^<\s*\/\s*([\w:-]+)[^>]*>/,
+ /^<((?:[a-zA-Z])[\w:-]*)((?:\s+[\w:-]+(?:\s*=\s*(?:(?:"[^"]*")|(?:'[^']*')|[^>\s]+))?)*)\s*(\/?)\s*(>?)/,
+ END_TAG_REGEXP = /^<\/\s*([\w:-]+)[^>]*>/,
ATTR_REGEXP = /([\w:-]+)(?:\s*=\s*(?:(?:"((?:[^"])*)")|(?:'((?:[^'])*)')|([^>\s]+)))?/g,
BEGIN_TAG_REGEXP = /^</,
- BEGING_END_TAGE_REGEXP = /^<\s*\//,
+ BEGING_END_TAGE_REGEXP = /^<\//,
COMMENT_REGEXP = /<!--(.*?)-->/g,
DOCTYPE_REGEXP = /<!DOCTYPE([^>]*?)>/i,
CDATA_REGEXP = /<!\[CDATA\[(.*?)]]>/g,
+ SURROGATE_PAIR_REGEXP = /[\uD800-\uDBFF][\uDC00-\uDFFF]/g,
// Match everything outside of normal chars and " (quote character)
NON_ALPHANUMERIC_REGEXP = /([^\#-~| |!])/g;
optionalEndTagElements);
//Attributes that have href and hence need to be sanitized
-var uriAttrs = makeMap("background,cite,href,longdesc,src,usemap");
+var uriAttrs = makeMap("background,cite,href,longdesc,src");
var validAttrs = angular.extend({}, uriAttrs, makeMap(
'abbr,align,alt,axis,bgcolor,border,cellpadding,cellspacing,class,clear,'+
'color,cols,colspan,compact,coords,dir,face,headers,height,hreflang,hspace,'+
* @param {object} handler
*/
function htmlParser( html, handler ) {
- var index, chars, match, stack = [], last = html;
+ if (typeof html !== 'string') {
+ if (html === null || typeof html === 'undefined') {
+ html = '';
+ } else {
+ html = '' + html;
+ }
+ }
+ var index, chars, match, stack = [], last = html, text;
stack.last = function() { return stack[ stack.length - 1 ]; };
while ( html ) {
+ text = '';
chars = true;
// Make sure we're not in a script or style element
match = html.match( START_TAG_REGEXP );
if ( match ) {
- html = html.substring( match[0].length );
- match[0].replace( START_TAG_REGEXP, parseStartTag );
+ // We only have a valid start-tag if there is a '>'.
+ if ( match[4] ) {
+ html = html.substring( match[0].length );
+ match[0].replace( START_TAG_REGEXP, parseStartTag );
+ }
chars = false;
+ } else {
+ // no ending tag found --- this piece should be encoded as an entity.
+ text += '<';
+ html = html.substring(1);
}
}
if ( chars ) {
index = html.indexOf("<");
- var text = index < 0 ? html : html.substring( 0, index );
+ text += index < 0 ? html : html.substring( 0, index );
html = index < 0 ? "" : html.substring( index );
if (handler.chars) handler.chars( decodeEntities(text) );
function encodeEntities(value) {
return value.
replace(/&/g, '&').
+ replace(SURROGATE_PAIR_REGEXP, function (value) {
+ var hi = value.charCodeAt(0);
+ var low = value.charCodeAt(1);
+ return '&#' + (((hi - 0xD800) * 0x400) + (low - 0xDC00) + 0x10000) + ';';
+ }).
replace(NON_ALPHANUMERIC_REGEXP, function(value){
return '&#' + value.charCodeAt(0) + ';';
}).
/**
* @ngdoc filter
* @name linky
- * @function
+ * @kind function
*
* @description
* Finds links in text input and turns them into html links. Supports http/https/ftp/mailto and
<span ng-bind-html="linky_expression | linky"></span>
*
* @example
- <example module="ngSanitize" deps="angular-sanitize.js">
+ <example module="linkyExample" deps="angular-sanitize.js">
<file name="index.html">
<script>
- function Ctrl($scope) {
- $scope.snippet =
- 'Pretty text with some links:\n'+
- 'http://angularjs.org/,\n'+
- 'mailto:us@somewhere.org,\n'+
- 'another@somewhere.org,\n'+
- 'and one more: ftp://127.0.0.1/.';
- $scope.snippetWithTarget = 'http://angularjs.org/';
- }
+ angular.module('linkyExample', ['ngSanitize'])
+ .controller('ExampleController', ['$scope', function($scope) {
+ $scope.snippet =
+ 'Pretty text with some links:\n'+
+ 'http://angularjs.org/,\n'+
+ 'mailto:us@somewhere.org,\n'+
+ 'another@somewhere.org,\n'+
+ 'and one more: ftp://127.0.0.1/.';
+ $scope.snippetWithTarget = 'http://angularjs.org/';
+ }]);
</script>
- <div ng-controller="Ctrl">
+ <div ng-controller="ExampleController">
Snippet: <textarea ng-model="snippet" cols="60" rows="3"></textarea>
<table>
<tr>
*/
angular.module('ngSanitize').filter('linky', ['$sanitize', function($sanitize) {
var LINKY_URL_REGEXP =
- /((ftp|https?):\/\/|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>]/,
+ /((ftp|https?):\/\/|(mailto:)?[A-Za-z0-9._%+-]+@)\S*[^\s.;,(){}<>"]/,
MAILTO_REGEXP = /^mailto:/;
return function(text, target) {
html.push(target);
html.push('" ');
}
- html.push('href="');
- html.push(url);
- html.push('">');
+ html.push('href="',
+ url.replace('"', '"'),
+ '">');
addText(text);
html.push('</a>');
}
}]);
-})(window, window.angular);
\ No newline at end of file
+})(window, window.angular);
Code Review / clamp.git / blobdiff