* @ngdoc service * @name $interpolate * @kind function * * @requires $parse * @requires $sce * * @description * * Compiles a string with markup into an interpolation function. This service is used by the * HTML ng.$compile $compile service fo
(text, mustHaveExpression, trustedContext, allOrNothing)
| 10790 | * - `context`: evaluation context for all expressions embedded in the interpolated text |
| 10791 | */ |
| 10792 | function $interpolate(text, mustHaveExpression, trustedContext, allOrNothing) { |
| 10793 | allOrNothing = !!allOrNothing; |
| 10794 | var startIndex, |
| 10795 | endIndex, |
| 10796 | index = 0, |
| 10797 | expressions = [], |
| 10798 | parseFns = [], |
| 10799 | textLength = text.length, |
| 10800 | exp, |
| 10801 | concat = [], |
| 10802 | expressionPositions = []; |
| 10803 | |
| 10804 | while (index < textLength) { |
| 10805 | if (((startIndex = text.indexOf(startSymbol, index)) != -1) && |
| 10806 | ((endIndex = text.indexOf(endSymbol, startIndex + startSymbolLength)) != -1)) { |
| 10807 | if (index !== startIndex) { |
| 10808 | concat.push(unescapeText(text.substring(index, startIndex))); |
| 10809 | } |
| 10810 | exp = text.substring(startIndex + startSymbolLength, endIndex); |
| 10811 | expressions.push(exp); |
| 10812 | parseFns.push($parse(exp, parseStringifyInterceptor)); |
| 10813 | index = endIndex + endSymbolLength; |
| 10814 | expressionPositions.push(concat.length); |
| 10815 | concat.push(''); |
| 10816 | } else { |
| 10817 | // we did not find an interpolation, so we have to add the remainder to the separators array |
| 10818 | if (index !== textLength) { |
| 10819 | concat.push(unescapeText(text.substring(index))); |
| 10820 | } |
| 10821 | break; |
| 10822 | } |
| 10823 | } |
| 10824 | |
| 10825 | // Concatenating expressions makes it hard to reason about whether some combination of |
| 10826 | // concatenated values are unsafe to use and could easily lead to XSS. By requiring that a |
| 10827 | // single expression be used for iframe[src], object[src], etc., we ensure that the value |
| 10828 | // that's used is assigned or constructed by some JS code somewhere that is more testable or |
| 10829 | // make it obvious that you bound the value to some user controlled value. This helps reduce |
| 10830 | // the load when auditing for XSS issues. |
| 10831 | if (trustedContext && concat.length > 1) { |
| 10832 | $interpolateMinErr.throwNoconcat(text); |
| 10833 | } |
| 10834 | |
| 10835 | if (!mustHaveExpression || expressions.length) { |
| 10836 | var compute = function(values) { |
| 10837 | for (var i = 0, ii = expressions.length; i < ii; i++) { |
| 10838 | if (allOrNothing && isUndefined(values[i])) return; |
| 10839 | concat[expressionPositions[i]] = values[i]; |
| 10840 | } |
| 10841 | return concat.join(''); |
| 10842 | }; |
| 10843 | |
| 10844 | var getValue = function(value) { |
| 10845 | return trustedContext ? |
| 10846 | $sce.getTrusted(trustedContext, value) : |
| 10847 | $sce.valueOf(value); |
| 10848 | }; |
| 10849 |
no test coverage detected