* @ngdoc method * @name $sceDelegate#getTrusted * * @description * Given an object and a security context in which to assign it, returns a value that's safe to * use in this context, which was represented by the parameter. To do so, this function either * unwraps the sa
(type, maybeTrusted)
| 19748 | * exception if this is impossible. |
| 19749 | */ |
| 19750 | function getTrusted(type, maybeTrusted) { |
| 19751 | if (maybeTrusted === null || isUndefined(maybeTrusted) || maybeTrusted === '') { |
| 19752 | return maybeTrusted; |
| 19753 | } |
| 19754 | var constructor = (byType.hasOwnProperty(type) ? byType[type] : null); |
| 19755 | // If maybeTrusted is a trusted class instance or subclass instance, then unwrap and return |
| 19756 | // as-is. |
| 19757 | if (constructor && maybeTrusted instanceof constructor) { |
| 19758 | return maybeTrusted.$$unwrapTrustedValue(); |
| 19759 | } |
| 19760 | |
| 19761 | // If maybeTrusted is a trusted class instance but not of the correct trusted type |
| 19762 | // then unwrap it and allow it to pass through to the rest of the checks |
| 19763 | if (isFunction(maybeTrusted.$$unwrapTrustedValue)) { |
| 19764 | maybeTrusted = maybeTrusted.$$unwrapTrustedValue(); |
| 19765 | } |
| 19766 | |
| 19767 | // If we get here, then we will either sanitize the value or throw an exception. |
| 19768 | if (type === SCE_CONTEXTS.MEDIA_URL || type === SCE_CONTEXTS.URL) { |
| 19769 | // we attempt to sanitize non-resource URLs |
| 19770 | return $$sanitizeUri(maybeTrusted, type === SCE_CONTEXTS.MEDIA_URL); |
| 19771 | } else if (type === SCE_CONTEXTS.RESOURCE_URL) { |
| 19772 | if (isResourceUrlAllowedByPolicy(maybeTrusted)) { |
| 19773 | return maybeTrusted; |
| 19774 | } else { |
| 19775 | throw $sceMinErr('insecurl', |
| 19776 | 'Blocked loading resource from url not allowed by $sceDelegate policy. URL: {0}', |
| 19777 | maybeTrusted.toString()); |
| 19778 | } |
| 19779 | } else if (type === SCE_CONTEXTS.HTML) { |
| 19780 | // htmlSanitizer throws its own error when no sanitizer is available. |
| 19781 | return htmlSanitizer(maybeTrusted); |
| 19782 | } |
| 19783 | // Default error when the $sce service has no way to make the input safe. |
| 19784 | throw $sceMinErr('unsafe', 'Attempting to use an unsafe value in a safe context.'); |
| 19785 | } |
| 19786 | |
| 19787 | return { trustAs: trustAs, |
| 19788 | getTrusted: getTrusted, |
no test coverage detected