(node, attrNormalizedName)
| 10509 | |
| 10510 | |
| 10511 | function getTrustedContext(node, attrNormalizedName) { |
| 10512 | if (attrNormalizedName === 'srcdoc') { |
| 10513 | return $sce.HTML; |
| 10514 | } |
| 10515 | var tag = nodeName_(node); |
| 10516 | // All tags with src attributes require a RESOURCE_URL value, except for |
| 10517 | // img and various html5 media tags, which require the MEDIA_URL context. |
| 10518 | if (attrNormalizedName === 'src' || attrNormalizedName === 'ngSrc') { |
| 10519 | if (['img', 'video', 'audio', 'source', 'track'].indexOf(tag) === -1) { |
| 10520 | return $sce.RESOURCE_URL; |
| 10521 | } |
| 10522 | return $sce.MEDIA_URL; |
| 10523 | } else if (attrNormalizedName === 'xlinkHref') { |
| 10524 | // Some xlink:href are okay, most aren't |
| 10525 | if (tag === 'image') return $sce.MEDIA_URL; |
| 10526 | if (tag === 'a') return $sce.URL; |
| 10527 | return $sce.RESOURCE_URL; |
| 10528 | } else if ( |
| 10529 | // Formaction |
| 10530 | (tag === 'form' && attrNormalizedName === 'action') || |
| 10531 | // If relative URLs can go where they are not expected to, then |
| 10532 | // all sorts of trust issues can arise. |
| 10533 | (tag === 'base' && attrNormalizedName === 'href') || |
| 10534 | // links can be stylesheets or imports, which can run script in the current origin |
| 10535 | (tag === 'link' && attrNormalizedName === 'href') |
| 10536 | ) { |
| 10537 | return $sce.RESOURCE_URL; |
| 10538 | } else if (tag === 'a' && (attrNormalizedName === 'href' || |
| 10539 | attrNormalizedName === 'ngHref')) { |
| 10540 | return $sce.URL; |
| 10541 | } |
| 10542 | } |
| 10543 | |
| 10544 | |
| 10545 | function addAttrInterpolateDirective(node, directives, value, name, isNgAttr) { |
no test coverage detected