* @ngdoc service * @name $interpolate * @kind function * * @requires $parse * @requires $sce * * @description * * Compiles a string with markup into an interpolation function. This service is used by the * HTML ng.$compile $compile service fo
(text, mustHaveExpression, trustedContext)
| 8866 | * |
| 8867 | */ |
| 8868 | function $interpolate(text, mustHaveExpression, trustedContext) { |
| 8869 | var startIndex, |
| 8870 | endIndex, |
| 8871 | index = 0, |
| 8872 | parts = [], |
| 8873 | length = text.length, |
| 8874 | hasInterpolation = false, |
| 8875 | fn, |
| 8876 | exp, |
| 8877 | concat = []; |
| 8878 | |
| 8879 | while(index < length) { |
| 8880 | if ( ((startIndex = text.indexOf(startSymbol, index)) != -1) && |
| 8881 | ((endIndex = text.indexOf(endSymbol, startIndex + startSymbolLength)) != -1) ) { |
| 8882 | (index != startIndex) && parts.push(text.substring(index, startIndex)); |
| 8883 | parts.push(fn = $parse(exp = text.substring(startIndex + startSymbolLength, endIndex))); |
| 8884 | fn.exp = exp; |
| 8885 | index = endIndex + endSymbolLength; |
| 8886 | hasInterpolation = true; |
| 8887 | } else { |
| 8888 | // we did not find anything, so we have to add the remainder to the parts array |
| 8889 | (index != length) && parts.push(text.substring(index)); |
| 8890 | index = length; |
| 8891 | } |
| 8892 | } |
| 8893 | |
| 8894 | if (!(length = parts.length)) { |
| 8895 | // we added, nothing, must have been an empty string. |
| 8896 | parts.push(''); |
| 8897 | length = 1; |
| 8898 | } |
| 8899 | |
| 8900 | // Concatenating expressions makes it hard to reason about whether some combination of |
| 8901 | // concatenated values are unsafe to use and could easily lead to XSS. By requiring that a |
| 8902 | // single expression be used for iframe[src], object[src], etc., we ensure that the value |
| 8903 | // that's used is assigned or constructed by some JS code somewhere that is more testable or |
| 8904 | // make it obvious that you bound the value to some user controlled value. This helps reduce |
| 8905 | // the load when auditing for XSS issues. |
| 8906 | if (trustedContext && parts.length > 1) { |
| 8907 | throw $interpolateMinErr('noconcat', |
| 8908 | "Error while interpolating: {0}\nStrict Contextual Escaping disallows " + |
| 8909 | "interpolations that concatenate multiple expressions when a trusted value is " + |
| 8910 | "required. See http://docs.angularjs.org/api/ng.$sce", text); |
| 8911 | } |
| 8912 | |
| 8913 | if (!mustHaveExpression || hasInterpolation) { |
| 8914 | concat.length = length; |
| 8915 | fn = function(context) { |
| 8916 | try { |
| 8917 | for(var i = 0, ii = length, part; i<ii; i++) { |
| 8918 | if (typeof (part = parts[i]) == 'function') { |
| 8919 | part = part(context); |
| 8920 | if (trustedContext) { |
| 8921 | part = $sce.getTrusted(trustedContext, part); |
| 8922 | } else { |
| 8923 | part = $sce.valueOf(part); |
| 8924 | } |
| 8925 | if (part == null) { // null || undefined |
no test coverage detected