* @ngdoc service * @name $interpolate * @kind function * * @requires $parse * @requires $sce * * @description * * Compiles a string with markup into an interpolation function. This service is used by the * HTML ng.$compile $compile service fo
(text, mustHaveExpression, trustedContext, allOrNothing)
| 10137 | * - `context`: evaluation context for all expressions embedded in the interpolated text |
| 10138 | */ |
| 10139 | function $interpolate(text, mustHaveExpression, trustedContext, allOrNothing) { |
| 10140 | allOrNothing = !!allOrNothing; |
| 10141 | var startIndex, |
| 10142 | endIndex, |
| 10143 | index = 0, |
| 10144 | expressions = [], |
| 10145 | parseFns = [], |
| 10146 | textLength = text.length, |
| 10147 | exp, |
| 10148 | concat = [], |
| 10149 | expressionPositions = []; |
| 10150 | |
| 10151 | while (index < textLength) { |
| 10152 | if (((startIndex = text.indexOf(startSymbol, index)) != -1) && |
| 10153 | ((endIndex = text.indexOf(endSymbol, startIndex + startSymbolLength)) != -1)) { |
| 10154 | if (index !== startIndex) { |
| 10155 | concat.push(unescapeText(text.substring(index, startIndex))); |
| 10156 | } |
| 10157 | exp = text.substring(startIndex + startSymbolLength, endIndex); |
| 10158 | expressions.push(exp); |
| 10159 | parseFns.push($parse(exp, parseStringifyInterceptor)); |
| 10160 | index = endIndex + endSymbolLength; |
| 10161 | expressionPositions.push(concat.length); |
| 10162 | concat.push(''); |
| 10163 | } else { |
| 10164 | // we did not find an interpolation, so we have to add the remainder to the separators array |
| 10165 | if (index !== textLength) { |
| 10166 | concat.push(unescapeText(text.substring(index))); |
| 10167 | } |
| 10168 | break; |
| 10169 | } |
| 10170 | } |
| 10171 | |
| 10172 | // Concatenating expressions makes it hard to reason about whether some combination of |
| 10173 | // concatenated values are unsafe to use and could easily lead to XSS. By requiring that a |
| 10174 | // single expression be used for iframe[src], object[src], etc., we ensure that the value |
| 10175 | // that's used is assigned or constructed by some JS code somewhere that is more testable or |
| 10176 | // make it obvious that you bound the value to some user controlled value. This helps reduce |
| 10177 | // the load when auditing for XSS issues. |
| 10178 | if (trustedContext && concat.length > 1) { |
| 10179 | throw $interpolateMinErr('noconcat', |
| 10180 | "Error while interpolating: {0}\nStrict Contextual Escaping disallows " + |
| 10181 | "interpolations that concatenate multiple expressions when a trusted value is " + |
| 10182 | "required. See http://docs.angularjs.org/api/ng.$sce", text); |
| 10183 | } |
| 10184 | |
| 10185 | if (!mustHaveExpression || expressions.length) { |
| 10186 | var compute = function(values) { |
| 10187 | for (var i = 0, ii = expressions.length; i < ii; i++) { |
| 10188 | if (allOrNothing && isUndefined(values[i])) return; |
| 10189 | concat[expressionPositions[i]] = values[i]; |
| 10190 | } |
| 10191 | return concat.join(''); |
| 10192 | }; |
| 10193 | |
| 10194 | var getValue = function(value) { |
| 10195 | return trustedContext ? |
| 10196 | $sce.getTrusted(trustedContext, value) : |
no test coverage detected