MCPcopy
hub / github.com/angular-ui/ui-router / $interpolate

Function $interpolate

test/angular/1.3/angular.js:10139–10266  ·  view source on GitHub ↗

* @ngdoc service * @name $interpolate * @kind function * * @requires $parse * @requires $sce * * @description * * Compiles a string with markup into an interpolation function. This service is used by the * HTML ng.$compile $compile service fo

(text, mustHaveExpression, trustedContext, allOrNothing)

Source from the content-addressed store, hash-verified

10137 * - `context`: evaluation context for all expressions embedded in the interpolated text
10138 */
10139 function $interpolate(text, mustHaveExpression, trustedContext, allOrNothing) {
10140 allOrNothing = !!allOrNothing;
10141 var startIndex,
10142 endIndex,
10143 index = 0,
10144 expressions = [],
10145 parseFns = [],
10146 textLength = text.length,
10147 exp,
10148 concat = [],
10149 expressionPositions = [];
10150
10151 while (index < textLength) {
10152 if (((startIndex = text.indexOf(startSymbol, index)) != -1) &&
10153 ((endIndex = text.indexOf(endSymbol, startIndex + startSymbolLength)) != -1)) {
10154 if (index !== startIndex) {
10155 concat.push(unescapeText(text.substring(index, startIndex)));
10156 }
10157 exp = text.substring(startIndex + startSymbolLength, endIndex);
10158 expressions.push(exp);
10159 parseFns.push($parse(exp, parseStringifyInterceptor));
10160 index = endIndex + endSymbolLength;
10161 expressionPositions.push(concat.length);
10162 concat.push('');
10163 } else {
10164 // we did not find an interpolation, so we have to add the remainder to the separators array
10165 if (index !== textLength) {
10166 concat.push(unescapeText(text.substring(index)));
10167 }
10168 break;
10169 }
10170 }
10171
10172 // Concatenating expressions makes it hard to reason about whether some combination of
10173 // concatenated values are unsafe to use and could easily lead to XSS. By requiring that a
10174 // single expression be used for iframe[src], object[src], etc., we ensure that the value
10175 // that's used is assigned or constructed by some JS code somewhere that is more testable or
10176 // make it obvious that you bound the value to some user controlled value. This helps reduce
10177 // the load when auditing for XSS issues.
10178 if (trustedContext && concat.length > 1) {
10179 throw $interpolateMinErr('noconcat',
10180 "Error while interpolating: {0}\nStrict Contextual Escaping disallows " +
10181 "interpolations that concatenate multiple expressions when a trusted value is " +
10182 "required. See http://docs.angularjs.org/api/ng.$sce", text);
10183 }
10184
10185 if (!mustHaveExpression || expressions.length) {
10186 var compute = function(values) {
10187 for (var i = 0, ii = expressions.length; i < ii; i++) {
10188 if (allOrNothing && isUndefined(values[i])) return;
10189 concat[expressionPositions[i]] = values[i];
10190 }
10191 return concat.join('');
10192 };
10193
10194 var getValue = function(value) {
10195 return trustedContext ?
10196 $sce.getTrusted(trustedContext, value) :

Callers 5

nodeLinkFnFunction · 0.70
FormControllerFunction · 0.70
angular.jsFile · 0.70

Calls 5

unescapeTextFunction · 0.70
extendFunction · 0.70
computeFunction · 0.70
isFunctionFunction · 0.70
$parseFunction · 0.50

Tested by

no test coverage detected